Archive for the ‘IT Policy’ Category

No Comments

Mobile Workers Security


2010
06.22

Posted in DISASTER, FIREWALL, INFRASTRUCTURE, IT Policy, Management, Network, RECOVERY, Security | No Comments »

The increasing importance of mobile workers in today’s businesses has been acknowledged. The mobile worker population is split into three main segments, home-based mobile workers, office-based mobile workers and non-office-based mobile workers.

Organisations should develop a proactive policy and strategy that embraces new ideas and methods to create a secure mobile workplace. “Secure mobility” is typically defined as the ability to provide employees and customers with secure “anytime, anywhere, any device” access to the corporate network.

One typical security problem that remote users may encounter is the transfer of viruses or other malware via memory cards or sync connections from infected mobile devices to laptops. Then, when infected laptops plug into a corporate network, there is the potential of further infection of internal corporate resources, possibly causing substantial damage to valuable and sensitive information. However, this is not the only security problem affecting mobile devices. The loss of data privacy that can result from a misplaced, stolen, or improperly used phone can also severely compromise corporate information.

Educate employees to use only devices that are provided by company. There are technologies to prevent unauthorised access to the network. For example, Network Admission Control (NAC) enforces policy for remote devices connecting to the corporate network, and Wireless detection devices Install wireless detection technology on your wireless networks to monitor unauthorised wireless users and the deployment of rogue access points.

There are technologies to prevent compromise of the endpoint: Client Security Software’s, Host-based Intrusion Detection/Prevention Software (IDS/IPS), and Anti-Spywares. There are technologies to prevent information loss or data loss or exposure to information: Data Encryption, and Information/Data Leak Prevention (ILP / DLP) software’s. Monitor compliance with your organisation’s mobile policy

Benefits of Mobile workers:-
1. Improved employee productivity.
2. Eliminating traditional work boundaries and creating a more flexible workspace.
3. Improved client interactions.

No Comments

Secure Mobile Devices


2010
06.01

Tags: , , ,
Posted in INFRASTRUCTURE, IT Policy, Management, Network, Security | No Comments »

Mobile devices use increasing day by day in corporate world. Handhelds and high-end smart phones carrying corporate information. The trend is increasing, and the future will be that.

In particular, smart phones are becoming increasingly popular with knowledge workers. Number of companies providing devices to mobile workers and executives for use both inside and outside the offices. Companies are supporting connectivity to devices the individuals buy for their own uses.

Initially companies use mobile devices to use is e-mail access, increasing number of organizations are taking next step, extending access to data in core corporate applications such as ERP, CRM and Banking.

Steps to Secure Mobile Devices:-
1. Educate users on the importance of secure mobile device and ways to avoid the loss of device. Keep device open to access anyone or un attended.
2. Ensure mobile devices are set password.
3. Install mobile management system to enforce data security and policies.
4. Control over data download and access in different network.
5. Encrypt corporate data depends on its sensitivity.
6. Virus protection in mobile devices.
7. Enable lockdown, if the device lost and automatically wipe the data stored in its memory.
8. Log the sensitive information access.
9. Proper register of devices allocated to employees and access.
10. Periodic audit of mobile devices access.

No Comments

Information Security Policy


2010
02.24

Tags: , ,
Posted in IT Policy, Security | No Comments »

Information Security Policy is basically a plan, outlining what the company’s critical assts are, and how they must (and can) be protected. Its main purpose is to provide staff with a brief overview of the “acceptable use” of any of the Information Assets, as well as to explain what is deemed as allowable and what is not, thus engaging them in securing the company’s critical systems.

The documents acts as a “must read” source of information for everyone using in any way systems and resources defined as potential targets. A good and well developed security policy should address some of these following elements:

-How sensitive information must be handled.
-How to properly maintain your ID (s) and password(s), as well as any other accounting data.
-How to respond to a potential security incident, intrusion attempt, etc.
-How to use workstations and Internet connectivity in a secure manner.
-How to properly use the corporate e-mail system.

Basically, the main reason behind the creation of a security policy is to set a company’s information security foundations, to explain to staff how they are responsible for the protection of the information resources, and highlight the importance of having secured communications while doing business online.

Some of the Information Security Policy categories:-

• Physical / Desktop Security / Laptop Security
• Internet Access
• Virus Protection
• Data Centre Access
• Software Installation
• Removable Media
• Encryption
• Backups
• Maintenance
• Incident Handling
• Web Browsing
• E-mail Use
• Instant Messaging Applications
• Downloading
• Intrusion Detection
• Acceptable Use