Anchor | ||||
---|---|---|---|---|
|
Table of Contents
- Communications SecurityGetting Started | Communications SecurityOverview | Communications SecurityResources | Communications SecurityStandards
- Network Security Management (ISO 13.1)
- Information Transfer (ISO 13.2)
Anchor | ||||
---|---|---|---|---|
|
Tip | ||
---|---|---|
| ||
In order to secure the information that flows across internal networks and to/from the Internet, colleges and universities need to effectively manage their physical and logical network infrastructure. The protection of networked information assets requires policies, standards, and a sound network control strategy. If you are just getting started in this area of your security program, then the following steps can be very helpful to get underway:
|
Communications SecurityTop of page
Anchor | ||||
---|---|---|---|---|
|
Overview
Communications encompasses the breadth of digital data flows both within an organization and between external entities across network infrastructures. These flows now include data, voice, video, and all of their associated signaling protocols. Securing these information flows as they traverse Intranets, Extranets, and Internet requires effective network infrastructure management as well as controls, policies, and procedures. This chapter provides guidance in planning, developing, and implementing the most essential elements of a Communications Security strategy.
Communications Security Top of page
Anchor | ||||
---|---|---|---|---|
|
Network Security Management (ISO 13.1)
Panel | ||
---|---|---|
| ||
Objective: To ensure the protection of information in networks and its supporting information processing facilities. |
...
Communications Security Top of page
Anchor | ||||
---|---|---|---|---|
|
Information Transfer (ISO 13.2)
Panel | ||
---|---|---|
| ||
Objective: To maintain the security of information transferred within an organization and with any external entity. |
Information transfer policies and procedures
Clear policies and procedures that govern the transfer of information between individuals both within and outside your organization should be established. Be sure to consider all possible methods of communication, including face-to-face, e-mail, voice, fax, and video, when drafting your policies.
...
- University of Missouri: Systems Electronic Records Administration
- University of Miami School of Medicine: Privacy/Data Protection Project
Top of page
Agreements on information transfer
If your organization has a business need to transfer information to a third party, then you should (and, in some cases, are legally required) to enter into an official agreement with them in order to preserve the security of that information. These agreements generally set minimum standards for protecting your data, and may also establish the limits of liability for both parties in the event of a breach or other unauthorized disclosure of data.
...
Top of page
Electronic messaging
Electronic messaging includes e-mail, peer-to-peer file transfer, social network-based communications (e.g., Google Hangouts, Facebook chats, LinkedIn InMail, etc.) and more. Your organization should consider introducing a policy that governs the authorized use of these mediums; at a minimum, such a policy should establish the authority to represent your organization in an official capacity on the Internet. Also, because your organization is unable to apply technical controls to third-party electronic messaging mediums – Google Hangouts, Facebook, et. al. – there is no way for you to quantify or improve their level of security in order to effectively secure a confidential message traveling across one of these mediums. The solution to this problem is to clearly state in your policy that organization-related business is only to be communicated and/or conducted using approved, secured methods (e.g., e-mail).
- Tennessee Board of Regents: Use of Electronic Signatures & Records
- Drexel University: Social Media Policy
Top of page
Confidentiality or non-disclosure agreements
Confidentiality or non-disclosure agreements are legally enforceable documents designed to protect your organization's confidential information and intellectual property. These agreements, signed by the organization and its employees and/or third parties, establish the responsibilities of all parties to ensure that no one discloses sensitive data in an unauthorized manner.
- UM Research and Sponsored Projects: Disclosure and Confidentiality Agreements
- KU: Confidentiality Agreement Requests
Communications Security Top of page
Anchor | ||||
---|---|---|---|---|
|
Resources
Communications Security Top of page
Anchor | ||||
---|---|---|---|---|
|
Standards
27002:2013 Information Security Management | 800-100: Information Security Handbook: A Guide for Managers | APO01.06 | Req 6 | ID.AM-3 | 45 CFR 164.314(a)(1) |
Communications SecurityTop of page
...
Questions or comments? Contact us.
...