Thursday, 14 April 2016

Organization of Information Security Part 3

Mobile Computing and Teleworking

Policies for use of mobile computing devices and work in off-site settings (“tele-work”)  for software company in india should aim for information security commensurate with that for work in on-site settings and for non-mobile devices, where operationally and technically feasible.

Mobile computing and tele-working controls

Controls should be implemented that are in proportion with settings of mobile/tele-working use, the types of users and sensitivity of the data and applications being accessed from mobile/tele-working settings.


Controls on mobile computing and tele-working should extend to any non-traditional or extra-institutional work setting where the information of the organization is accessed. Controls on following could be included:
• "Smart" phone-PDAs and mobile phones
• Desktop computers used off-premises
• Media and portable storage devices 
• Any other type of component capable of displaying, using, transmitting and storing the information of the organization.
• Notebook, palmtop computers and laptop

Portable devices and media controls

Appropriate security measures should be required for mobile computing and communications activities for software companies india.  Following Guidelines and/or requirements could be included:
• Regular data backups for stored sensitive data
• Physical security measures
• Prohibition or minimization of data storage on devices in off-premises locations or mobile devices, particularly sensitive data
• Secure communication methods for transmitted data such as Virtual Private Network
• Updates for operating system and other software updating
• Independent validation of appropriate device configuration
• Access control and  appropriate user authentication (biometric-based) 
• Cryptographic methods for sensitive data
• Protective software such as anti-virus and others

Controls against malicious mobile code

Proper controls should be implemented for response, detection and prevention to mobile versions of malicious code also including appropriate user awareness.

Tele-working controls

Appropriate security measures should be required for "tele-working" activities.  Following could be included:
• Policies regarding organizational property used at the site (e.g., organization’s software and hardware)
• Environmental and physical security measures
• Policies concerning safety of private property used at the site 
• Appropriate user access control and authentication, given reasonably anticipated threats from other users at the site
• Security measures for wireless and wired network configurations at the site
• Specification of financial responsibility for equipment replacement or repair and Insurance coverage.
• Cryptographic techniques for communications from/to the site and data storage
• Data backup at regular intervals and security measures for those backup copies
• Intellectual property  policies created or used at the site which includes software licensing

3. Teleworking and Mobile Working
Courtesy: Sanika Taori

No comments:

Post a Comment