Page 79 - Phil Reddin Financial Services Ltd DRAFT V1
P. 79

To  ensure  that  the  EBS  staff  member  issued  with  a  laptop  assumes  an  appropriate  level  of
               responsibility of EBS Property. Remote access enabled users must also ensure that their home laptops,
               desktop PCs etc. are appropriately secured.

               To ensure laptop computers are maintained in a secure environment to minimise the threat level of
               loss or theft of the device itself and any sensitive information.

               To ensure compliance with legal obligations, with data protection act, copyright, etc.

               7.13.3 Remote Access Security Risks
               There are a number of security risks associated with remote access, these include:

               Confidentiality — This is concerned with the prevention of unauthorised access.

               Integrity — Deals with the accuracy of data and prevents illicit modification. Availability — Ensures
               that data is backed up and available on demand.

               There also exists the prevalent risk of theft of the portable device itself. For this reason remote access
               tokens must be stored separately from the portable devices.

               7.13.4 Remote Access Compliance
               It  is  the  responsibility  of  each  remote  access  device  user  to  adhere  to  this  policy  and  to  inform
               management of known breaches of the policy. Failure to do so will be deemed misconduct and could
               result in disciplinary action up to and including dismissal for cases of gross misconduct.
               Where laptop / desktop PCs are provided with remote / Citrix access to EBS systems it is the user's
               responsibility to ensure that no data is copied between the Citrix shared drive and the local hard disk
               of the remote device. End users must operate from the network share drive only.

               7.13.5 Stakeholders Responsibilities
               The following are the key stakeholder responsibilities:

              Senior Management

               Senior line management must authorise the issue of all EBS laptops. The purchase and issue of such
               laptop  computers  will  only  occur  where  a  strong  business  case  is  made  and  approved  for  each
               individual case.

               A log of all laptops and remote access devices must be maintained and monitored by IT. A review of
               these remote access devices is required at least annually.

              Employee Responsibilities

               EBS laptop usage is restricted to business purposes only. The information stored on the remote access
               device must be suitably protected at all times.

               Where  remote  access  devices  are  used  to  store  or  process  sensitive  information  they  must  be
               equipped with appropriate safeguards to maintain adequate security. These measures must include
               backup procedures and appropriate encryption/ password protection.
               EBS laptops, remote access devices must not be used to access the Internet except when authorised
               and through the EBS firewall.


              Health and Safety

                                                                                             Page 78 of 83
   74   75   76   77   78   79   80   81   82   83   84