Scribd
Upload
51 views1 page

Assignment 1 SOLUTION PDF

The document discusses how a company can ensure privileged information is properly handled by employees. It recommends implementing proper access controls like classifying information and restricting access based on need-to-know principles. It also suggests monitoring the release of information and obtaining authorization before disclosure. Finally, it advises establishing clear policies on confidentiality, alerting staff to consequences of leaks, and requiring staff to sign non-disclosure agreements.

Uploaded by

Julian Chan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
51 views1 page

Assignment 1 SOLUTION PDF

The document discusses how a company can ensure privileged information is properly handled by employees. It recommends implementing proper access controls like classifying information and restricting access based on need-to-know principles. It also suggests monitoring the release of information and obtaining authorization before disclosure. Finally, it advises establishing clear policies on confidentiality, alerting staff to consequences of leaks, and requiring staff to sign non-disclosure agreements.

Uploaded by

Julian Chan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

ENG3004-Assignment 1

Q) Company’s most valuable assets is information. Employees are supposed to maintain the
confidentiality of information (whether or not it is considered proprietary) entrusted to them not
only by the Company, but also by suppliers, customers and others related to the business. If
disclosed, might be of use to competitors or harmful to the Company, or its customers or suppliers.
With reference to the above, recommend how the company can make certain that the privileged
information is handled properly by the employee?

Assignment 1-Solution

Note: There is no fixed answer. Students can address the assignment question by using the
following points.

Three ways are suggested:


Implement proper access control
1. Classify information into different security groups based on their risk exposure and degree of
sensitivity. Classification should be reviewed regularly.
2. Approve access rights on the basis of a practical application of the need-to-know, need-to-do,
need-to-use principles i.e. only those staff who have genuine need to use the information during
the course of duty can have access to classified information.
3. Restrict access to computer information by using passwords and the passwords should be
changed regularly.
4. Set up an audit trail system for computer systems for identifying persons who have gained
access to information in order to facilitate future investigations and access control monitoring.

Monitor release of information


1. Provide clear guidelines on how to safe keep and handle release of classified information and
on how to ensure computer security.
2. Monitor release of information according to the need-to-know, need-to-do and need-to-use
principles.
3. Obtain the employer’s and client’s authorization before disclosing confidential information to
them.

Ensure proper management controls


1. Clearly communicate company’s policy on preservation of confidentiality to all levels of staff.
Such policy should be reviewed regularly to assess its effectiveness in risk minimization.
2. Alert staff of the serious consequences of leaking/abusing proprietary information.
3. Require staff to sign agreements not to leak or misuse proprietary information during their
employment and for a specific period after they have left the company, if necessary.

This study source was downloaded by 100000830570627 from CourseHero.com on 05-11-2023 06:50:06 GMT -05:00

https://www.coursehero.com/file/133777165/Assignment-1-SOLUTIONpdf/
Powered by TCPDF (www.tcpdf.org)

You might also like