Welcome to the third edition of the ISO17799 newsletter, designed to keep you abreast of news and developments with respect to 17799 and information security.
The information contained in this newsletter is absolutely free to our subscribers and provides guidance on various practical issues, plus commentary on recent Information Security incidents.
Guidance and information included in this months issue:
INTERNET AND EMAIL: SECURITY POLICY STATEMENTS ARE A MUST!
Despite the potential for significantly increased efficiency through the use of e-mail and the internet in the workplace, there is a growing awareness that inappropriate use of these facilities can actually stifle productivity and distract staff from their work.
It is reported that many companies still do not have a code of practice for dealing with external e-mail, and may not be aware that they can be held liable for various infringements resulting from their employee's misuse of this facility, such as sexual and racial harassment, breach of confidence, unwanted contracts, virus transmission and breaches of Data Protection legislation.
A large email services company recently commented that, "E-mail is not really any different from telephone or post, yet people write things in e-mail they would squirm at putting in an envelope. If the company name appears on a letterhead, employees instinctively think twice about what they are writing and often ask for approval. There is nothing to stop companies considering branding their e-mails in the same way to improve internal awareness and external protection."
The following are business related activities which should be considered when establishing a workable set of policy statements for internet and email protection:
- Downloading Files and Information from the Internet
- Sending Electronic Mail (E-mail)
- Receiving Misdirected Information by E-mail
- Forwarding Email
- Developing a Web Site
- Maintaining your Web Site
- Using Internet for Work Purposes Using Internet for Work Purposes
- Using Usenet, Newsgroups and Message Boards
- Giving Information when Ordering Goods on Internet
- Setting up Intranet Access
- 'Out of the Box' Web Browser Issues
- Using Internet 'Search Engines'
- Receiving Electronic Mail (E-mail)
- Retaining or Deleting Electronic Mail
- Setting up Extranet Access
- Setting up Internet Access
- Filtering Inappropriate Material from the Internet
- Using and Receiving Digital Signatures
- Certainty of File Origin
Comprehensive information on establishing information security policies for each of these business areas, in conformity to ISO 17799, can be found in the Information Security Policy Templates available at http://www.information-security-policies.com