Use of Mobile Device and Teleworking Policy and Clear Screen and Clear Desk Poli
Assign topic to the user
If a Mobile Device & Teleworking Policy and Clear Screen & Clear Desk Policy would not be adequate, would there be another more 'achievable' way how to restrict access?
Answer: First of all, sorry for this confusion.
Use of Mobile Device and Teleworking Policy and Clear Screen and Clear Desk Policy is the proper treatment for situations like that, where you do not have control over some locations from where employees can access information (home, office, etc...), since these policies define secure behavior for teleworkers when they are out of organization premises.
2. I assume the Risk Treatment Table only has to contain the unacceptable risks, right?
Answer: Besides unacceptable risks, the Risk Treatment Table also has to include acceptable risks related to controls you want to make modifications or improvements (e.g., if you want to update a technology related to a control, or setup new parameters).
Comment as guest or Sign in
May 01, 2019