Dublin Institute of Technology IT Security Policy

Size: px
Start display at page:

Download "Dublin Institute of Technology IT Security Policy"

Transcription

1 Dublin Institute of Technology IT Security Policy BS7799/ISO27002 standard framework David Scott September 2007 Version Date Prepared By /10/06 David Scott /09/07 David Scott /09/07 David Scott* * Following Directorate, ISSC, Final PWC review & minor errata correction. Page 1 of 16 9/30/2009

2 Contents 1.1 OBJECTIVES OUR POLICY INTRODUCTION STATEMENT OF AUTHORITY THE INFORMATION ENVIRONMENT INFORMATION SECURITY INCIDENT MANAGEMENT PHYSICAL SECURITY SECURING OFFICES, ROOMS AND FACILITIES SECURE AREAS ACCESS CABLING SECURITY EQUIPMENT MAINTENANCE SECURE DISPOSAL OR REUSE OF EQUIPMENT REMOVAL OF PROPERTY SECURITY OF EQUIPMENT OFF-PREMISE PHYSICAL SECURITY INCIDENTS ACCESS CONTROL USER ACCESS SETUP AND REVIEW OF USER ACCOUNTS PRIVILEGE MANAGEMENT GENERIC USER ACCOUNTS FILE STORAGE THE WEB INTERNET ACCESS CAMPUS NETWORK FIREWALL SECURITY POLICY INFORMATION SYSTEMS MAINTENANCE & TECHNICAL VULNERABILITY MANAGEMENT Patch Management Remote Access to Systems Anti-Virus Security Page 2 of 16 9/30/2009

3 Statement 1.1 Objectives To provide a strategic focus and direction for Information Security Management, to define the Dublin Institute of Technology s Policy for Information Security and to state our commitment to the security of Institute Information assets. 1.2 Policy We are committed to protecting the confidentiality of all our information and ensuring that information is accurate, complete, and available in a timely and efficient manner to those who are authorised to use it. Our key Information Security objectives are: To support our academic and administrative processes and help our teams to achieve their goals To help protect against risks inherent in the use of information systems To comply with all relevant laws & regulations. In order to achieve our security objectives, we will operate and maintain an Information Security Governance environment for the secure and efficient processing of information in accordance with recognised best practices. The Chief Information Systems Officer will ensure adherence to these best practices by creating and maintaining an Information Security Management System (ISMS) appropriate to the Institute. This includes: Implementing an Information Security Forum to take ownership and provide leadership membership of this forum will include representatives from all business areas Creating an Information Security/Compliance Office to ensure effective security and efficient communications Providing a structured set of Polices and Procedures to support the Information Security Organisation Conducting risk assessments to identify key areas of risk and the controls required to mitigate these risks to acceptable levels. Enforcement of all policies across all areas of the Institution. Ensuring the Institutes compliance with the relevant legislation Information Security is the responsibility of all the Institutes staff, students, contractors and third parties with access to Institute information. We are obliged to take breaches of policy seriously and it is incumbent upon all of us to read and understand the security policies that apply to us in performing our duties. Signed on behalf of the Institute: Page 3 of 16 9/30/2009

4 2 Introduction The purpose of this policy is to define a framework on how to protect the Dublin Institute of Technology s computer systems, network and all information contained within, or accessible on or via these computer systems from all threats whether internal, external, deliberate or accidental. It is the policy of the Institution to ensure that: All central computer systems and information contained within them will be protected against unauthorised access. All members of the Institute are aware that it is their responsibility to adhere to this policy. All parties accept total responsibility for maintaining, adhering to and implementing this policy within their areas. The integrity of all central computer systems, the confidentiality of any information contained within or accessible on or via these systems in the responsibility of Information Services. All regulatory and legislative requirements regarding computer security and information confidentiality and integrity will be met by Information Services and the Institute. All breaches of security will be reported to and investigated by a nominated security officer usually within Information Services. The primary role of the Institute s function regarding education and research is not hindered All Policies must comply with BS 7799/ISO27002 standards 2.1 Statement of Authority The CISO will have authority to develop, implement and enforce IT security policy. In addition all users have a responsibility to report promptly (to Information Services) any incidents which may have security significance to the Institute. Page 4 of 16 9/30/2009

5 3 The Information Environment Information Services plan, implement, maintain and operate a range of central Information servers, core network switches, edge network switches, backup systems, and the overall network infrastructure interconnecting these systems. The Information environment is defined as all central Information resources and network infrastructure including those managed and overseen by Information Services and other DIT IT support units and all information devices that can physically connect, and have been authorised to connect, to this environment. All are covered by this policy, including Information hardware and software, any Institute related data residing on these machines or accessible from these machines within the campus network environment and any media such as CD-ROMs, DVD- ROMs and backup tapes that may at times be accessible. Information Services also considers all temporary and permanent connections via the Institute network, casual laptop docking points, the Wireless network, and the Virtual Private Network to be subject to the provisions of this policy. Information resources not owned by the Institute may be connected to the Institute s network. However, all such resources must function in accordance with Institute regulations governing the use of ICT resources. Information Services reserves the right to remove any technical resources or devices which do not comply with Institute IT Security policy. Information Services reserves the right to monitor, log, collect and analyse the content of all transmissions on networks maintained by both Information Services and individual Faculties, Schools, Departments and other organisations at any time deemed necessary for performance and fault diagnostic purposes. Any network monitoring will be performed in accordance with this Policy. 3.1 Information Security Incident Management All Incidents, including Information Security Instances, should be reported to the Support Desk immediately. All Incidents will then be logged by the Support Desk and will be passed for resolution, where necessary to the Incident CoOrdinator. The Incident CoOrdinator will monitor and manage the Incident and will communicate with all relevant parties and stakeholders until the Incident is resolved. Please refer to the DIT Incident and Problem Management process in the more detailed DIT IS Organisational Security Policies for a comprehensive description of the process to be followed. Page 5 of 16 9/30/2009

6 4 Physical Security Information Services provides a secure data centre/s with protected power arrangements and climate controlled environment. Primarily for the provision of central information and network facilities individual departments and, if appropriate, individuals, are encouraged to make use of the facility for applicable teaching or research projects. Any computer equipment in general office environments should be within physically secure rooms outside of general office hours. Personal computing devices in public areas should contain a device or mechanism for securing and protecting the main components and contents of the computer from theft. 4.1 Securing offices, rooms and facilities Computer rooms, data centres, offices and other locations either housing critical information processing facilities or from where such facilities might be accessed must have good physical security. Equipment that supports critical business activities must be physically protected from security threats and environmental hazards and must be sited, or protected, to reduce the risks of damage, interference and unauthorised access. Consideration should also be given to any security threats posed by neighbouring accommodation. Whether offices or computer rooms, physical security protection should be based on defined perimeters with security enforced at an appropriate level for each one. Only authorised persons should be admitted to such areas and appropriate entry controls should be implemented to achieve this. Everyone should be required to wear visible identification and encouraged to challenge strangers. Visitors to secure areas should only be granted access for specific, authorised purposes and should be supervised. As security could be compromised by allowing members of the public temporary access for enquiry or delivery purposes, separate enquiry, delivery or loading areas should be provided outside secure areas. 4.2 Secure Areas Access Details of locations are to be recorded and checks to be performed to restrict access to secured areas are to be implemented as per this policy. 4.3 Cabling Security Cables carrying data or supporting Information Services also require protection from interception or damage. Cabling within buildings should be protected, by using conduit or by avoiding routes through public areas, and cables between buildings should be underground where possible (or subject to adequate alternative protection). Where cables form part of a loop, consideration should be given to using separate routes in order to reduce loss in the event of damage. Page 6 of 16 9/30/2009

7 4.4 Equipment Maintenance Equipment should be correctly maintained to ensure its continued availability and integrity, a record of all faults or suspected faults should be kept, and servicing should only be performed by authorised personnel. Equipment supporting critical business operations should be protected by an uninterruptible power supply (UPS) and UPS equipment should be regularly tested in accordance with manufacturer s recommendations. 4.5 Secure Disposal or reuse of Equipment All data will need to be completely erased from equipment prior to disposal and all items of equipment containing storage media must be checked to ensure that sensitive data is removed or overwritten prior to disposal. All erased data must be rendered irretrievable (use of standard deletion software may be insufficient as it could be possible to use undelete software to restore the data). If a system, or its permanent storage, is required to be repaired by a third party then the significance of any data held must be considered. Damaged storage devices containing sensitive data may require a risk assessment, to determine if the device should be destroyed, repaired or discarded. Damaged storage devices should remain the property of DIT and should only be removed from site with the permission of the IS Support Manager. 4.6 Removal of Property Equipment containing stored data or software must not be taken off site by employees, unless formal authorisation has been obtained from management, the asset s owner, and the appropriate Information Services Support Manager. Prior to authorisation, consideration should be given to the risks associated with the removal of any of the organisation s information, and the impact these risks might have on business operations. 4.7 Security of Equipment off-premise If equipment is to be used outside DIT s premises, remote users need to abide by the following guidelines: Personal computers should not be used at home for business activities if virus controls are not in place. When traveling, equipment (and media) should not be left unattended in public places. Portable computers should be carried as hand luggage when traveling. Time-out protection should be applied. Portable computers are vulnerable to theft, loss or unauthorised access when traveling. All mobile devices should have an appropriate form of access protection (e.g. passwords or encryption) applied to prevent unauthorised access to their contents. Passwords or other access tokens for access to the organisation s systems should never be stored on mobile devices where they may be stolen and give Page 7 of 16 9/30/2009

8 the thief unauthorised access to information assets. Manufacturer s instructions regarding the protection of equipment should be observed at all times, e.g. to protect against exposure to strong electromagnetic fields. Security risks (e.g. of damage, theft) may vary considerably between locations and this should be taken into account when determining the most appropriate security measures. 4.8 Physical Security Incidents A Physical Security Incident can be described as an issue that affects the physical barriers and control procedures that are implemented to act as preventive measures and countermeasures against threats to resources and sensitive information. If a suspected physical security incident is identified the following actions should be taken: 1. DON T panic overreaction may cause more damage 2. DO report your concerns to the Support Desk (x3123) all reported Incidents will be treated as highly confidential 3. DO provide as much detail as possible when reporting the Incident 4. If the Incident is clearly a significant breach of security, contact the CISO immediately. All such Incidents will then be recorded by the Support Desk and will be assigned to the Incident CoOrdinator if appropriate. For further details on the process of Incident Management, please refer to the DIT Incident and Problem Management process in the detailed DIT IS Organisational Security Policies. Page 8 of 16 9/30/2009

9 5 Access Control The organisation s systems shall be managed by suitably trained and qualified staff to oversee their day to day running and to preserve security and integrity in collaboration with individual system owners. All systems management staff shall be given relevant training in information security issues. Access controls shall be maintained at appropriate levels for all systems by ongoing proactive management and any changes of access permissions must be authorised by the manager of the system or application. A record of access permissions granted must be maintained. Access to all information services shall use a secure log on process and access to the organisation s business systems shall also be limited by time of day or by the location of the initiating terminal or both. Where systems store data classified as Confidential or Strictly Confidential, additional steps must be taken to prevent unauthorised access. These may include encrypting the data, ensuring appropriate separation of duties, logging all attempts to read or access sensitive data, and reviewing log reports to monitor access to this data. Please refer to the acceptable usage policy for staff and students for further details and account eligibility. All access to information services is to be logged and monitored to identify potential misuse of systems or information. Inactive connections to the organisation s business systems shall shut down after a defined period of inactivity to prevent access by unauthorised persons. Password management procedures shall be put into place to ensure the implementation of the requirement of the information security policies and to assist users in complying with best practice guidelines. Please refer to the DIT Password Policy in the more detailed DIT IS Organisational Security Policies for further information on the password policy in operation in DIT. Access to operating system commands is to be restricted to those persons who are authorised to perform systems administration or management functions. Use of such commands should be logged and monitored. The implementation of new or upgraded software must be carefully planned and managed. Formal change control procedures, with audit trails, shall be used for all changes to systems. All changes must be properly tested and authorised before moving to the live environment. Page 9 of 16 9/30/2009

10 Capacity demands of systems supporting business processes shall be monitored and projections of future capacity requirements made to enable adequate processing power, storage and network capacity to be made available. Security event logs, operational audit logs and error logs must be properly reviewed and managed by qualified staff. System clocks must be regularly synchronised using the DIT Time Service. Systems and data must only be accessible via a login account assigned to a specific user, using a secure password. Access to resources must be granted on a need-to-know basis, with user profiles matched to the user s role in the company. 5.1 User access setup and review of user accounts Where new staff or external third parties need access to DIT computing resources, the formal access application channels need to be followed. For further details on obtaining access to DIT resources please refer to: - Staff phone application/amendment form DIT Business Applications Banner - Other software - Active Directory Domain Administrator please refer to the Domain Administrator Application Form in the more detailed DIT IS Organisational Security Policies. ICT Domain User a/c please refer to the Application for Active Directory (ICT Domain) User Account in the more detailed DIT IS Organisational Security Policies. Procedures shall be established for all information systems to ensure that users access rights are adjusted appropriately, and in a timely manner, whenever there is a change in business need, a user changes their role, or a user leaves the organisation. Users access rights will be reviewed at regular intervals. This will ensure that DIT implement robust security controls and identify breaches of access control standards. It is also essential to ensure that the changing role of individuals within the organisation receives commensurate and prompt changes to their access rights. Page 10 of 16 9/30/2009

11 When access levels are to be modified, requested amended requirements should be sent to Information Services. The amended access levels need to be approved by local management before they are amended. When access levels are no longer required, formal notification should be sent from Human Resources to Information Services. Upon receipt of such notification, access levels should be revoked from user. 5.2 Privilege Management Access to all systems must be authorised by the owner of the system and a record must be maintained of such authorizations. This will also including the appropriate access rights or privileges that the user requires. 5.3 Generic User Accounts It is the policy of DIT not to issue generic user accounts. Existing generic user accounts are to be reviewed and discontinued if no named user can be identified. Access to all DIT computing resources will only be granted upon completion of the procedures outlined in the User access setup and review of user accounts section, outlined above When using , users should refer to The following security matters apply to . All users should issue a disclaimer as part of their configuration. Bulk ing and the creation of unauthorised contracts should also be avoided. All mail sent to should be checked frequently by a mail system administrator. Mail systems must be set up so as to prevent relaying from outside the domain to outside the domain except when the incoming connection has been properly authenticated as coming from an authorised user. The Institute should make use of reputable block-listing sites for configuring our mail systems to minimise the amount of spam delivered to the DIT users. Consideration will be given to implementing other techniques such as grey listing or content filtering and the latest anti-spam technologies, including the possibility of outsourcing these functions. All relevant legislation must be considered when scanning the content of s, whether for virus protection or for other reasons, and IS will endeavour to ensure all users are aware of the conditions that their incoming and outgoing s might be monitored. IS are aware that is likely to be mission-critical and will endeavour to take appropriate measures to protect the facility from being completely, or partially, disabled through malicious or accidental action. Page 11 of 16 9/30/2009

12 Please refer to the Home Usage Policy - Webmail and be familiar with the policy on before accessing via DIT Webmail. These details are available in the more detailed DIT IS Organisational Security Policies document. 5.5 File Storage All users should have access to the centrally managed networked file storage. When using this facility, users should refer to It should be appreciated that for most applications the security of files on the server is considered to be adequate. However files held on a networked file storage should never be considered completely secure. For this reason Information Services do not recommend that you hold sensitive information such as exam papers or results on any networked file server. 5.6 Web Pages All users,and sections have the right to publish web pages under the appropriate sub domain of dit.ie. Individual users and managers will be identified and be responsible for content in these areas and the Institute reserves the right to remove access to any material which it deems inappropriate, illegal or offensive. Users should not in any way use web space for commercial purposes. This policy applies to all DIT hosted web sites eg fp6-project-icing.eu approved through the Domain Naming Policy. For further details on this, please refer to Users shall not in any way use web space to publish material which deliberately undermines IT security at the Institute or elsewhere. Users shall not publish any information regarding open accounts, passwords, PINs, illegally obtained software licenses, hacking tools, common security exploits or similar unless there are specific and legitimate reasons to do so. E.g. - in order to demonstrate a problem to enable a fix, or similar. 5.7 Internet Access The campus network is connected to the Internet via HEANET. Information Services operate and maintain a firewall with the aim of protecting the campus network and Computer systems from unauthorized or illegal access or attack from the external environment. For further details on the policies surrounding the use of the Internet, please refer to the HEAnet Acceptable Usage Policy, the DIT Internet Usage Policy and the Declaration of Agreement to Comply with Internet Usage & Remote Access Policies all located in the DIT IS Organisational Security Policies document. 5.8 Campus Network Page 12 of 16 9/30/2009

13 Individuals must seek permission from local support representatives before connecting any machine to the LAN. Information Services may disconnect any unauthorised host from the network without warning if discovered. 5.9 Firewall Security Policy The DIT firewall is a fundamental component in the overall security architecture of DIT. Firewall configuration demands skill from the firewall administrators, requiring a considerable understanding of network protocols and computer security. Improper configuration or mismanagement of the firewall can render a firewall worthless as a security tool. The firewall secures the perimeter of the DIT network. All connections from the Internet to internal DIT address space must first pass through the firewall. A Default Deny policy is in operation on the firewall where the default condition of the firewall is to deny ALL connectivity - from anywhere, to anywhere. Exceptions to the firewall policy must be requested using the Internet Server Service Registration Form available at Outgoing Connections These are connections to machines and services external to DIT from machines within DIT. The policy is default deny. All connections to machines and services external to the DIT from machines within DIT are generally allowed with the exception of Connections which would conflict with other information systems policies. Connections from machines at DIT that are known to be insecure. Any other connections which represent an unnecessary security risk to DIT. Incoming Connections These are connections to machines and services within DIT from machines outside DIT. The policy is default deny. Connections to machines and services within DIT from machines external to DIT will be not be allowed unless they have first been approved by the CISO. Approval will be based on the following criteria The connection is required for DIT business. The connection does not represent an unnecessary security risk to DIT. Page 13 of 16 9/30/2009

14 The connection does not use an insecure protocol where a more secure alternative exists. The connection does not involve unnecessary replication of functionality. The cost of implementing the exception is proportional to the benefit to DIT. For more details on the configuration of the firewall in DIT and the process for approval, please refer to the Firewall policy contained in DIT IS Organisational Security Policies. Page 14 of 16 9/30/2009

15 6 Information Systems Maintenance & Technical Vulnerability Management Patch Management The purpose of this policy is to ensure computer systems attached to the network in DIT are updated accurately and timely with security protection mechanisms (patches) for known vulnerabilities and exploits. These mechanisms are intended to reduce or eliminate the vulnerabilities and exploits with limited impact to the business. All security patches must be applied as soon as possible after their release and a log of the status of all patches will be recorded. A more detailed policy on patch management in DIT is available in the Patch Management Policy in the DIT IS Organisational Security Policies document Remote Access to Systems Remote access is defined as accessing systems from a physically separate network. This may include: Connections direct across the Internet VPN Connections Direct dial connections via approved service providers Other methods Any user with a valid Dublin Institute computer account may access systems as appropriate. Remote access is allowed via secure methods only. Remote connections to any campus IT services are subject to the same rules and regulations, policies and practices just as if they were physically on the campus. VPN facilities are generally provided to IT staff for the purpose of remote systems administration. The preferred approach for suppliers who support applications remotely is via the VPN and occasionally direct through the firewall on a case by case basis. Information Services should provide the only VPN and dial-in service that can be used. All connections via these services will be logged. No other remote access service shall be installed or set up, including single modems connected to servers or workstations. Any active dial-in services found to be in existence will be removed from the network. For further details on the policies surrounding remote access, please refer to the DIT Remote Access Policy and the Declaration of Agreement to Comply with Internet Usage & Remote Access Policies in the detailed DIT IS Organisational Security Policies document. This policy and associated declaration contain details relating to remote access exceptions, remote devices and third party accounts. Page 15 of 16 9/30/2009

16 6.1.3 Anti-Virus Security Information Services will provide means by which all users can download and install current versions of site-licensed virus protection software. Users must ensure that they are running with adequate and up-to-date anti-virus software at all times. If any user suspects viral infection on their machine, a complete virus scan should be performed. If Information Services detect a machine behaving abnormally due to a possible viral infection it will be disconnected from the network until deemed safe. Reconnection will usually be after liaison with the owner or local supporter. In the event of a serious widespread virus attack emergency procedures will be invoked. This will ensure the immediate action by all relevant IT Staff to ensure the security of Institute Informational resources through viral scan and disconnection. For further details on the anti-virus policies and procedures in operation in DIT, please refer to the DIT Ant-Virus Policy in the DIT IS Organisational Security Policies document. This contains information relating to product definition updates, file transfer and service level agreements. Page 16 of 16 9/30/2009

ABERDARE COMMUNITY SCHOOL

ABERDARE COMMUNITY SCHOOL ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

Rotherham CCG Network Security Policy V2.0

Rotherham CCG Network Security Policy V2.0 Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

Central Agency for Information Technology

Central Agency for Information Technology Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage

More information

Network Security Policy

Network Security Policy IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service

More information

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information

More information

University of Aberdeen Information Security Policy

University of Aberdeen Information Security Policy University of Aberdeen Information Security Policy Contents Introduction to Information Security... 1 How can information be protected?... 1 1. Information Security Policy... 3 Subsidiary Policy details:...

More information

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by: Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette

More information

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,

More information

Policy Document. Communications and Operation Management Policy

Policy Document. Communications and Operation Management Policy Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author

More information

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

Information Security Policy

Information Security Policy Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems

More information

Mike Casey Director of IT

Mike Casey Director of IT Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact

More information

Information Security Policies. Version 6.1

Information Security Policies. Version 6.1 Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date

More information

ULH-IM&T-ISP06. Information Governance Board

ULH-IM&T-ISP06. Information Governance Board Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Version: 0.2 Committee Approved by: Audit Committee Date Approved: 15 th January 2014 Author: Responsible Directorate Information Governance & Security Officer, The Health Informatics

More information

Information Security Management. Audit Check List

Information Security Management. Audit Check List Information Security Management BS 7799.2:2002 Audit Check List for SANS Author: Val Thiagarajan B.E., M.Comp, CCSE, MCSE, SPS (FW), IT Security Consultant. Approved by: Algis Kibirkstis Owner: SANS Extracts

More information

Version 1.0. Ratified By

Version 1.0. Ratified By ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience

More information

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen ICT Policy THCCGIT20 Version: 01 Executive Summary This document defines the Network Infrastructure and File Server Security Policy for Tower Hamlets Clinical Commissioning Group (CCG). The Network Infrastructure

More information

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security

More information

INFORMATION GOVERNANCE POLICY: NETWORK SECURITY

INFORMATION GOVERNANCE POLICY: NETWORK SECURITY INFORMATION GOVERNANCE POLICY: NETWORK SECURITY Original Approved by: Policy and Procedure Ratification Sub-group on 23 October 2007 Version 1.2 Approved by: Information Governance Group Approval Date:

More information

Incident Response Plan for PCI-DSS Compliance

Incident Response Plan for PCI-DSS Compliance Incident Response Plan for PCI-DSS Compliance City of Monroe, Georgia Information Technology Division Finance Department I. Policy The City of Monroe Information Technology Administrator is responsible

More information

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction NHSnet : PORTABLE COMPUTER SECURITY POLICY 9.2 Introduction This document comprises the IT Security policy for Portable Computer systems as described below. For the sake of this document Portable Computers

More information

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

Guidelines for smart phones, tablets and other mobile devices

Guidelines for smart phones, tablets and other mobile devices Guidelines for smart phones, tablets and other mobile devices Summary Smart phones, tablets and other similar mobile devices are being used increasingly both privately and in organisations. Another emerging

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

Technical Standards for Information Security Measures for the Central Government Computer Systems

Technical Standards for Information Security Measures for the Central Government Computer Systems Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...

More information

Network Security Policy

Network Security Policy Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus

More information

COMMERCIALISM INTEGRITY STEWARDSHIP. Remote Access and Mobile Working Policy & Guidance

COMMERCIALISM INTEGRITY STEWARDSHIP. Remote Access and Mobile Working Policy & Guidance Remote Access and Mobile Working Policy & Guidance Document Control Document Details Author Adrian Last Company Name The Crown Estate Division Name Information Services Document Name Remote Access and

More information

Estate Agents Authority

Estate Agents Authority INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in

More information

1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...

1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network... Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless

More information

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS Policy: Title: Status: ISP-S9 Use of Computers Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1. Introduction 1.1. This information security policy document contains high-level

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

Information Resources Security Guidelines

Information Resources Security Guidelines Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive

More information

Network Security Policy

Network Security Policy Department / Service: IM&T Originator: Ian McGregor Deputy Director of ICT Accountable Director: Jonathan Rex Interim Director of ICT Approved by: County and Organisation IG Steering Groups and their relevant

More information

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...

More information

REMOTE WORKING POLICY

REMOTE WORKING POLICY Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014 Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document

More information

Data Access Request Service

Data Access Request Service Data Access Request Service Guidance Notes on Security Version: 4.0 Date: 01/04/2015 1 Copyright 2014, Health and Social Care Information Centre. Introduction This security guidance is for organisations

More information

DMA Information Security Management Requirements January 2012. DMA Standard: produced for the protection of electronic information.

DMA Information Security Management Requirements January 2012. DMA Standard: produced for the protection of electronic information. January 2012 DMA Standard: produced for the protection of electronic information. INTRODUCTION Information within an organisation can take many paths and can be used for many varied purposes. This data

More information

Cyber Self Assessment

Cyber Self Assessment Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

More information

Network Security Policy

Network Security Policy Network Security Policy Policy Contents I. POLICY STATEMENT II. REASON FOR POLICY III. SCOPE IV. AUDIENCE V. POLICY TEXT VI. PROCEDURES VII. RELATED INFORMATION VIII. DEFINITIONS IX. FREQUENTLY ASKED QUESTIONS

More information

Access Control Policy

Access Control Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you

More information

PCI DSS Requirements - Security Controls and Processes

PCI DSS Requirements - Security Controls and Processes 1. Build and maintain a secure network 1.1 Establish firewall and router configuration standards that formalize testing whenever configurations change; that identify all connections to cardholder data

More information

ISO IEC 27002 2005 (17799 2005) INFORMATION SECURITY AUDIT TOOL

ISO IEC 27002 2005 (17799 2005) INFORMATION SECURITY AUDIT TOOL 9.1 USE SECURITY AREAS TO PROTECT FACILITIES 1 GOAL Do you use physical methods to prevent unauthorized access to your organization s information and premises? 2 GOAL Do you use physical methods to prevent

More information

SUPPLIER SECURITY STANDARD

SUPPLIER SECURITY STANDARD SUPPLIER SECURITY STANDARD OWNER: LEVEL 3 COMMUNICATIONS AUTHOR: LEVEL 3 GLOBAL SECURITY AUTHORIZER: DALE DREW, CSO CURRENT RELEASE: 12/09/2014 Purpose: The purpose of this Level 3 Supplier Security Standard

More information

28400 POLICY IT SECURITY MANAGEMENT

28400 POLICY IT SECURITY MANAGEMENT Version: 2.2 Last Updated: 30/01/14 Review Date: 27/01/17 ECHR Potential Equality Impact Assessment: Low 1. About This Policy 1.1. The objective of this policy is to provide direction and support for IT

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014 Tenth Judicial Circuit of Florida Information Systems Acceptable Use s Polk, Hardee and Highlands Counties as of January 2014 The following guidelines define the acceptable use of information technology

More information

Use of Exchange Mail and Diary Service Code of Practice

Use of Exchange Mail and Diary Service Code of Practice Use of Exchange Mail and Diary Service Code of Practice Introduction This code of practice outlines the support mechanisms in place for the security of the Exchange mail and diary service. References are

More information

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose... IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This

More information

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University

More information

INFORMATION SECURITY PROCEDURES

INFORMATION SECURITY PROCEDURES INFORMATION AN INFORMATION SECURITY PROCEURES Parent Policy Title Information Security Policy Associated ocuments Use of Computer Facilities Statute 2009 Risk Management Policy Risk Management Procedures

More information

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING 6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING The following is a general checklist for the audit of Network Administration and Security. Sl.no Checklist Process 1. Is there an Information

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October

More information

NETWORK SECURITY GUIDELINES

NETWORK SECURITY GUIDELINES NETWORK SECURITY GUIDELINES VIRUS PROTECTION STANDARDS All networked computers and networked laptop computers are protected by GST BOCES or district standard anti-virus protection software. The anti-virus

More information

Central Texas College District Human Resource Management Operating Policies and Procedures Manual Policy No. 294: Computer Security Policy

Central Texas College District Human Resource Management Operating Policies and Procedures Manual Policy No. 294: Computer Security Policy Central Texas College District Human Resource Management Operating Policies and Procedures Manual Policy No. 294: Computer Security Policy I. PURPOSE To identify the requirements needed to comply with

More information

University of Northern Colorado. Data Security Policy for Research Projects

University of Northern Colorado. Data Security Policy for Research Projects University of Northern Colorado Data Security Policy for Research Projects Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope... 1 4.0 Definitions, Roles, and Requirements... 1 5.0 Sources of Data...

More information

IT Security Standard: Remote Access to Bellevue College Systems

IT Security Standard: Remote Access to Bellevue College Systems IT Security Standard: Remote Access to Bellevue College Systems Introduction This standard defines the specific requirements for implementing Bellevue College policy # 5250: Information Technology (IT)

More information

Policy Document. IT Infrastructure Security Policy

Policy Document. IT Infrastructure Security Policy Policy Document IT Infrastructure Security Policy [23/08/2011] Page 1 of 10 Document Control Organisation Redditch Borough Council Title IT Infrastructure Security Policy Author Mark Hanwell Filename IT

More information

Physical Security Policy

Physical Security Policy Physical Security Policy Author: Policy & Strategy Team Version: 0.8 Date: January 2008 Version 0.8 Page 1 of 7 Document Control Information Document ID Document title Sefton Council Physical Security

More information

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy

More information

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION Information security is a critical issue for institutions of higher education (IHE). IHE face issues of risk, liability, business continuity,

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

Working Together Aiming High!

Working Together Aiming High! Poplar Street Primary School ICT Security and Acceptable Use Policy E-Safety policy 2013/14 Working Together Aiming High! 1 Contents 1. Introduction... 3 2. Policy Objectives... 3 3. Application... 3 4.

More information

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version

More information

A Guide to Information Technology Security in Trinity College Dublin

A Guide to Information Technology Security in Trinity College Dublin A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2

More information

SERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0

SERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0 SERVER, DESKTOP AND PORTABLE SECURITY September 2014 Version 3.0 Western Health and Social Care Trust Page 1 of 6 Server, Desktop and Portable Policy Title SERVER, DESKTOP AND PORTABLE SECURITY POLICY

More information

Data Security Incident Response Plan. [Insert Organization Name]

Data Security Incident Response Plan. [Insert Organization Name] Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security

More information

TELEFÓNICA UK LTD. Introduction to Security Policy

TELEFÓNICA UK LTD. Introduction to Security Policy TELEFÓNICA UK LTD Introduction to Security Policy Page 1 of 7 CHANGE HISTORY Version No Date Details Authors/Editor 7.0 1/11/14 Annual review including change control added. Julian Jeffery 8.0 1/11/15

More information

Wellesley College Written Information Security Program

Wellesley College Written Information Security Program Wellesley College Written Information Security Program Introduction and Purpose Wellesley College developed this Written Information Security Program (the Program ) to protect Personal Information, as

More information

ELECTRONIC INFORMATION SECURITY A.R.

ELECTRONIC INFORMATION SECURITY A.R. A.R. Number: 2.6 Effective Date: 2/1/2009 Page: 1 of 7 I. PURPOSE In recognition of the critical role that electronic information systems play in City of Richmond (COR) business activities, this policy

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet

More information

Use of The Information Services Active Directory Service (AD) Code of Practice

Use of The Information Services Active Directory Service (AD) Code of Practice Use of The Information Services Active Directory Service (AD) Code of Practice Introduction This code of practice is intended to support the Information Security Policy of the University and should be

More information

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for

More information

Network & Information Security Policy

Network & Information Security Policy Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk

More information

Document Type Doc ID Status Version Page/Pages. Policy LDMS_001_00161706 Effective 2.0 1 of 7 Title: Corporate Information Technology Usage Policy

Document Type Doc ID Status Version Page/Pages. Policy LDMS_001_00161706 Effective 2.0 1 of 7 Title: Corporate Information Technology Usage Policy Policy LDMS_001_00161706 Effective 2.0 1 of 7 AstraZeneca Owner Smoley, David Authors Buckwalter, Peter (MedImmune) Approvals Approval Reason Approver Date Reviewer Approval Buckwalter, Peter (MedImmune)

More information

Standard Information Communications Technology. Multifunction Device. January 2013 Version 2.2. Department of Corporate and Information Services

Standard Information Communications Technology. Multifunction Device. January 2013 Version 2.2. Department of Corporate and Information Services Standard Information Communications Technology January 2013 Version 2.2 Corporate and Information Services Document details Document Title Contact details File name Version 2.2 Date issued January 2013

More information

Data Network Security Policy

Data Network Security Policy Authors: Mike Smith Rod Makosch Network Manager Data Security Officer IM&T IM&T Version No : 1 Approval Date: March 2005 Approved by : John Aird Director of IM&T Review Date : 1 April 2006 Trust Ref: C7/2005

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

Information Technology Policy and Procedures

Information Technology Policy and Procedures Information Technology Policy and Procedures Responsible Officer Author Ben Bennett, Business Planning & Resources Director Policy Development Group Date effective from April 2005 Date last amended February

More information

Ixion Group Policy & Procedure. Remote Working

Ixion Group Policy & Procedure. Remote Working Ixion Group Policy & Procedure Remote Working Policy Statement The Ixion Group (Ixion) provide laptops and other mobile technology to employees who have a business requirement to work away from Ixion premises

More information

How to Practice Safely in an era of Cybercrime and Privacy Fears

How to Practice Safely in an era of Cybercrime and Privacy Fears How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,

More information

Information Technology Branch Access Control Technical Standard

Information Technology Branch Access Control Technical Standard Information Technology Branch Access Control Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 5 November 20, 2014 Approved: Date: November 20,

More information