Expert Advice Community

Guest

Question about IT Security Policy

  Quote
Guest
Guest user Created:   Jun 01, 2021 Last commented:   Jun 19, 2021

Question about IT Security Policy

1. A small query, the "A.8.2_Politica_de_seguridad_de_TI_Premium_ES" mentions as prohibited activity the one that I highlight in red below, however, it is not entirely clear to me what it refers to, please clarify?

https://i.imgur.com/ULY6r68.png

2. In relation to the same document and even the same section, I would also like to understand the reason why the use of cryptographic tools is prohibited, which has been the point before the one I asked you first in this same mail thread.

Greetings and thanks in advance, I look forward to both feedbacks.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 01, 2021

1. A small query, the "A.8.2_Politica_de_seguridad_de_TI_Premium_ES" mentions as prohibited activity the one that I highlight in red below, however, it is not entirely clear to me what it refers to, please clarify?

The original text from the English version is “to download program code from external media”, which means employees cannot use media not controlled by the organization, such as personal pen drives or third-party CDs/DVDs, to install any kind of software. This is so to avoid introduction in an organization’s environment of malware, or software that can violate intellectual property rights.

2. In relation to the same document and even the same section, I would also like to understand the reason why the use of cryptographic tools is prohibited, which has been the point before the one I asked you first in this same mail thread.

Greetings and thanks in advance, I look forward to both feedbacks.

Please note that this point refers to not use cryptographic solutions in situations not defined in the Information Classification Policy. This is so because the use of cryptographic solutions in not defined situations poses a risk that information can be unavailable when needed (e.g., if an employee encrypts their computer in a non-defined situation and go on vacation, loses the encryption key, or leaves the organization, and the IT team does know about this encrypted computer, the information in the local computer cannot be accessed).  

For further information, see:

Quote
0 0
Guest
Marco Castro Jun 19, 2021

Thank you very much for the clarification Rhand, after turning the points so much I realized that they are problems in the Spanish translation.

In my case and as a contribution to you, I finally translated them as follows:

Utilizar herramientas criptográficas (encriptado) sobre ordenadores locales sin la correspondiente autorización de Tecnologías de Información (TI).


Descargar e instalar programas, aplicaciones y/o software desde dispositivos de almacenamiento externos personales o no suministrados por Tecnologías de Información (TI).

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 01, 2021

Jun 18, 2021

Suggested Topics

Rena Created:   Sep 15, 2021 ISO 27001 & 22301
Replies: 1
0 0

Conformio ISO Documentation

Guest user Created:   Jun 29, 2021 ISO 27001 & 22301
Replies: 1
0 0

Question about A.7.1.2

Guest user Created:   Mar 20, 2021 ISO 27001 & 22301
Replies: 3
0 0

Question for ISMS ISO 27001