Content library
Julkri: TL IV-I
TEK-18.1: Etäkäyttö - tietojen ja tietoliikenteen salaaminen

How to fill the requirement

Julkri: TL IV-I

TEK-18.1: Etäkäyttö - tietojen ja tietoliikenteen salaaminen

Task name
Priority
Status
Theme
Policy
Other requirements
Personnel guidelines for safe usage of mobile devices
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Remote work and mobile devices
Mobile device management
requirements

Task is fulfilling also these other security requirements

11.2.6: Security of equipment and assets off-premises
ISO27 Full
6.2.1: Mobile device policy
ISO27 Full
10.1.1: Policy on the use of cryptographic controls
ISO27 Full
11.2.8: Unattended user equipment
ISO27 Full
12.6.2: Restrictions on software installation
ISO27 Full
1. Task description

There are separate instructions for staff to use mobile devices. The instructions cover:

  • restrictions on installing software and using various services on your organization's devices
  • procedures for the registration of new devices
  • requirements for physical protection of equipment and installation of updates
  • access control requirements
  • protecting your organization’s data with encryption, malware protection, and backup
  • the ability of the organization to remotely control the device
Acquisition and instructions for a VPN-service
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Remote work and mobile devices
Remote work
requirements

Task is fulfilling also these other security requirements

9.1.2: Access to networks and network services
ISO27 Full
6.2.2: Teleworking
ISO27 Full
14.1.2: Securing application services on public networks
ISO27 Full
TEK-18.1: Etäkäyttö - tietojen ja tietoliikenteen salaaminen
Julkri
6.7: Remote working
ISO27k1 Full
1. Task description

Organisation's data can only be processed on a predefined, trusted network, or by using a VPN service defined by the organisation.

For example, a coffee shop's Wi-Fi network is often either completely unencrypted or the password is easily accessible to everyone. In this case, the information sent online is vulnerable to spyware. A VPN connection encrypts information regardless of network settings.

Encryption of laptops
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Encryption
requirements

Task is fulfilling also these other security requirements

10.1.1: Policy on the use of cryptographic controls
ISO27 Full
6.6.4: Fyysisten tilojen, laitteiden ja tulosteiden turvallisuus
Self-monitoring
TEK-18.1: Etäkäyttö - tietojen ja tietoliikenteen salaaminen
Julkri
8.24: Use of cryptography
ISO27k1 Full
CC6.7: Restriction and protection of information in transmission, movement or removal
SOC 2
1. Task description

Laptops are protected by full-disk encryption.

Defining the types of removable media used
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Management of data sets
Removable media
requirements

Task is fulfilling also these other security requirements

8.3.1: Management of removable media
ISO27 Full
8.3.3: Physical media transfer
ISO27 Full
A.11.4: Protecting data on storage media leaving the premises
ISO 27018
13.2.1: Information transfer policies and procedures
ISO27 Full
13: Communications security
ISO 27018
1. Task description

Removable media includes e.g. flash memories, SD memories, removable storage drives, USB sticks and DVDs.

The organization has defined which removable media is allowed to be used.

Encryption of portable media
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Encryption
requirements

Task is fulfilling also these other security requirements

8.3.1: Management of removable media
ISO27 Full
10.1.1: Policy on the use of cryptographic controls
ISO27 Full
8.3.3: Physical media transfer
ISO27 Full
A.11.4: Protecting data on storage media leaving the premises
ISO 27018
PR.PT-2: Removable media
NIST
1. Task description

Storing confidential information on removable media should be avoided. When removable media is used to transfer confidential information, appropriate security is used (e.g., full disk encryption with pre-boot authentication).

No items found.