Policies and Resources

Information Security Policy

Abstract

We developed and implemented an information security policy to impose a uniform set of rules for handling and protecting essential data. The policy applies to the entire IT structure and all operators in our interface. It determines who has access to various types of data, how identity is authenticated, and what methods are always applied to secure information. The policy also covers ethical and legal responsibilities of the Kayndrex Foundation and its personnel when it comes to safeguarding stakeholder data.

The security policy focuses on three key aspects of data and information held by the Foundation. Each objective addresses a novel aspect of providing protection for information.

Introduction

The Kayndrex Foundation has a major responsibility when it comes to protecting data and information. Whether it is internal proprietary information, or any type of data or information collected from stakeholders, we could face substantial consequences regarding cybersecurity. We have developed the right security managements whilst providing document security and always ensuring data availability.

Confidentiality

When we talk of the confidentiality of information, we are talking of protecting the information from being exposed to an unauthorised party in a cybersecurity incident. Preserving limits on access to data is important as it secures proprietary information and maintains privacy. We take major steps to implement document security, establish security monitoring for sensitive files, and establish clear information security policies regarding devices. Confidentiality covers a wide range of access monitoring and measures that protect our information from getting misapplied by any unauthorised access. We implement safeguards to keep our data confidential and to prevent an undesired cyber security incident.

Some information security basics to keep our data confidential are:

1. Encryption.
2. Password.
3. Two-factor authentication.
4. Biometric verification

Integrity

In the world of information security, integrity refers to the accuracy and completeness of data. Security managements focused on integrity are designed to prevent data from being modified or misused by an unauthorised party. Integrity involves maintaining the consistency and trustworthiness of data over its entire life cycle. Data should remain unchanged in transit, and precautionary steps should be taken to ensure that data remains unaltered by unauthorised operators.

Some security managements designed to maintain the integrity of our information include:

1. Encryption.
2. Operator access managements.
3. Version managements.
4. Emergency and recovery procedures.
5. Inaccuracy detection software.

Availability

Data availability implies that information is accessible to authorised operators. It provides an assurance that our system and data can be accessed by authenticated operators whenever they are needed. Like confidentiality and integrity, availability also holds great value.

Availability is typically associated with reliability and system uptime. We address availability concerns by putting various reserves and redundancies in place to ensure continuous uptime and business continuity. Information only has value if the right people can access it at the right time.

Information security measures for removing threats to data availability include:

1. External facility reserves.
2. Incident recovery.
3. Redundancy.
4. Switchover.
5. Proper monitoring.
6. Environmental regulations.
7. Virtualisation.
8. Server clustering.
9. Continuity of operations planning.

Biometric Technology

Multifactor biometric authentication is one of the most effective forms of logical security available to the Kayndrex Foundation. By requiring operators to verify their identity with biometric credentials (such as fingerprint or face recognition scans), we ensure that the people accessing, and handling data and documents are who they claim to be. Biometric technology is particularly effective when it comes to document security and e-signature verification.

Ethical Guidelines for Information Personnel

While performing their duties, our information personnel are guided by some moral codes of conduct which prompt them to take certain actions at a certain time. There are several ethical theories which have proved to be important for guiding information personnel, like other people, to make decisions and follow a certain course of action.

• Consequence-based theory states that to do the right thing, we should perform actions that have the good consequences.
• The main proposition of the duty-based theory is that there are ethical duties that human beings should obey irrespective of the consequences, rather than the consequences being the guiding principles for making decisions.
• The proponents of the rights-based theory suggest that the right thing to do is determined by the rights that human beings have.
• The ethical theorists who support a virtue-based theory opine that, the right thing to do is determined by the virtues that human beings ought to have. According to virtue-based theories, the right thing to do is what a virtuous person would do in the same circumstances.

Our information personnel are influenced by many factors while dealing with the ethical dilemma. Besides, religion, age, race, nationality, social and economic history, etc. play an instrumental role in shaping the ethical viewpoint of people.

However, the general held view is that, providing people with their desired information is the first and foremost duty of our information personnel if it supports the most fundamental ethical principles long held by human beings like honesty, mutual respect, social good and so on. Various legal aspects and existing rules and procedures are also taken into consideration. Our information personnel strike the balance between upholding intellectual property rights and ensuring access to information by maximum number of operators. They need professional guidance, sharing of information and insights among themselves, and continuous soul-searching on the concerns of ethics and morality to promote and uphold information ethics in the evolving knowledge society.