History
- Priority
- should
- Nov 2018
- Removed
- Removed due to a merge of relevant content into security control 0252.
- 2017
- Agencies should ensure that information security awareness and training includes advice topersonnel not to attempt to:• physically damage systems• bypass, strain or test security measures• introduce or use unauthorised ICT equipment or software on a system• assume the roles and privileges of others• attempt to gain access to information for which they have no authorisation• relocate ICT equipment without proper authorisation.
- 2015
- Agencies should ensure that information security awareness and training includes advice topersonnel not to attempt to:• physically damage systems• bypass, strain or test security measures• introduce or use unauthorised ICT equipment or software on a system• assume the roles and privileges of others• attempt to gain access to information for which they have no authorisation• relocate ICT equipment without proper authorisation.
- 2010
- Agencies should ensure information security awareness and training includes advice to system users notto attempt to:••••••physically damage the systembypass, strain or test security measuresintroduce or use unauthorised ICT equipment or software on a systemassume the roles and privileges of othersattempt to gain access to information for which they have no authorisationrelocate ICT equipment without proper authorisation.
- 2008
- Agencies should ensure that ICT security training and awareness includes advice to system users not to attempt to: a. introduce code into any system b. physically damage the system c. bypass, strain or test ICT security mechanisms d. introduce or use unauthorised software, firmware or hardware on a system e. assume the roles and privileges of others f. attempt to gain access to information for which they have no authorisation or g. relocate agency ICT equipment without proper authorisation.