Re: Tele-Commuting Risks

["J. Oquendo" <sil () infiltrated net>]

On Fri, 02 Jan 2009, John wrote:

> Hi All,
>
>  
>
> Our company is planning to introduce Tele Commuting facilities for all the
> employees. Some of the employees work on sensitive information like SSN,
> Credit Cards etc. 
>
> Our company also regularly undergoes ISO 27001 and SAS 70 audits.
>
>  
>
> I have the following questions:
>
>  
>
> Risks Involved in Tele Commuting? 
>  
>
> How to prevent information leakage while telecommuting especially when it
> comes to PII? 
>  
>
> Audit and Compliance issues related to Tele Commuting? 
>  

Linked are some starting points for you. No one is going to be able
to give you a definitive answer on ANY compliance issues as they are
broad and change for different industries. So you will need to work
on how it applies to you specifically else you will be in for a heap
of links on all sorts of potentially irrelevant information. For
example, if I sent you an encyclopedia worth of material on HIPAA
and it doesn't apply to you, 1) I wasted my time 2) I wasted your
time.

These two should give you the framework, the rest is really up
to you, your organization, your policies, your controls.

Security for Telecommuting and Broadband Communications
http://csrc.nist.gov/publications/nistpubs/800-46/sp800-46.pdf


Security for Telecommuting and Broadband Communications
http://www.cdt.org/privacy/20080729_riskathome.pdf



=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP

"Enough research will tend to support your
conclusions." - Arthur Bloch

"A conclusion is the place where you got
tired of thinking" - Arthur Bloch

227C 5D35 7DCB 0893 95AA  4771 1DCE 1FD1 5CCD 6B5E
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E