9.3 Telecommuting

Description

In general, telecommuting comprises activities which are performed from a remote location for an employer or client with the help of communications links to that employer or client.

There are different types of telecommuting, such as working at satellite offices, neighbourhood offices, mobile telecommuting, and working at one's own residence. In the last case, a distinction is made between exclusive telecommuting and alternate telecommuting, i.e. working exclusively at home, or partly at home and partly at an institution.

This chapter deals with the types of telecommuting performed partly or exclusively at home. It is assumed that the home workstation and institution are linked by means of a telecommunications line allowing an exchange of data and, if required, access to data at the institution.

The measures recommended in this chapter fall under four different categories:

The safeguards recommended in this chapter concentrate on additional security requirements for IT systems used for telecommuting. In particular, security requirements are formulated for the technical components of telecommuting (remote computers, communications links and communications computers); these requirements must be met by appropriately configured IT systems. The related modules in Chapter 5 and the safeguards for the home working-place mentioned in Chapter 4.5 also need to be considered for the IT systems used.

Threat Scenario

The following typical threats are assumed as regards IT baseline protection of telecommuting:

Force Majeure:

Organisational Shortcomings:

Human Failure:

Technical Failure:

Deliberate Acts:

Recommended Countermeasures (S)

For the implementation of IT baseline protection, selection of the required packages of safeguards ("modules") as described in chapters 2.3 and 2.4, is recommended.

A sufficiently reliable form of telecommuting is only achieved if IT security measures from several areas are allowed to overlap and complement each other. If any one of these areas is neglected, secure telecommuting can no longer be ensured. The individual areas and essential measures are:

The package of measures for the area of telecommuting is listed in the following:

Organisation:

Personnel:

Hardware/Software:

Communications:

Contingency Planning:


© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update on 6 April 2000