Transferring and Exchanging Data

The way in which your data is distributed across networks (both public and private) and by other means e.g. the exchange of tapes, disks, diskettes and optical disks (e.g. CD-ROMs).

To view the related Policy click      

  • Incorrect data released to outside parties can lead to a loss of confidence in the organisation and / or its services.

  • Develop procedures to ensure that only the appropriate information is made available, or sent to, external parties and clients.
  • Verify the integrity of appropriate categories of data prior to transmission; for instance, data classified as 'Highly Confidential' or 'Proprietary' may require specific authorisation.
  • Any illegal amendment of / tampering with your data whilst in transit suggests a weakness that is being exploited by techno-criminals / hackers.

  • Your networks must prevent unauthorised and illegal access to its computer resources.
  • Ensure that the opportunities for physical intrusion are reduced as far as is practical.
  • Consider the encryption of sensitive data to thwart a possible attempt at sniffing the data packets as they pass between different nodes on the network.
  • Always discourage opportunistic access attempts by password protecting files prior to transmission. If the recipient does not have the password, (which could be agreed in advance) advise them of it by alternative means.
  • Where security measures have not been adequately deployed, sensitive information may be accessed by unauthorised persons.

  • Confidential data may be distributed to inappropriate / unauthorised persons.

  • Based upon the sensitivity of the information, you must define what information may be distributed and to whom. See Classifying Information and Data.
  • Wherever possible, your applications software and the operating system's controls should support and enforce the controls required.
  • For highly sensitive data, you may consider the use of encryption, thus safeguarding the contents of data files from all except those with the authorised (digital) keys. See Using Encryption Techniques.
  • The recipient of your data may have adopted Information Security standards which are incompatible with yours. This constitutes a weak link in your security which could be exploited.

  • Where information is to be transmitted to another organisation it is essential that their Information Security safeguards are at least complementary to yours.
  • It is prudent to agree and sign a mutual Non Disclosure Agreement to demonstrate to third parties your organisation's commitment to Information Security.
  • To preserve the integrity of the original information, ensure that any copies which are subsequently transmitted, are prefaced with storage, distribution, duplication and retention instructions.
  • The inappropriate and possibly illegal release of information may result in legal action and prosecution.

  • Comply with the relevant legislation by ensuring that your staff are not only aware of their responsibilities, but that adequate procedures and possibly technical controls are in place to enforce it. See Being Aware of Legal Obligations.
Previous PageTop of this pageNext Page


Information Security Policies from US$595

 From
 US$595

Use of the guidance contained within RUSecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word

 

Next PageUpPrevious Page