Security Policy

Introduction

Version 1.0 - 13.12.2015
Document Maintainer - Howard Fuhs
Maintaining Department - xyz

Losses in their millions occur in German companies through loss of data and theft of information, whereby the number of unrecorded cases are many times higher than those recorded. Data security for companies is therefore nowadays not an optional luxury, but a necessity to protect the position of the company in the market.

Companies compete with each other and any information to the outside can bring competitive disadvantages. In this way data security is linked to the social imperative of securing guaranteed employment which is in the interest of any employee.
The best method of protection is the definition of security regulations in order to minimise the remaining risks. Security regulations, however, can only function if they are introduced in their entirety throughout the company, understood by the employee and practised by him/her.

The thoughts and activities of persons using the computer have today decisive influence on the correctness and confidentiality of the data and information used by them. In the context of data security the following characteristics must be protected:

Non-damage

Data can only be changed within specifically defined business processes. These changes must be authorised and comprehensible (reconstructable). Any other form of change must be prevented.

Confidentiality

Availability of data must be restricted to a certain group of people previously defined.

Availability

Data that can be obtained without authorisation is without value to the organisation.

Authenticity

It must be ensured that at any time one can reconstruct who has changed or sent information.

Obligation

With the use of digital signatures and secure information channels, it must be ensured that no communication partner can challenge that a flow of information has followed.

This user guideline represents a small textbook to make aware the use of certain safety relevant problems which can occur in company practice. Beyond that, it is intended to give short behavioural rules which enable the user to react appropriately to certain situations and changes.


With questions please contact:

Mr/Mrs
Department
Tel.
E-mail

With additional or improvement suggestions please contact:

Mr/Mrs
Department
Tel.
E-mail