Mobile Computing and Teleworking
Policies for use of mobile computing devices and work in off-site settings (“tele-work”) for asp.net software company in india should aim for information security commensurate with that for work in on-site settings and for non-mobile devices, where operationally and technically feasible.Mobile computing and tele-working controls
Controls should be implemented that are in proportion with settings of mobile/tele-working use, the types of users and sensitivity of the data and applications being accessed from mobile/tele-working settings.Applicability
Controls on mobile computing and tele-working should extend to any non-traditional or extra-institutional work setting where the information of the organization is accessed. Controls on following could be included:• "Smart" phone-PDAs and mobile phones
• Desktop computers used off-premises
• Media and portable storage devices
• Any other type of component capable of displaying, using, transmitting and storing the information of the organization.
• Notebook, palmtop computers and laptop
Portable devices and media controls
Appropriate security measures should be required for mobile computing and communications activities for asp.net software companies india. Following Guidelines and/or requirements could be included:• Regular data backups for stored sensitive data
• Physical security measures
• Prohibition or minimization of data storage on devices in off-premises locations or mobile devices, particularly sensitive data
• Secure communication methods for transmitted data such as Virtual Private Network
• Updates for operating system and other software updating
• Independent validation of appropriate device configuration
• Access control and appropriate user authentication (biometric-based)
• Cryptographic methods for sensitive data
• Protective software such as anti-virus and others
Controls against malicious mobile code
Proper controls should be implemented for response, detection and prevention to mobile versions of malicious code also including appropriate user awareness.Tele-working controls
Appropriate security measures should be required for "tele-working" activities. Following could be included:• Policies regarding organizational property used at the site (e.g., organization’s software and hardware)
• Environmental and physical security measures
• Policies concerning safety of private property used at the site
• Appropriate user access control and authentication, given reasonably anticipated threats from other users at the site
• Security measures for wireless and wired network configurations at the site
• Specification of financial responsibility for equipment replacement or repair and Insurance coverage.
• Cryptographic techniques for communications from/to the site and data storage
• Data backup at regular intervals and security measures for those backup copies
• Intellectual property policies created or used at the site which includes software licensing
References:
3. Teleworking and Mobile Working Procedures--www.derbyshire.gov.uk
Courtesy: Sanika Taori
No comments:
Post a Comment