IT SECURITY
Security principles in the area of information technology at HOCHTIEF CZ are based on the following documents and legislation:
- Law on Personal Data Protection No. 101/2000 Coll., as amended
- ČSN ISO/IEC 17799 Information Technology – Code of practice for information security management
- ČSN ISO/IEC TR 13335 Information Technology – Guidelines for IT security management
- The HOCHTIEF standards for work in the field of information technology
The aim of the individual measures implemented within the security strategy of HOCHTIEF CZ is primarily:
- Ensuring of proper and safe operation of the system
- Minimizing the risk of system failure
- Ensuring integrity of the system and information
- Ensuring maximum system availability
- Preventing damage to the assets and disruption of the company´s activities
- Preventing loss, modification and misuse of information
- Protection of confidential and secret information
- Protection of the trade secret
The main safety principles used by HOCHTIEF CZ and used to achieve the above mentioned objectives are:
- Ensuring physical safety of the individual parts of the system
- Ensuring protection of the system against critical conditions
- Ensuring emergency measures including contractual security of correction of the critical elements of the system
- Backups and data archiving
- Clear identification of each user of the system by an account and password
- Internet access for WAN users only through one place protected by Firewall
- Use of regularly updated anti-virus software on all servers and computers
- Antivirus control of electronic mail
- Management of user access to data using access permissions
- Two-level security of critical data and electronic mail – encryption