Page 37 - CyberSecurityEssentialsEnglish
P. 37

approach when figuring out the best course of  action. Always consult your manager or the information
       security officer if you are unsure how to share information securely.

       When transferring personal information, make sure the recipient is aware of the following:

           ✓  The reason behind sharing information.
           ✓  Any restrictions on permission use, such as what the recipient may share and the conditions under
               which it may be shared with other organizations.
           ✓  The commitment to ensure that all future information handling is ethical and secure.
           ✓  The requirement to keep a record of the date, time, purpose, type of information provided, and, if
               necessary, the person who authorized the transfer. You should also include the recipient's name, job
               title, organization, and phone number.

       Sharing personal information securely - Telephone

           ✓  Confirm the requester's name, job title, department, and organization and the request's motivation.
           ✓  Write down the phone number you can use to reach the caller.
           ✓  Take into account whether it is possible to request and receive the requested information over the
               phone.
           ✓  Be cautious because anyone who shouldn't hear it can overhear your talk.

       Sharing personal information securely - In-person

           ✓  Hand-taking of personal data off-site should only be done in extreme cases and with great caution.
           ✓  Keep a record of any personal information you take off the site and the reason(s) for this.
           ✓  Conveying paper-based information in an envelope or sealed file is recommended.
           ✓  When conveying information by car, ensure it is perfectly and securely locked in the boot.
           ✓  As soon as possible, send the data back to your site, where it should be safely stored or disposed of.
       Sharing personal information securely - Email

           ✓  Avoid sending personal information over unencrypted email since it is not safe.
           ✓  Verify the recipient's name, position, and email address.
           ✓  Whenever possible, use a secure email connection.
           ✓  Request reception confirmation from the rec, e.g., by using delivery and read request settings.
           ✓  Make sure to put "Private and Confidential" in the subject line.
           ✓  Keep a record of all of your email correspondence.

       Sharing personal information securely - Removable Electronic Devices

           ✓  The data must be transferred securely by using the mobile electronics that your  organization has
               authorized.
           ✓  You should use portable electronic gadgets cautiously as they might not offer enough security.
           ✓  Personal  information  must  be  appropriately  encrypted  or  password  secured  following  your
               organization’s policy if it is required to use a portable electronic device.
           ✓  Be sure to report any loss—actual or suspected—immediately.
           ✓  You must safely erase personal data from the device after use.
           ✓  It is undesirable to keep private data on a portable electronic device longer than is necessary or
               appropriate. Keep a record of all of your email correspondence.



          35
   32   33   34   35   36   37   38   39   40   41   42