Take the ISO 14001 course exam and get the ISO 9001 course exam for free

Tag: "IT Security Policy" - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Template content about spam e-mail

    Form the IT Security Policy 3.14: Should a user receive a spam e-mail, he / she must inform [job title].) This may be something to think about for (specific) phishing mails, but is certainly not suitable for spam, here 98% of all email is spam and once in a while one gets through the filters.

  • Use of encryption

    In the past years, encryption has become a key control for protection of integrity and confidentiality of data. Many organizations use encryption technology such as disk encryption provided by the OS with managed keys. I am surprised to see this statement as not allowed per IT Security Policy:

    auf einem lokalen Rechner Kryptographie (Verschlüsselung) zu nutzen, außer in den Fällen, die in der Richtlinie zur Klassifizierung von Informationen

    (Use cryptography (encryption) on a local machine, except in the cases specified in the Information Classification Policy)

    This seems to be an old control to ensure availability. In my view, any organization should make it mandatory to use the corporate encryption solution – and central key management.