Frequently Asked Questions (FAQ)
1. What are the components of network security?
- Documented policies, procedures, standards & guidelines (PPSG)
- Multi-layered (defense in depth) – router / firewall / encryption / endpoint security
- Patch management
- Physical / administrative / technical security
- Routine audits
2. In an organization, who does information security affect?
- Employees
- Shareholders/ owners / partners
- Insurers
- Customers / clients
- Users
3. What are examples of “negligence” for a company?
- No policies, procedures, standards, or guidelines (PPSG)
- Improper data storage / transfer (no encryption)
- Non-compliance with regulatory statutes
- Improper patch management
- Improper antivirus / antispyware protection
- Improper firewall / router configuration
- Improper or no wireless encryption protection measures
4. What are the ramifications of security failures?
a. Non-legal liability
- Business interruption
- Data loss / data corruption
- Damage to public image / reputation
- Insurance premium increases
- Lost employee productivity
b. Direct legal liability
- Trade secrets – civil & criminal court ramifications
- Human resources – grounds to terminate employment
- Indemnity – inability to hold employees responsible for their actions / inactions
- Lawsuits covering improper disclosure of data
- Breach of contract
- Computer Fraud & Abuse Act – criminal hacking by employees
- CAN SPAM Act – illegal spamming by employees
- Regulatory compliance (OITPA, SOX, GLBA, HIPAA, FACTA, PCI, etc.)
c. Indirect legal liability
- Digital Millennium Copyright Act - copyright infringement / pirated software
- Aiding & abetting – network is used to attack another network
- Illegal storage – child pornography or other illegal material
Purchase online at:
www.iSecurityPolicy.com
|
Support Oregon Business |
