For internal use rt #1: A pocket guide to information classification Aseries brought to you by Corporate Security https://inside nokiasiemensnetworks.com/infosecDisposal of classified information Take every precaution when disposing of secret information, and follow the NSN policy when disposing of information in the other classes. You classify the information that you create. Handle information as “For internal use’, if it has no classification. The rules also apply to externals and business partners working within NSN. Think ahead. Secure in advance. Copvriaht © 2009 Nokia Siemens Networks. All rights reserved.Always clearly mark who can read your documents: Public. Can be shared with anyone. Can be published on the internet. For internal use. Shared on a good-to-know basis; requires a non-disclosure agreement. Can be published on the intranet. Confidential. Shared on a need-to-know basis; requires a non-disclosure agreement. The owner's permission not required. Shall not be published either on the Internet or Intranet without user authentication. Secret. Shared by the information owner only.Ensure easy flow of information Every time the classification is missing, people waste time trying to find out if they are allowed to use or share the information. Or worse — they might leak business critical information. Use the right classification to help your colleagues in their work. Encrypt secret information Always encrypt secret information if you must send it. Consider encrypting confidential information. Read more about the topic on the Corporate Security Intranet.For internal use Nokia Siemens ( #2: A pocket guide to personal data protection Aseries brought to you by Corporate Security Bs https://inside.nokiasiemensnetworks.com/infosec ByeWhat is personal data? Samples are: private or customer's telephone number, residential address, e-mail address, credit card information, and any behaviour-related information, e.g. telecommunica- tion traffic data. Enable the business ... with privacy in mind. Copyright © 2009 Nokia Siemens Networks. All rights reserved.How to handle personal data? For legal and ethical reasons, all of us must ensure the privacy of personal data at any moment. Handle it as confidential during its whole life-cycle. How to... collect: Only with explicit consent of affected employee or customer, or if permitted by law for specific business purposes. store: Secure storage by encryption and access protection, @.g. password. Use locked cabinets. Consider compliance requirements for document retention.How to... transfer: Follow the “Need to Know” principle. Encrypt electronic transfer. Consider local restrictions for transfers outside legal entities and for cross-border transfers. dispose: Shred or use locked containers. When stored in personal computers erase data with special software for secure data wiping. Destroy media if not erasable. When working with business partners, make sure to have a Non Disclosure Agreement or a data protection agreement in place.i ‘Nokia Siemens: For internal use é #3: A pocket guide to a clear desk A series brought to you by € na emensnetwo A anMeeting rooms Book only guest meeting rooms at “My rooms‘ for external visitors. Avoid screen visibility via windows. After the meeting clear the room of any classified material. What is yours, stays yours! Copyright © 2009 Nokia Siemens Networks. All rights reserved.Mobile data storage devices, memory sticks and CDs Lock all mobile data storage devices in a cabinet or a drawer before leaving the office. Keep an eye on your mobile phone and use the security features in it, e.g. password protection. PC, laptop computer Lock your PC with Ctrl+Alt+Del whenever you are not at your PC. Use notebook privacy filter and make sure that nobody can read your screen over your shoulder. Work environment Remove all important material like papers, flipcharts and CDs from your table and lock all cabinets and drawers. before leaving the office.Why a clear desk? Aclear desk is a simple way to avoid damage to our company’s intellectual property and reputation. In addition, we ensure compliance with legal and Health & Safety requirements. How? The basic rules of information security are: ... keep all important information in your possession or under lock and key ...treat sensitive information according to its classification ...make sure sensitive information is not shared with outsiders ..Keep your work environment clear from any “take away“ information.For intemal use Nokia Siemens Networks, ( #4: Apocketguideto secure Internet usageUse the Internet ..in a legal manner Don't use pirated software, and don't download or install freeware from unknown sources ..in a responsible manner Don't use your computer or your NSN identity for ethically questionable or illegal activities. Follow NSN Netiquette (Acceptable Internet Use) and Code of Conduct. ..in a secure manner Follow NSN Information Security Policy and rules for handling classified information. Surf safe! Copyright © 2009 Nokia Siemens Networks. All rights reserved.Security Make sure not to take any unnecessary risks by disabling security installations (e.g. virus protection, personal firewall), or by altering security settings (e.g. specific browser settings). NSN mail address is not meant for private communication. Prefer trusted websites Observe the icon for “lock” indicating a trustworthy web site owner Serurit |B @ IntemetChat, Newsgroups, Discussion Groups, Forums, Wikis and Blogs Never discuss or disclose proprietary or confidential information regarding e.g. customers, sales figures, shipping data, products etc. Traffic and volume overload Avoid downloading and storing large files — especially music and videos that have no relevance to work. Limit large email attachments, rather send a link to a file on the intranet or use an appropriate file share.For intemal use Nokia Siemens - Networks: a #05: A pocket guide to portable media Aseries brought to you by Corporate Security https://inside.nokiasiemensnetworks.com/infosecProtect portable media Portable media is by nature more prone to risk than information stored in a secure environment. Make sure you carry them safe. Be aware - lost Portable Media never gets returned Copyright © 2009 Nokia Siemens Networks. All rights reserved.Secure transport of portable media Minimize the risk of loss. Carry portable media with you only if necessary. Store it under lock and key, never leave it unsupervised. Deleting and disposal Delete any information on portable media if not longer needed. For confidential or secret information use special software for secure data wiping. Destroy media if not erasable.What is portable media? Portable media are devices used to store information outside of your workstation - e.g. USB sticks, CDs/DVDs, external hard drives, mobile phones, PDAs and other mobile devices. Protect information Always encrypt confidential and secret information. Prefer portable media with a build-in encryption feature, and use NSN recommended software products. + We recommend TRUECRYPTNokia Siemens For internal use ( #06: A pocket guide to Web 2.0 based services A:series brought to you by Corporate Security https:/inside.nokiasiemensnetworks.convinfosec Za PAPrefer established Web 2.0 services... We recommend these Top 5 web 2.0 enabled sites: friendster. ahaa hid Ad ~ : sealers) SN Protect yourself as well as your virtual life in Web 2.0 Copyright @ 2009 Nokia Siemens Networks. All rights reserved.Respect others Respect your audience. Do not use ethnic slurs, personal insults, obscenity, or engage in any conduct that would not be acceptable in the workplace. ...manage your appearance frequently Do not share confidential information You must not share confidential or proprietary information Telated to NSN or any other party. Speak the truth : : Add value, don’t spread rumors or gossip. The Nokia Siemens Networks brand is best represented by its people and what you publish reflects on our brand.