Free Essay

Security Standards Are Security Rules Applicable to the Defined Area Related to the Subject

In: Other Topics

Submitted By jrkatt
Words 301
Pages 2
Security standards are security rules applicable to the defined area related to the subject. All departments in our offices are responsible for information security. This report is only for the internal use side of our network. For routine operational information that is not widely available to the public, requires no special measures to protect. This could be things such as correspondences, internal phone directories, or inter-office memoranda. All internal documents should have the bottom of the page labeled “Internal Use Only” regardless of whether printed, stored, or transmitted. Transmissions by spoken word such as answering machines, voicemail, phones, cellular devices, and conversations. Should have reasonable precautions taken to ensure there is no inadvertent disclosure of information. Transmissions by fax, are located in areas no accessible to general public. Transmissions to printers are also kept in locations not accessible to general public and user need reasonable care in printer location selection. Internal transmissions like emails do not need any special handling but again users need to take care with what they are sending to who. Displays and any other media is to be removed or stored out of the sight of non-employees as well all screens faced to where the public cannot see them. Destructed of paper is to be shredded and any media containing hardware incinerated. Workstations and servers are to be password protected and screen saves set to low time limits, and must be located in secured areas with limited access based on job functions. Access control is generally available to all staff on a need-to-know basis with a balanced single point of failure and password access control guidance. Backups should be kept in a secured location and tested regularly to ensure reliability. All users are responsible for their own level of knowledge and security.

Similar Documents

Free Essay

Time

...Health Insurance Portability and Accountability Act Compliance Guide US Department of Health and Human Services Information Security Program Health Insurance Portability and Accountability Act (HIPAA) Compliance Guide September 14, 2005 Page i Health Insurance Portability and Accountability Act Compliance Guide US Department of Health and Human Services Table of Contents Table of Contents .......................................................................................... i Preface.........................................................................................................iii Document Change History ............................................................................iv 1. Introduction ....................................................................................... 1 1.1 1.2 1.3 1.4 2. 2.1 Purpose ........................................................................................... 1 Background...................................................................................... 1 Scope.............................................................................................. 2 Document Organization ..................................................................... 4 HIPAA Administrative Simplification Requirements ........................... 5 General Overview ............................................................................. 5 2.1.1 HIPAA Administrative Simplification Goals and Objectives ............. 5...

Words: 12363 - Pages: 50

Premium Essay

What the Heck

...2015 International Compendium of Data Privacy Laws COUNTRY BY REGION Australia Australia................................................................................................................................. 6 Central Asia China (People’s Republic) .................................................................................................. 37 Hong Kong........................................................................................................................... 78 India..................................................................................................................................... 88 Japan................................................................................................................................. 106 South Korea....................................................................................................................... 149 Taiwan ............................................................................................................................... 157 Central America Bahamas ............................................................................................................................. 16 Costa Rica ........................................................................................................................... 43 Trinidad and Tobago.......................................................................................................... 160 Europe Austria .............

Words: 64291 - Pages: 258

Premium Essay

Networking Agreement

...________________________ , a financial institution (“FI”) and Securities America, Inc. (“SAI”) and Securities America Advisors, Inc. (“SAA”) (collectively SAI and SAA shall be referred to as “Securities America”). FI and Securities America shall be collectively referred to as the “Parties”. WHEREAS, FI (which term shall include FI’s affiliates) is engaged in the business of commercial and consumer deposit taking and the provision of related financial services to their customers; WHEREAS, FI is interested in providing its customers and the public with access to securities brokerage services, insurance products and advisory services to be provided by a third party (the “Financial Services”); WHEREAS, SAI is a registered broker/dealer and insurance agency engaged in the business of offering, distributing and trading securities (“Brokerage Services”) and insurance products (“Insurance Services”) and SAA is a federally registered investment advisor in the business of providing advisory services (“Advisory Services”) through registered principals and representatives who are engaged by Securities America as independent contractors (a “Securities America Registered Representative” or, collectively, the “Securities America Representatives”); WHEREAS, FI is interested in having Securities America operate one or more Branch Offices under a Registered Representative’s supervision on FI premises; and WHEREAS, Securities America is willing to allow one or more Registered...

Words: 6739 - Pages: 27

Premium Essay

Elves Make the Best Sweater Makers

...IX of the Dodd-Frank Act PUBLIC LAW 107–204—JULY 30, 2002 116 STAT. 745 Public Law 107–204 107th Congress An Act To protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes. July 30, 2002 [H.R. 3763] Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, Sarbanes-Oxley SECTION 1. SHORT TITLE; TABLE OF CONTENTS. (a) SHORT TITLE.—This Act may be cited as the ‘‘SarbanesOxley Act of 2002’’. (b) TABLE OF CONTENTS.—The table of contents for this Act is as follows: Sec. 1. Short title; table of contents. Sec. 2. Definitions. Sec. 3. Commission rules and enforcement. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. TITLE I—PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD 101. Establishment; administrative provisions. 102. Registration with the Board. 103. Auditing, quality control, and independence standards and rules. 104. Inspections of registered public accounting firms. 105. Investigations and disciplinary proceedings. 106. Foreign public accounting firms. 107. Commission oversight of the Board. 108. Accounting standards. 109. Funding. 201. 202. 203. 204. 205. 206. 207. 208. 209. 301. 302. 303. 304. 305. 306. 307. 308. TITLE II—AUDITOR INDEPENDENCE Services outside the scope of practice of auditors. Preapproval requirements. Audit partner rotation...

Words: 32556 - Pages: 131

Premium Essay

Assay

...PUBLIC LAW 107–204—JULY 30, 2002 116 STAT. 745 Public Law 107–204 107th Congress An Act To protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes. July 30, 2002 [H.R. 3763] Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, Sarbanes-Oxley SECTION 1. SHORT TITLE; TABLE OF CONTENTS. (a) SHORT TITLE.—This Act may be cited as the ‘‘SarbanesOxley Act of 2002’’. (b) TABLE OF CONTENTS.—The table of contents for this Act is as follows: Sec. 1. Short title; table of contents. Sec. 2. Definitions. Sec. 3. Commission rules and enforcement. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. Sec. TITLE I—PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD 101. Establishment; administrative provisions. 102. Registration with the Board. 103. Auditing, quality control, and independence standards and rules. 104. Inspections of registered public accounting firms. 105. Investigations and disciplinary proceedings. 106. Foreign public accounting firms. 107. Commission oversight of the Board. 108. Accounting standards. 109. Funding. 201. 202. 203. 204. 205. 206. 207. 208. 209. 301. 302. 303. 304. 305. 306. 307. 308. TITLE II—AUDITOR INDEPENDENCE Services outside the scope of practice of auditors. Preapproval requirements. Audit partner rotation. Auditor reports to audit committees...

Words: 32510 - Pages: 131

Premium Essay

Tech

...5-6 Procedure………………………………………………….6 Policy……………….………………………………….….6-9 Policy 1: Information Systems Policy..…..10-13 Policy 2: Security of Laptop…………………..14-16 Policy 3: Clean Desk policy…….……………..17-18 Policy 4: Workstation Policy………………………19 Policy 6: Email Policy………………………..….20-21 Policy 7: Personnel policy………………….…22-23 Policy 9: Data Breach Policy………………...24-27 Policy 10: Software policy………………………29-31 Policy 11: Data and information classification……32 Policy 12: Internal Treats…………………………………….33 Policy 13: Policies and Procedures for Electronic Protected Health Information (ePHI) and Personally Identifiable Information (PII)...34-35 Policy 14: Wireless LAN Security Policy……………………..36 IS security Awareness policy…………………………………..37-38 Conclusion……………………………………………………………………39 References……………………………………………………………………40 Overview: DSA contractors has been awarded a contract with the Department of Defense. Our next task is to revamp the companies’ policy to ensure compliance with DOD policy. All employees have to be retrained on new policy to ensure that DSA medicate violations. The attitudes and atmosphere of change will also be needed to ensure compliance with DOD standards. Training sessions is scheduled for all employees and a policy handbook will be given to the each employee as references at the end of training. The security officer and his staff or human resources can be contacted for further clarification on any policy. Purpose: There are many policies...

Words: 9781 - Pages: 40

Free Essay

Scope of Service

...[pic] STATE GOVERNMENT DEPARTMENT OF FINANCE AND ADMINISTRATION REQUEST FOR PROPOSALS FOR INFORMATION SECURITY ASSESSMENT SERVICES (ISAS) RFP NUMBER: 427.04-107-08 |CONTENTS | |SECTION | | |1 |INTRODUCTION……………………………………………………………………………….3 | |2 |RFP SCHEDULE OF EVENTS………………………………………………………………..................................6 | |3 |PROPOSAL REQUIREMENTS………………………………………………………………7 | |4 |GENERAL REQUIREMENTS & CONTRACTING INFORMATION………………….…..9 | |5 |PROPOSAL EVALUATION & CONTRACT AWARD…………………………………....13 | | | |RFP ATTACHMENTS: | | ...

Words: 40549 - Pages: 163

Premium Essay

Corporate

...34 | Revival and rehabilitation of sick companies 36 | Corporate social responsibility 38 | Implications on private companies 40 | Other areas 44 | Sections notified till date and circulars or orders issued Foreword The long-awaited Companies Bill 2013 got its assent in the Lok Sabha on 18 December 2012 and in the Rajya Sabha on 8 August 2013. After having obtained the assent of the President of India on 29 August 2013, it has now become the much awaited Companies Act, 2013 (2013 Act). An attempt has been made to reduce the content of the substantive portion of the related law in the Companies Act, 2013 as compared to the Companies Act, 1956 (1956 Act). In the process, much of the aforesaid content has been left, ‘to be prescribed’, in the Rules (340+) which are yet to be finalised and notified. As of the date of this publication, 99 sections have been notified and a few circulars have been issued clarifying the applicability of these. We are pleased to bring you our new publication, Companies Act, 2013: Key highlights and analysis. This publication brings out the significant changes proposed by the 2013 Act as compared to the 1956 Act and our initial analysis thereon. It is pertinent to note that for the complete understanding of the implications of various sections of the 2013 Act, the related Rules will need to be read with. These Rules have been opened for public comments and consultation in tranches and are expected to be notified thereafter by the end of this fiscal year...

Words: 22714 - Pages: 91

Premium Essay

Department of Defense (Dod) Ready

...Department of Defense (DoD) Ready The task is establish security policies for my firm of approximately 390 employees and make them Department of Defense (DoD) compliant. To achieve this goal, a list of compliance laws must be compiled to make sure we me the standard. I will outline the controls placed on the computing devices that are being utilized by company employees. I will develop a plan for implementation of the new security policy. The task of creating a security policy to make my firm DoD complaint starts with knowing what laws to become complaint with. There an array of laws to adhere to, but I have listed the majors laws that the firm must comply with. The following is a list of laws that the firm must become complaint with Defense Federal Acquisition Regulation Supplement (DFARS). The DFARS contains requirements of law, DoD-wide policies, delegations of FAR authorities, deviations from FAR requirements, and policies/procedures that have a significant effect on the public (DPAP, 2014). The following is a list of standards for handling unclassified DoD information retrieved from Hogan Lovells website (2016). • prohibiting the posting of any DOD information on websites unless they are restricted to users that provide user ID/password, digital certificate, or similar credentials • using the “best level of security and privacy available” for transmissions of any DOD information transmitted via email, text messaging, and similar technologies; • transmitting...

Words: 2282 - Pages: 10

Premium Essay

Essays

...November 13, 2009 Part III Environmental Protection Agency 40 CFR Part 112 Oil Pollution Prevention; Spill Prevention, Control, and Countermeasure (SPCC) Rule—Amendments; Final Rule wreier-aviles on DSKGBLS3C1PROD with RULES3 VerDate Nov2008 14:49 Nov 12, 2009 Jkt 220001 PO 00000 Frm 00001 Fmt 4717 Sfmt 4717 E:\FR\FM\13NOR3.SGM 13NOR3 58784 Federal Register / Vol. 74, No. 218 / Friday, November 13, 2009 / Rules and Regulations copy. Publicly available docket materials are available either electronically at http:// www.regulations.gov or in hard copy at the EPA Docket, EPA/DC, EPA West, Room 3334, 1301 Constitution Ave., NW., Washington, DC. The Public Reading Room is open from 8:30 a.m. to 4:30 p.m., Monday through Friday, excluding legal holidays. The telephone number of the Public Reading Room is 202–566–1744, and the telephone number to make an appointment to view the docket is 202–566–0276. FOR FURTHER INFORMATION CONTACT: For general information, contact the Superfund, TRI, EPCRA, RMP, and Oil Information Center at 800–424–9346 or TDD at 800–553–7672 (hearing impaired). In the Washington, DC metropolitan area, contact the Superfund, TRI, EPCRA, RMP, and Oil Information Center at 703–412–9810 or TDD 703–412–3323. For more detailed information on specific aspects of this final rule, contact either Vanessa E. Principe at 202–564–7913 (principe.vanessa@epa.gov), or Mark W. Howard at 202–564–1964 (howard.markw@epa.gov), U.S. Environmental...

Words: 32117 - Pages: 129

Premium Essay

Letter

...EXECUTIVE COMPENSATION DISCLOSURE HANDBOOK: A Practical Guide to the SEC’s Executive Compensation Disclosure Rules Perkins Coie LLP Danielle Benderly Susan Daley Iveth Durbin Sue Morgan Kelly Reinholdtsen Executive Compensation Disclosure Handbook: A Practical Guide to the SEC’s Executive Compensation Disclosure Rules REVISED MAY 2010 Danielle Benderly Susan Daley Iveth Durbin Sue Morgan Kelly Reinholdtsen RR DONNELLEY Copyright RR Donnelley, 2010 (No claim to original U.S. Government works) All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the authors and publisher. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering legal, accounting or other professional service. If legal advice or other expert assistance is required, the services of a professional should be sought. Printed in the United States of America. RR DONNELLEY About RR Donnelley Financial Services Group As the world’s largest provider of integrated communications, RR Donnelley successfully leverages our global platform, industry leading service organization and enduring financial stability to help our clients achieve their goals. With over 145 years of...

Words: 158516 - Pages: 635

Premium Essay

Integrated Distributors Incorporated (Idi), a Publically Traded Company, Has Its Home Office Located in Billings, Montana. Idi Has More Than 4000 Employees in the Following Locations:

...[pic] Incident Response Plan Template for Breach of Personal Information Notice to Readers Acknowledgments Introduction Incident Response Plan Incident Response Team Incident Response Team Members Incident Response Team Roles and Responsibilities Incident Response Team Notification Types of Incidents Breach of Personal Information – Overview Definitions of a Security Breach Requirements Data Owner Responsibilities Location Manager Responsibilities When Notification Is Required Incident Response – Breach of Personal Information Information Technology Operations Center Chief Information Security Officer Customer Database Owners Online Sales Department Credit Payment Systems Legal Human Resources Network Architecture Public Relations Location Manager Appendix A MasterCard Specific Steps Visa U.S.A. Specific Steps Discover Card Specific Steps American Express Specific Steps Appendix B California Civil Code 1798.82 (Senate Bill 1386) Health Insurance Portability and Accountability Act of 1996 (HIPAA) Gramm-Leach-Bliley Act (GLBA) Appendix C Escalation Members (VP Level of Management) Auxiliary Members (as needed) External Contacts (as needed) Notification Order Escalation Member Notification List Notice to Readers Incident Response Plan – Template for Breach of Personal Information does not represent an official position of the American Institute...

Words: 8476 - Pages: 34

Free Essay

Bala

...ž¸¸£·¸ú¡¸ ¹£{¸¨¸Ä ¤¸ÿˆÅ ____________RESERVE BANK OF INDIA________________ www.rbi.org.in RBI/2013-14/70 DBOD.No.BP.BC.2 /21.06.201/2013-14 July 1, 2013 All Scheduled Commercial Banks (Excluding Local Area Banks and Regional Rural Banks) Madam / Sir, Master Circular – Basel III Capital Regulations Please refer to the Master Circular No.DBOD.BP.BC.16/21.06.001/2012-13 dated July 2, 2012, consolidating therein the prudential guidelines issued to banks till that date on Capital Adequacy and Market Discipline - New Capital Adequacy Framework (NCAF). 2. As you are aware, Basel III Capital Regulations is being implemented in India with effect from April 1, 2013 in a phased manner. Accordingly, instructions contained in the aforesaid Master Circular have been suitably updated / amended by incorporating relevant guidelines, issued up to June 30, 2013 and is being issued as Master Circular on ‘Basel III Capital Regulations’. 3. The Basel II guidelines as contained in the Master Circular DBOD.No.BP.BC.9/21.06.001/2013-14 dated July 1, 2013 on ‘Prudential Guidelines on Capital Adequacy and Market Discipline- New Capital Adequacy Framework (NCAF)’ may, however, be referred to during the Basel III transition period for regulatory adjustments / deductions up to March 31, 2017. Yours faithfully, (Chandan Sinha) Principal Chief General Manager Encl.: As above Department of Banking Operations and Development, Central Office, 12th Floor, Central Office Building, SBS Marg...

Words: 72826 - Pages: 292

Free Essay

Code of Conduct Comparison

...Topic |   | Item |   | | GlaxoSmithkline Consumer Healthcare Ltd. | | Conduct on Behalf of the firms | 1 | Relations with Home Govt | It is the Company’s policy to comply fully with all applicable laws and regulations governing contact and dealings with government employees and public officials, and to adhere to high ethical, moral and legal standards of business conduct. This policy includes strict compliance with all local, state, federal, foreign and other applicable laws, rules and regulations. If you have any questions concerning government relations, contact the Company’s Legal Department at Complianceandethics@infosys.com. | GSK employees must ensure that dealings with Government Officials are carried out according to the highest standards of integrity required for all GSK business and in compliance with all relevant laws and regulations. | How should the top management behave with respect to ….. | 2 | Relations with Customers | Customer Relationships If your job requires interfacing or contacting any Company customers or potential customers, it is critical to remember that you represent the Company to the people with whom you are dealing. Act in a manner that creates value for our customers and help build a relationship based upon trust. The Company and its employees have provided services for many years and have built up significant goodwill over the years. This goodwill is one of our most important assets, and you must act to preserve and enhance our...

Words: 12565 - Pages: 51

Free Essay

E Procurment

...STQC Directorate   Department of Information Technology,  Ministry of Communications & Information Technology,  Electronics Niketan, 6 CGO Complex, Lodhi Road,  New Delhi – 110003          Dt: 31.08.2011   CONTENTS    1.0   2.0   3.0   4.0   5.0 Specific requirements of eProcurement System  Requirements of Conformity  Operating Models of eProcurement System  Introduction  Testing framework for Quality and Security Characteristics    6.0     Evaluation & Certification process    Annexures    Annexure‐I        :  Risks of eProcurement Systems and related ISO 27001 controls  Annexure‐II         : Checklist for eSecurity Compliance (including CVC Guidelines)  Annexure‐III          : Checklist for compliance to GOI procurement procedures (GFR)  Annexure‐IV          : Checklist for legal compliance (IT Act – Amendment 2008)  Annexure‐V        :  Definitions and Reference Documents    Reference documents:    1. eTendering Process  2. eTendering Glossary  3. eProcurement Integrity Matrix   4. OWASP (Open Web Application Security Project) Top10 Application Security Risks‐ 2010  5. Business requirements specification‐ cross industry  e‐Tendering process (Source  CWA 15666)    Forms & Templates:  Template I                : Template for defining Usability Requirements Specifications of     the Software product  Template II               : Template for Performance Specification  Form I                        : Application form for applying for Testing to STQC    2   1.0  ...

Words: 32035 - Pages: 129