Downloading Files and Information from the Internet

There are significant Information Security risks when you download any files (including graphics files of any format), programs, or scripts, etc from the Internet.

To view the related Policy click      

  • In the process of downloading applications (programs) from the Internet to your PC, you may receive a virus or other malicious code which infects your system. This can have extremely serious consequences.

  • Follow the on screen instructions for downloading. When offered this choice: 'Run this program from its current location' or 'Save this program to disk', always choose: 'Save this program to disk', then do the following :-
  1. Save the file to a temporary folder, and ideally, then move the file to a folder on a system which can then be isolated from your network.
  2. Run an up-to-date virus and malicious code scan on the file.
  3. If the file passes the scan, open / execute it away from the network in a secure area.
  4. Re-file the original file and / or its contents in the desired folder on the required computer.

 

  • For files received by e-mail see 'Receiving e-mail'.
  • It is critical that staff are familiar with, and practice, anti-virus procedures. See Cyber Crime.
  • Be especially careful with 'shareware' / 'freeware' programs from the Internet. They are ideally suited to introducing 'Trojan horses' and other malicious code to your organisation.
  • Downloaded software is likely to require licensing or you run the risk of legal action from the supplier. See Software Licensing.

  • Maintain a Software Inventory and ensure that all necessary licences are purchased.
  • Do not introduce software via the 'back door' of Internet downloads. Software should only be installed via agreed procedures.
  • Information on the Internet may be inaccurate, invalid, or deliberately misleading, and any decisions based upon it must be subject to close scrutiny.

  • Take into account that information received through the Internet is not necessarily reliable.
  • Accept that such information may not only be incorrect, but may have been released in order to cause malicious damage or defraud.
  • Validate the sources of information and pay particular attention to its date; data on the Internet can be a number of years old and yet still claim to be 'new' / the latest etc.
  • Abuse of your organisation's Internet access can overload your network and increase the risk of systems failure due to contention.

  • Your Information Security Policy concerning Using the Internet in an Acceptable Way and Downloading Files and Information from the Internet should be consulted.
  • Implement measures to monitor that such policy is being followed.
  • Where individuals continue to abuse Internet Access, disciplinary procedures may be required.
Previous PageTop of this pageNext Page

Information Security Policies from US$595

 From
 US$595

For further information about the RUsecure interactive security policies, visit Information Security Policy World
Use of the guidance contained within RUSecure™ is subject to the End User Licence Agreement
Sponsor: ISO 17799 Directory
This site created with EasyHTMLHelp(tm) for MS Word

 

Next PageUpPrevious Page