Welcome to the second edition of the ISO17799 newsletter, designed to keep you abreast of news and developments with respect to 17799 and related information security issues. The newsletter comprises a combination of inclusive articles and the identification of useful and topical sources on the web.
This edition covers:
DOWNLOADING INFORMATION FROM THE INTERNET
There is a wealth of information available today on the Internet, and the powerful search engines at our disposal enable us to access numerous web sites extremely quickly. The fact that this information is so readily available in the familiar environment of home or office often lulls us into a false sense of security when it comes to downloading files or data. Before doing so, we should consider the risks involved, such as a potentially destructive virus or other malicious code infecting our system, or the risk of system overload and subsequent failure.
The following guidelines are recommended when downloading information from the Internet:
- Ensure that you are in compliance with your company's Information Security Policy before downloading any information
- Be aware of the risk of overloading your computer system and its subsequent failure by downloading too many large files... this is easier to do than is sometimes realised.
- Always choose the option to "Save this program to disk", saving it to a temporary folder away from your main network; then run an up-to-date virus and malicious code scan; if clean, re-file in the desired location on your system.
- Do not introduce software via the "back door" of the Internet. Only acquire and install software according to an agreed company procedure.
- Be particularly careful with shareware or freeware programs - these are particularly suited to introducing "Trojan horses" and other malicious code to your computer system.
- Be aware that information on the Internet may not be reliable, and may have even been released with intent to cause damage or to defraud; try to validate the source of any information you wish to use, and check its date - information on the Internet can be several years old and still claim to be "new".