By Sami Zaptia.
London, 10 August 2019:
Libya’s data protection agency, the National Authority for Information Security and Safety has launched a data protection manual for both the private and public sector.
NIISA reported on Thursday that it strives to raise the level of public awareness of the need to establish the concepts, principles and practices of information security for both private and public employers. It sees this as part of the continuous development of Libya’s IT sector.
It says that it has focused on developing a general framework and guideline for policies, procedures and standards that contribute to supporting the safe use of technology.
It advises all sectors that written practical and technical rules should be established to protect an organization from accidents affecting its business and technical infrastructure, and written documents to provide a general description of the controls required to manage information security risks.
Such a document would also represent an official declaration of the organization’s intention to protect its data and information. An information security policy is a live document that should be constantly updated to adapt to business development and IT requirements.
The 128-page document in Arabic and English contains the following 8 headings/chapter:
1-Data Protection Policy
2-Acceptable Use Policy
3-User Policies
4-Anti-Virus Policy
5-Network Security Policies
6-Third Party Policies
7-Data Backup Policy
8-Physical Security Policy
