An Introduction To
Objective: To maintain the security of information and software exchanged within an organisation and with any external entity.
Exchanges of information and software between organisations should be controlled and comply with any relevant legislation.
Information exchange policies and agreements
Formal agreements for the exchange of information and software should specify security controls.
Agreements should be put in place for exchange of information between the organisation and any external parties
Physical media in transit
Media containing organisational information in transit outside the organisational boundaries should be protected from loss, disclosure or misuse.
Controls should be applied where necessary, to reduce the business and security risks associated with electronic messaging
Business information systems
Clear policies and guidelines should be developed and implemented to control the business and security risks associated with the exchange of business information and interconnection of business systems.
The Security Practitioner
An Introduction to Information Security