SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Template content about spam e-mail
Form the IT Security Policy 3.14: Should a user receive a spam e-mail, he / she must inform [job title].) This may be something to think about for (specific) phishing mails, but is certainly not suitable for spam, here 98% of all email is spam and once in a while one gets through the filters. -
Use of encryption
In the past years, encryption has become a key control for protection of integrity and confidentiality of data. Many organizations use encryption technology such as disk encryption provided by the OS with managed keys. I am surprised to see this statement as not allowed per IT Security Policy:auf einem lokalen Rechner Kryptographie (Verschlüsselung) zu nutzen, außer in den Fällen, die in der Richtlinie zur Klassifizierung von Informationen
(Use cryptography (encryption) on a local machine, except in the cases specified in the Information Classification Policy)
This seems to be an old control to ensure availability. In my view, any organization should make it mandatory to use the corporate encryption solution – and central key management.