One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 3516936 |
| Date de publication | 2021-10-15 12:40:00 (vue: 2021-10-15 00:05:29) |
| Titre | Topic-specific policy 4/11: information transfer |
| Texte |  "Information transfer" is another ambiguous, potentially misleading title for a policy, even if it includes "information security". Depending on the context and the reader's understanding, it might mean or imply a security policy concerning:Any passage of information between any two or more end points - network datacommunications, for instance, sending someone a letter, speaking to them or drawing them a picture, body language, discussing business or personal matters, voyeurism, surveillance and spying etc.One way flows or a mutual, bilateral or multilateral exchange of information.Formal business reporting between the organisation and some third party, such as the external auditors, stockholders, banks or authorities.Discrete batch-mode data transfers (e.g. sending backup or archival tapes to a safe store, or updating secret keys in distributed hardware security modules), routine/regular/frequent transfers (e.g. strings of network packets), sporadic/exceptional/one-off transfers (e.g. subject access requests for personal information) or whatever. Transmission of information through broadcasting, training and awareness activities, reporting, policies, documentation, seminars, publications, blogs etc., plus its reception and comprehension. Internal communications within the organisation, for example between different business units, departments, teams and/or individuals, or between layers in the management hierarchy."Official"/mandatory, formalised disclosures to authorities or other third parties.Informal/unintended or formal/intentional communications that reveal or disclose sensitive information (raising confidentiality concerns) or critical information (with integrity and availability aspects). Formal provision of valuable information, for instance when a client discusses a case with a lawyer, accountant, auditor or some other professional. Legal transfer of information ownership, copyright etc. between parties, for example when a company takes over another or licenses its intellectual property.Again there are contextual ramifications. The nature and importance of information transfers differ between, say, hospitals and health service providers, consultants and their clients, social media companies and their customers, and battalion HQ with operating units out in the field. There is a common factor, however, namely information risk. The in |
| Envoyé | Oui |
| Condensat | information additional high if internal once relationship significant antivirus conversation for formal legal particular regular regularly sending to transmission /mandatory 27001 27002 4/11: ; a ; digital ; encryption ; explicit ; procedures ; prohibition ; technical ; trust >information >the acceptable access accompanying account accountable accountant achieve achieved actively activities actual adaptation:background adequate advise advisors again against agreed agreement agreements algorithms all already also although ambiguous analysis and/or annually another any applicable applies approach appropriate archival are arrangements aspects asserted assess assessed assessing assessment asset assets assignment assist associated attempts audit auditor auditors authentication authorities authority availability avoidance awareness axioms backup banks batch battalion been before being best between beyond bilateral binding block blog blogs body both breach; various breaches broadcasting business business/commercial but can care case certain certainly certified changes checks circumstances clarify clauses cleared client clients come commercial commitments common commonplace communicate communicating communication communications companies company competent compliance comprehension concerning:any concerns conditions conducting confidence confidentiality confirmed connections consideration consultant consultants context contextual contracts contractual controls copyright corporate corresponding corruption cost countries course cover covering critical cryptographic customers data datacommunications days dealing delayed departments depend depending design detailed determine determined differ different digests disaster disclose disclosure disclosures discrete discussed discusses discussing disk; automated distributed document documentation donor drafted drafting drawing during each education effective either email emails embedded employees encryption end endif episode established etc even eventually every example examples:legally exchange exchanged exchanges expected expensive expert explicitly exploring expressed external external/third extremely face factor facts failover field flows following form formal formal/intentional formalised formally frequency from fully general generally greater guiding guts hand harbor” hardware have health hence here hierarchy high hospitals however ideally identification identify identifying illustrative impacts implement implementation implemented implementing implications implicit imply importance important incidents includes including incorporated indeed individuals informal/unintended informally information inspection inspiration instance integrity intellectual intention intermediary involved involving iso/iec its jointly key keys language lawyer layers leads least legal legally lengths letter level levels liabilities licenses life likely links listed little logs low maintained maintaining managed management manager managers managing manner matters may mean meaning mechanisms media media/technologies medium meetings merely message messages method might minimized misleading misses mitigated mode modules monitored monitoring/alerting more multilateral must mutual mutually namely nature near necessary necessitating need needed network network/system next non not number numerous obligations off official offset one onward operate operated operating operation organisation organisations organizations other out over owners ownership packets particular particularly parties partners party passage passed passes perhaps permissible person personal picture piece place plus point points policies policy policy: possible possibly potential potentially pre preferably principles probably procedures proceed process professional prohibiting prohibition promptly proof properly property proprietary prote |
| Tags | General Information Guideline |
| Stories | APT 17 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.