Welcome to this, the seventh edition of The ISO27000 Newsletter, designed to keep you abreast of updates and developments with respect to the ISO 17799 information security standard.
The information contained in this newsletter is free to our subscribers and provides guidance on practical issues, plus commentary on recent Information Security incidents.
Included in this issue are the following topics:
WORKING FROM HOME
Home working is still on the increase, clearly encouraged by advances in technology and increased use of the internet. However, it is also clear that in many cases good security is a victim of this change.
This is due to a number of factors, and not just that a home base generates a slightly different mentality and attitude to the disciplines of office work.
To counter these risks, we reproduce below a number of security measures which should be taken when working from home or off-site:
- Treat company property and/or data as you would in the office, according to company information security procedures
- Valid licenses must be obtained for any software used at home to avoid a breach of Software Licensing laws
- Ensure that adequate and up to date virus protection software is installed on any computers used at home
- Do not allow a laptop issued for business purposes to be used by family or friends
- Ensure that laptops are kept secure at all times, and protect access with a strong authentication mechanism
- Do not use the same computer for both business and personal use; or, where this is not possible, store company data on a separate disk with secure access and protection
- When connecting remotely to an office network, consider the use of a dial-back facility for added security, and always investigate the reason for failed access (your username may already be in use by an unauthorized person)
- Specifically protect all sensitive business documents stored on laptops or home computers
These are basic, almost policy, measures and should be considered to be the absolute minimum. As such, it is also recommended that a risk assessment is also considered on a case by case basis.