Information Technology Reference
In-Depth Information
table 8.3
operations S
ecurity Guidelines
Rule
Description
Enforce security
policies.
The security policies establish rules for organizational
activity and use of information and information
technology. Create awareness of policy, enforce
policy with IA mechanisms, and sanction violators
appropriately.
Be malware aware.
Every electronic file is a potential carrier of malware,
and every network connection a potential pathway
for malware. Check files upon entry to the
organizational information technology environment.
Be generally aware.
Protect confidential information and information
technology. Understand what constitutes suspicious
or anomalous behavior. Learn how to report it within
the organization.
Knowledge work
products are
organizational assets.
Knowledge workers produce organizational assets in
the form of documents. Store these documents on
accessible servers that are part of the backup
process. Do not only store documents on an
individual PC.
A core IA principle is
possession.
Theft of information or an information technology
asset results in loss of the value of the asset, but
more importantly, loss of what that asset does or
contains may be many factors greater than the value
of the asset. Protect IT assets against theft.
Passwords
Do not underestimate the power of using passwords.
Follow standards for strong passwords as befits the
environment. Treat passwords like a toothbrushâdo
not share them and change them every three
months.
Authorized software
only
Do not introduce unauthorized software into the IT
environment. Free downloads may not have a price,
but they have a high potential cost in loss of
productivity (games) and loss of proprietary
information (spyware).
Continued
