Security Policy Document: Global Distributions, Inc.
The purpose of this document is to establish key security parameters and guidelines for Global Distributions, Inc. (GDI) in order to protect the interests of the company and its clients.
These policies apply to all operations managed by GDI, including interactions and interfaces with client companies that are managed by GDI. All communication networks, database systems, and servers full under the purview of this policy.
Definition of Sensitive Information
All information that could identify a client of GDI, monetary values of client goods or contracts, physical addresses of client goods or business locations, physical addresses of GDI company locations, any details of client-specific services rendered by GDI to clients, and any personally identifying information for any client or GDI personnel shall be considered sensitive information and treated as such. This designation applies to this policy document and to other documents, guidelines, and directives issued by GDI as they may be from time to time.
Rationale: This definition is necessary for simplifying further security policies and future guidelines. The definition of sensitive information is purposefully broad, as over-conclusion is far less problematic than under-inclusion.
3.1.2 Definition of GDI/GDI Client Personnel and Property
All movable items located on or within GDI buildings, grounds, and/or transportation vehicles (whether owned, leased, or contracted to GDI) as well as the buildings, grounds, and vehicles themselves shall be considered GDI property for the purposes of this document. All employees, contracted workers, and any other personnel with legitimate business-related tasks to perform on or with GDI property shall be considered GDI personnel for the purposes of this document. All physical items owned by GDI clients that GDI is in possession of, has contracted for possession of, is monitoring, or is in any other way connected to GDI services, shall be considered client property for the purposes of this document. All employees, contract workers, and other individuals with legitimate business tasks related to client property shall be considered GDI client personnel for the purposes of this document.
Rationale: This definition is necessary for simplifying, clarifying, and making explicit those properties and personnel included in this document's security policies.
3.1.3 Safety of Personnel and Property as Overriding Concerns
All GDI personnel are primarily tasked first with acting in a manner that ensures the safety of all personnel and other individuals, and second with acting in a manner that protects the property of GDI and GDI clients. No security policy in this document or any other shall supersede these primary tasks.
Rationale: Ensuring the security and safety of personnel and property must be central to overall security, as there are no company interests or security concerns without the personnel and property with which company operations are concerned.
3.1.4 General GDI Personnel Conduct
No GDI personnel shall engage in tasks, access information, or enter areas of GDI operation that are not directly pertinent to the performance of the tasks for which they are responsible and that they have been expressly authorized to perform. No deviations from this policy are allowed save in cases of emergency situations that cause threat to the safety of personnel or of GDI/GDI client property, and reviews shall be conducted following all such emergency exceptions.
Rationale: Limiting the scope of activities for all personnel to those they have been expressly authorized to perform limits the potential for security breaches, both purposeful and accidental, and also greatly simplifies and eases investigations carried out in the wake of potential security breaches.
3.2 INFORMATION SECURITY
3.2.1 Limitations on the Communication of Sensitive Information
No sensitive information shall be transmitted via any medium, including direct oral communication, without verifying the authorization of the receiving party(ies) to receive the sensitive information. Regular authorization verification of common GDI communication partners need not be obtained for every communication, so as to maintain practicality in daily operations, however all non-GDI communication partners must be verified on a per-communication basis.
Rationale: Ensuring authorization for the receipt of sensitive information will help to ensure that sensitive information does not reach those who do not have a proper and legitimate use for this information. Stringent verification procedures will also limit incorrect assumptions of a legitimate need to communicate sensitive information.
3.2.2 Communication of Sensitive Information Using Physical Media
Sensitive information stored on physical media, including directly-readable media (e.g. ink and paper) as well as information stored electronically on physical media (e.g. computer disks) shall be transported only in sealed GDI-provided envelopes marked "confidential." This policy applies to inter-office industries and settings, and controlling this will greatly enhance information security.
3.2.6 Destruction of Communications Containing Sensitive Information
All communications sent or received that contain sensitive information shall be destroyed when they are no longer needed, provided that the information contained is first stored/verified to be stored in an appropriately controlled environment. Communications that must be kept for legitimate and authorized business purposes shall be properly encrypted (for electronic communications) or physically secured (for physical media) in a manner that ensures only authorized personnel will be able to access the communications and the sensitive information contained therein.
Rationale: The destruction and securing of communications that contain sensitive information limits the potential for unauthorized access of such information through carelessness and through willful security breaches.
3.3 PHYSICAL SECURITY
3.3.1 Security of GDI Grounds and Buildings
Access to all GDI grounds and buildings is limited to those GDI personnel whose specifically-assigned and authorized tasks require their presence in those specific buildings/grounds. All GDI personnel are tasked with the responsibility to immediately report any unauthorized presence on GDI grounds/property, and to monitor and report and suspicious activity by authorized GDI personnel.
Rationale: Tasking all GDI personnel with maintaining the security of GDI grounds and buildings decreases the risk of unauthorized access and/or activities, and will increase the speed with which such access/activity is responded to, limiting potential harm.
3.3.2 Security of Movable GDI and GDI Client Property
No GDI personnel shall move, touch, or in any way engage with GDI or GDI client movable property unless it is directly necessary for the completion of authorized duties. All GDI personnel are tasked with immediately reporting any unauthorized engagement with GDI and/or GDI client movable property.
Rationale: Again, limiting property engagement limits the potential for harm and tasking all personnel with monitoring duties increases the speed with which unauthorized engagement will be noticed and responded to, while also serving as a deterrent.
3.3.3 Security of GDI Transportation Vehicles
No GDI personnel shall enter, operate, or otherwise engage with any GDI transportation vehicle unless such engagement is necessary for the completion of specifically authorized tasks. All GDI personnel are tasked with immediately reporting any unauthorized engagement with GDI transportation vehicles.
Rationale: Not only is direct security of GDI/GDI client property better protected through limited access to transportation vehicles, but GDI's liability is greatly reduced by reducing those that have authorized access to transportation vehicles.
3.3.4 Handling of…
They need to know what their responsibilities are not only as individuals but also as team members and corporate employees. David cites an excerpt from a corporate security document that illustrates his point: "A security policy serves many functions. It is a central document that describes in detail acceptable network activity and penalties for misuse. A security policy also provides a forum for identifying and clarifying security goals and
Even though there is always some form of a risk involved in the coding technique together with the deployment methods of a website, some technologies such as PHP and MySQL form some of the worst aggravators of online website security. The loopholes that exists in the use of these technologies results in some of the worst hack attacks and security breaches ever experienced in the field of web design. The
OSIIT An analysis of IT policy transformation The aim of this project is to evaluate the effectiveness of information security policy in the context of an organization, OSI Systems, Inc. With presence in Africa, Australia, Canada, England, Malaysia and the United States, OSI Systems, Inc. is a worldwide company based in California that develops and markets security and inspection systems such as airport security X-ray machines and metal detectors, medical monitoring anesthesia
APPLE INC: iPhone Apple Inc.: I Phone The mobile telecommunications industry is considered one most important sector within the community market, which represents half of the 1.1 billion euros they billed annually worldwide (Merkow and Breithaupt, 2006, p66-69) Since the technology created in the 40s of last century, to the art terminals, you can say that the mobile phone has a global history in the sense that its development has slowed or
His ideas are not important for their uniqueness (though they are singular), but because of the essential similarities between his conservative business utopia and other versions of collectivism" (Gilbert, p. 12). This biographer reports that King Camp Gillette was born in January 1855, the fifth of seven children, to George Wolcott Gillette and Fanny Camp Gillette, in Fond du Lac, Wisconsin; when King was four years old, the family
Companies such as XYZ Widget Corporation are well situated to take advantage of burgeoning markets in developing nations, particularly in Asia and Africa. 2. XYZ can grow its business by expanding its operations to certain developing nations in ways that profit the company as well as the impoverished regions that are involved, particularly when marketing efforts are coordinated with nongovernmental organizations operating in the region. 3. Several constraints and challenges must