Controlling
Network Security Information

network security information business slide

Controlling network security information includes

  • applying prudent business practices similar to earlier manual systems (prior to IT)
  • careful definition of individual responsibilities
  • separation of controls
  • maintenance of audit trails
  • protection of vital records
  • access to information limited, based on "need-to-know"

The actual recipe consists of just (2) fundamental ingredients: IT Policy and Information Security Awareness.

TrainingKeeper Software. Keep, organize and plan all your employees' training and activities. Software includes multi-user support with reports, certs, and calendars.

TrainingKeeper Software

IT Policy and Network Security Information

Let's take a look at the first ingredient... IT Policy. We base IT Policy on the three sides of a triangle where the three triangle legs consist of: Information Security, Business Continuity, and IT Compliance. Each one of these legs / sides can be broken down / defined as follows:

The Information Security leg consists of confidentiality and integrity. Confidentiality ensures that company / customer information is not disclosed to anyone not authorized to access it. Linked to this concept is the idea of need-to-know, authorizing access only to those who can demonstrate a legitimate business need for the information. Integrity ensures that information cannot be accidentally or intentionally modified or destroyed.

The Business Continuity leg consists of mitigation, crisis management, and contingency management.

  1. Mitigation deals with reducing or eliminating risks.
  2. Crisis management deals with the planning and training of people for the survival of the business team and the business entity following a disaster.
  3. Contingency management deals with planning for the recovery and continuation of critical internal and customer business functions following a service interruption, and the testing of business recovery plans.

Finally, the IT Compliance leg consists of practices that do not fall within the scope of the other two legs. This Includes adherence to the laws and ethics that govern us, i.e., copyright infringement, software licensing, export compliance, etc.

Auditors look for these controls, laws, and / or ethics principles. IT Compliance means passing a stringent audit because the business controls and protects network security information and does not violate any laws.

A published high-level IT Policy must touch on each of these major components in order for the security policy of the IT environment to be all encompassing. Following the high-level definition you need statements that specifically address in detail, the requirements (how the organization accomplishes the high-level definition).

Finally, to make it all happen, you need to implement controls, standards, procedures, and mechanisms to support the policy.

Employee Handbook Kit includes two Employee Handbook templates for Professional & Manufacturing. Includes over 60 policies and benefits templates.

Employee Handbook Policies & Benefits

Information Security Awareness

The second ingredient of controlling network security information, means implement Information Security Awareness.

As a primary corporate obligation, companies must protect corporate information, and customer information.

Every employee must understand the corporation's concern with network security information. It is management's responsibility to ensure that all personnel are made aware of pertinent practices, and the requirement to understand and heed them.

Both federal and state regulations exist, which relate to control of, and authorized access to, information and computer resources:

  • The Foreign Corrupt Practices Act (FCPA) of 1977 made most corporate managers and directors personally liable for assuring that "transactions are properly authorized, transactions are properly recorded, and access to assets is properly controlled". The Act also requires management to provide shareholders with reasonable assurances that accurate books and records are properly maintained, and that the business is adequately controlled.
  • The Copyright Act of 1976 reaffirmed that computer programs and software are protected under the Federal Copyright Law. One must read and understand licensing agreements before attempting to make copies of programs or documentation.
  • All of the United States have enacted Computer Crime Laws which establish specific penalties for unauthorized persons attempting to access a computer system, or assisting someone in gaining unauthorized access to a computer system.
Widget is loading comments...

More Info

  • Learn the steps to conduct software installation and upgrade process within your business to prevent mishap.

    Software Installation and Upgrade Process

    Learn the steps to conduct software installation and upgrade process within your business to prevent mishap.

  • Learn how to protect against phishing. This article identifies the most common phishing attacks and the steps your company can take to eliminate them.

    How To Protect Against Phishing

    Learn how to protect against phishing. This article identifies the most common phishing attacks and the steps your company can take to eliminate them.

  • This article discusses how to prevent computer virus download. It covers methods of virus attacks, how to prevent company damage, and much more.

    Prevent Computer Virus Download

    This article discusses how to prevent computer virus download. It covers methods of virus attacks, how to prevent company damage, and much more.

  • Review this building security checklist for a list of do's and don'ts. Use this article to teach your employees about building security and social engineering threats.

    Building Security Checklist

    Review this building security checklist for a list of do's and don'ts. Use this article to teach your employees about building security and social engineering threats.

  • The future of computer security is biometric verification

    Biometric Verification

    The future of computer security is biometric verification

  • Learn how to backup computer data for company PCs. This article lists questions your company should ask when setting up a backup system.

    Backup Computer Data

    Learn how to backup computer data for company PCs. This article lists questions your company should ask when setting up a backup system.

  • This article provides the key elements to include in an IT audit program. It considers current situation assesment, high level needs, organizational needs, PC user issues, manager responsibility, contigency, crisis, risk and a host of other issues.

    IT Audit Program

    This article provides the key elements to include in an IT audit program. It considers current situation assesment, high level needs, organizational needs, PC user issues, manager responsibility, contigency, crisis, risk and a host of other issues.

  • This article discusses business methods to prevent scary emails such as legal liability issues and describes other risks for allowing them.

    Prevent Scary Emails

    This article discusses business methods to prevent scary emails such as legal liability issues and describes other risks for allowing them.

  • Data protection tips for your company. This article covers important issues for business data protection and data recovery

    Data Protection Tips

    Data protection tips for your company. This article covers important issues for business data protection and data recovery

  • This article covers a detailed corporate email policy. You can also freely download this policy.

    Corporate Email Policy

    This article covers a detailed corporate email policy. You can also freely download this policy.

  • This corporate internet policy covers criteria, personal use, violations, best practices and more. Download it for free and use it for your business!

    Corporate Internet Policy

    This corporate internet policy covers criteria, personal use, violations, best practices and more. Download it for free and use it for your business!

  • Company Strike Preparation guidelines minimize company risks and downtime during a company strike.

    Strike Preparation Guidelines

    Company Strike Preparation guidelines minimize company risks and downtime during a company strike.

  • Review this IT audit tool and guide. We cover scope, physical, access control, data and applications security issues. Learn what to look for and questions to ask during the audit. We also cover what to do prior and during an IT audit.

    IT Audit Tool and Guide

    Review this IT audit tool and guide. We cover scope, physical, access control, data and applications security issues. Learn what to look for and questions to ask during the audit. We also cover what to do prior and during an IT audit.

  • This article on information security notes and policy covers many key items your business needs to consider when setting up an information security system.

    Information Security Notes and Policy

    This article on information security notes and policy covers many key items your business needs to consider when setting up an information security system.

  • This article provides guidelines for creating a computer protection security policy at your workplace. It covers general principles, passwords, copyrights, licensing, protection, prevention, and security

    Computer Protection Security Guidelines

    This article provides guidelines for creating a computer protection security policy at your workplace. It covers general principles, passwords, copyrights, licensing, protection, prevention, and security


Quality Assurance Solutions
Robert Broughton
(805) 419-3344
USA
email
Enjoy this page? Please pay it forward. Here's how...

Would you prefer to share this page with others by linking to it?

  1. Click on the HTML link code below.
  2. Copy and paste it, adding a note of your own, into your blog, a Web page, forums, a blog comment, your Facebook account, or anywhere that someone would find this page valuable.

All Products

Software, Videos, Manuals, On-Line Certifications

PDCA Complete

An Organizational Task Management System. Projects, Meetings, Audits & more

8D Manager

Corrective Action Software

TrainingKeeper Software

Plan and Track Training

Snap Sampling Plans!

AQL Inspection Software

QAS Business Slide Deck

450+ Editable Slides with support links

TRIZ Kit

Learn and Train TRIZ

ISO 9001:2015 QA Manual

Editable Template

ISO 9001:2015 QMS Kit

Templates, Guides, QA Manual, Audit Checklists

ISO 14001:2015 EMS Kit

EMS Manual, Procedures, Forms, Examples, Audits, Videos

On-Line Accredited Certifications

Six Sigma, Risk Management, SCRUM

All Products

Software, Videos, Manuals, On-Line Certifications