COMPUTER NETWORK SECURITY
|
|
- Bruno Smith
- 7 years ago
- Views:
Transcription
1 COMPUTER NETWORK SECURITY Final Distribution IT Service Delivery Manager (Mouchel) Corporate Director Strategy, Governance & Performance Partnership Delivery Manager (Mouchel) Lynda Baker Audit Manager Rick Allen IT Auditor JULY 2009
2 MKC INTERNAL AUDIT SERVICE COMPUTER NETWORK SECURITY EXECUTIVE SUMMARY 1 INTRODUCTION 1.1 Background As part of the Internal ICT Audit programme for the financial year 2008/09, an audit review has been performed on Computer Network Security. The review has focussed upon the key controls in place to ensure the secure provision of computer network services to the business. The network comprises primarily of computer hardware and software in the form of cabling and network communications equipment, as well as the Microsoft Windows network operating system software. Computer networked services provide the platform on which to install and use IT systems such as the revenues and benefits system, and to access the Internet for and web browsing. The network is an essential part of the fabric of the communications strategy and the absence of the network would severely hinder the ability to provide essential services to the local population. The security of the network is therefore essential to the effective day-to-day operation of the Council. 1.2 Objectives and Scope The objectives of the audit were to ensure that: a) Controls have been established in relation to the provision of computer network services, including firewall software/hardware. b) Security controls are in place for the system, including content filtering. c) Security controls are in place for anti-virus protection covering laptops, PCs, and servers. Key: 1=Poor, 3=Good 2 AUDIT OPINION Satisfactory - Controls are considered adequate with some areas of weakness that are not major risk areas. AUDIT REPORT E561/09/HW 1 JULY 2009
3 MKC INTERNAL AUDIT SERVICE COMPUTER NETWORK SECURITY 3 CONCLUSIONS 3.1 Anti virus software has been installed and is maintained on Authority IT equipment in accordance with standards and accords with good practice, as reflected by the findings within the management action plan of this report. 3.2 Five areas of weakness within existing controls have been identified where audit recommendations could further reduce risks to the organisation. A summary of the two areas of weakness that carry an important risk weighting are as follows: weaknesses in the computer network access control process have been identified relating to starters, leavers and access roles/profiles risk of unauthorised access; and policy, processes and procedures governing the secure transfer of data beyond the physical boundaries of Council premises and the computer network have not been formally defined and implemented risk of breach of legislation and regulations. 4 WAY FORWARD 4.1 All recommendations are in the Management Action Plan (Page 4). 4.2 Two recommendations made in this report carry an Important weighting indicating that implementation is required within a short period of time to address weaknesses that seriously undermine the control of the network. Three other recommendations carry a standard weighting indicating that management need to take recommended action within a reasonable period to address the issues identified for control improvements. AUDIT REPORT E561/09/HW 2 JULY 2009
4 MKC INTERNAL AUDIT SERVICE COMPUTER NETWORK SECURITY 5 GOOD INTERNAL CONTROLS FINDINGS SUMMARY The following areas were tested and confirmed as having good internal controls with no problems to report: Content Filtering against Security Policy The GFI Mail Essentials v12 and GFI Mail Secure v8.1 software solutions have been implemented to filter and block inappropriate content and a legal disclaimer is automatically appended to all s sent from the Council. 5.2 Protection against Malicious Software Anti-virus computer software has been installed and is maintained on all Authority IT equipment and all users are advised when a significant virus risk is identified. 5.3 Control over Installation of Computer Software Desktop PC computers have been restricted to ensure users of the equipment cannot install software onto the systems without prior authorisation from management. Any additional software to be installed is actioned through the ICT Change Management process that includes the submission of a formal change request with the business justification and must gain management approval before an engineer will complete the installation. AUDIT REPORT E561/09/HW 3 JULY 2009
5 MKC INTERNAL AUDIT SERVICE COMPUTER NETWORK SECURITY MANAGEMENT ACTION PLAN The recommendations are categorised on the following basis: Essential - Implementation is required with immediate effect to address a weakness that fundamentally undermines the control of that system. Important - Implementation is required within a short period of time to address weaknesses that seriously undermine the control of that system. Standard - Management need to take recommended action within a reasonable period to address weaknesses that may undermine system control. Ref Findings Risk/ Implication Recommendation Management Comments Manager Responsible & Target Date 1. Network Access Control The following issues have been identified that present a risk of unauthorised access to the computer network: a) The officer authorising a Network Access Authorisation Form is not checked and verified against a list of approved officers. b) Managers do not always inform the IT department if an officer leaves the Council and this could result in such access being un-restricted for several months. c) Network access roles of officers transferring jobs within Council are not updated on a timely basis. Note: when a new starter begins they are allocated similar access to someone else in their team (who may not have an accurate profile). Unauthorised access to the computer network could be used to gain access to systems that store and process sensitive/critical data that could result in malicious damage and unplanned costs being incurred as a result of a breach in security. Important A review of computer network access controls should be performed. The review should feed into the production of an identity management strategy that could include the possibility of joint working between HR and IT for the addition/update/removal user access to the network and key systems. A review of computer network access controls has been performed and a project is current underway to implement a new system to increase the overall level of control. The system is due to be trialled during July 2009 and will be rolled out thereafter if successful. 31/8/09 2. Security of Data in Transit The IT User Security Policy does not make provision for the transmission of confidential data. No policy on the encryption for the transmission of confidential data exists. Breach of legislation and regulations governing security of data that could result in Important Council policy should be updated to address the security of data transferred beyond the physical boundaries of the The IT & Telecommunications User Security Policy has been updated to include section Implemented AUDIT REPORT E561/09/HW 4 JULY 2009
6 MKC INTERNAL AUDIT SERVICE COMPUTER NETWORK SECURITY Ref Findings Risk/ Implication Recommendation Management Comments Manager Responsible & Target Date damage to the reputation of the Council and significant costs incurred as a result of fines and remedial action to address any breaches in data security. Council and the computer network specifically detailing Special Care with Council Data and use of memory sticks and other portable/ exchangeable media. 3. Network Security Incident Management No evidence could be provided of a formal process for reporting, investigating and resolution of network security incidents. Uncoordinated and inconsistent approach to security incident management resulting in poor use of resources and failure to take appropriate action. Standard A network security incident management process and procedures should be established and formally approved by management. A formal security incident management process has been established as part of the requirements for ensuring compliance with the GCSx code of connection. Implemented 4. Network Infrastructure Technical Security The following issues have been identified in relation to the technical security configurations of network devices and the firewall that present a risk of unauthorised access to the computer network: a) No explicit rules govern the connection of computer equipment to the network (e.g. the use of MAC address filtering). b) Network communications switches allow the connection of any IT hardware devices. No routine checks are performed to detect if there are any unauthorised attachments to the network. c) Access to the device configuration menus Weaknesses in technical security configuration and control increase the risk of unauthorised access to the network and abuse of services. Standard A review of technical security configurations and controls should be performed to address the following areas: a) Firewall excessive network traffic detection. b) Switches - rules to govern the connection of equipment to the network. c) Routers - investigate audit trails in relation to generic logon access. d) Documentation implement a formal process A review of technical security configurations and controls has been performed as part of the requirements for GCSx Code of Connection. The Authority is now protected by two firewall devices. ICT now have three quotes from third party organisations to perform a network security penetration test and will be selecting a preferred Implemented. AUDIT REPORT E561/09/HW 5 JULY 2009
7 MKC INTERNAL AUDIT SERVICE COMPUTER NETWORK SECURITY Ref Findings Risk/ Implication Recommendation Management Comments Manager Responsible & Target Date for network routers is gained via a generic logon which all administrators use. d) The firewall has not been configured to detect excessive network traffic from any one particular source (DoS Attack). e) A formal process for documenting the topology of the computer network has not been established. f) An external security test of computer network security, also known as a penetration test, has not been performed since the previous network security audit (August 2004). for documenting the network topology. e) Penetration Test obtain costs and schedule an external security test of network security. supplier during July Telecomms Security Policy The Telecomms Security Policy states that it will be updated every 12 months. The last review and update was performed in February 2007 and is therefore overdue. It is acknowledged that the Policy was under review at the time of the audit however an up to date version has not yet been issued. Misinterpretation or confusion over the correct meaning of instructions and failure to comply with Council policy. Standard The review of the Telecomms Security Policy should be concluded and the revised Policy issued as soon as practicable. The IT and Telecommunications User Security Policy has now been updated and is published on the Intranet for users to view. Implemented NB Any cost implications arising from implementation of the recommendations by Mouchel must be agreed in advance with the appropriate Client Officer and the Partnership Delivery Manager AUDIT REPORT E561/09/HW 6 JULY 2009
Information Security Incident Management Policy
Information Security Incident Management Policy Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT Policy & Regulation
More informationSECURITY POLICY REMOTE WORKING
ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY REMOTE WORKING Introduction This policy defines the security rules and responsibilities that apply when doing Council work outside of Council offices
More informationSERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0
SERVER, DESKTOP AND PORTABLE SECURITY September 2014 Version 3.0 Western Health and Social Care Trust Page 1 of 6 Server, Desktop and Portable Policy Title SERVER, DESKTOP AND PORTABLE SECURITY POLICY
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationAppendix 1c. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF NETWORK/INTERNET SECURITY
Appendix 1c DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF NETWORK/INTERNET SECURITY DISTRIBUTION LIST Audit Team Prakash Gohil, Audit Manager Steven Snaith, Risk
More informationVersion: 2.0. Effective From: 28/11/2014
Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director
More informationABERDARE COMMUNITY SCHOOL
ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been
More informationMike Casey Director of IT
Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationULH-IM&T-ISP06. Information Governance Board
Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible
More informationICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen
ICT Policy THCCGIT20 Version: 01 Executive Summary This document defines the Network Infrastructure and File Server Security Policy for Tower Hamlets Clinical Commissioning Group (CCG). The Network Infrastructure
More information4. The Importance of Internet Use in the Primary Curriculum
Policy Contents 1. Introduction 2. Disability 3. Writing and Reviewing the e-safety Policy 4. The Importance of Internet Use in the Primary Curriculum 5. The Benefits of Using the Internet in Education
More informationCCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY
CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationELECTRONIC MAIL (E-MAIL) September 2014. Version 3.1
ELECTRONIC MAIL (E-MAIL) September 2014 Version 3.1 Western Health and Social Care Trust Page 0 of 6 E-mail Policy V3.1 Policy Title ELECTRONIC MAIL (E-MAIL) POLICY Policy Reference Number CORP09/006 Original
More informationICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation
ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette
More informationIM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers
IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version
More informationBennerley Fields School. Technical Security Policy
Bennerley Fields School Technical Security Policy (including filtering and passwords) Agreed by Computing and e-safety Committee on: 11 th Dec 2014 Approved by Governors on:16 th December 2014 Introduction
More informationIT control environment Caerphilly County Borough Council
Audit 2008/2009 November 2009 Author: PricewaterhouseCoopers LLP Ref: C09366 IT control environment Caerphilly County Borough Council We found the overall IT control environment at Caerphilly County Borough
More informationSOUTH NORTHAMPTONSHIRE COUNCIL 10/11 REMOTE WORKING FINAL REPORT MARCH 2011
SOUTH NORTHAMPTONSHIRE COUNCIL 10/11 REMOTE WORKING FINAL REPORT MARCH 2011 This report and the work connected therewith are subject to the Terms and Conditions of the contract dated 18/06/07 between South
More informationNHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction
NHSnet : PORTABLE COMPUTER SECURITY POLICY 9.2 Introduction This document comprises the IT Security policy for Portable Computer systems as described below. For the sake of this document Portable Computers
More informationREVIEW OF THE FIREWALL ARRANGEMENTS
WEST DORSET DISTRICT COUNCIL REVIEW OF THE FIREWALL ARRANGEMENTS Report issued: December 2007 The matters raised in this report are only those, which came to the attention of the auditor during the course
More informationHow To Audit Health And Care Professions Council Security Arrangements
Audit Committee 28 Internal audit report ICT Security Executive summary and recommendations Introduction Mazars has undertaken a review of ICT Security controls, in accordance with the internal audit plan
More informationAGENDA ITEM: SUMMARY. Author/Responsible Officer: John Worts, ICT Team Leader
AGENDA ITEM: SUMMARY Report for: Committee Date of meeting: 30 May 2012 PART: 1 If Part II, reason: Title of report: Contact: Purpose of report: Recommendations Corporate objectives: Implications: INFORMATION
More informationIslington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014
Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document
More informationICANWK406A Install, configure and test network security
ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Rev Date Purpose of Issue/ Description of Change Equality Impact Assessment Completed 1. June 2011 Initial Issue 2. 29 th March 2012 Second Version 3. 15 th April 2013 Third
More informationDene Community School of Technology Staff Acceptable Use Policy
Policy Overview Dene Community School of Technology The school provides computers for use by staff as an important tool for teaching, learning, and administration of the school. Use of school computers,
More informationLSE PCI-DSS Cardholder Data Environments Information Security Policy
LSE PCI-DSS Cardholder Data Environments Information Security Policy Written By: Jethro Perkins, Information Security Manager Reviewed By: Ali Lindsley, PCI-DSS Project Manager Endorsed By: PCI DSS project
More informationRulebook on Information Security Incident Management General Provisions Article 1
Pursuant to Article 38 of the Law on State Administration (Official Gazette of the Republic of Montenegro 38/03 from 27 June 2003, 22/08 from 02 April 2008, 42/11 from 15 August 2011), The Ministry for
More informationAcceptable Use of ICT Policy. Staff Policy
Acceptable Use of ICT Policy Staff Policy Contents INTRODUCTION 3 1. ACCESS 3 2. E-SAFETY 4 3. COMPUTER SECURITY 4 4. INAPPROPRIATE BEHAVIOUR 5 5. MONITORING 6 6. BEST PRACTICE 6 7. DATA PROTECTION 7 8.
More informationHang Seng HSBCnet Security. May 2016
Hang Seng HSBCnet Security May 2016 1 Security The Bank aims to provide you with a robust, reliable and secure online environment in which to do business. We seek to achieve this through the adoption of
More informationFour Top Emagined Security Services
Four Top Emagined Security Services. www.emagined.com Emagined Security offers a variety of Security Services designed to support growing security needs. This brochure highlights four key Emagined Security
More informationJOB DESCRIPTION. Director of e-learning. Strathalbyn and Murray Bridge PURPOSE OF THE POSITION
JOB DESCRIPTION Title ICT Officer Career Group ICT Classification Level 5.1 (18-20) Line Manager Director of e-learning Sub-school / Location Strathalbyn and Murray Bridge Reporting to Director of e-learning
More informationLAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY
LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationHuman Resources Policy documents. Data Protection Policy
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
More informationMaruleng Local Municipality
Maruleng Local Municipality. 22 November 2011 1 Version Control Version Date Author(s) Details 1.1 23/03/2012 Masilo Modiba New Policy 2 Contents ICT Firewall Policy 1 Version Control.2 1. Introduction.....4
More informationHighland Council Information Security Policy
Highland Council Information Security Policy Document Owner: Vicki Nairn, Head of Digital Transformation Page 1 of 16 Contents 1. Document Control... 4 Version History... 4 Document Authors... 4 Distribution...
More informationCPIx - IT ASSESSMENT FORM
CPIx - IT ASSESSMENT FORM Part 1 - General Information and Company Policies on Information Exchange Part 1 of this questionnaire covers general policy issues on the exchange of electronic information within
More informationIBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing
IBM Global Technology Services Statement of Work for IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing The information in this Statement of Work may not be disclosed
More information1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...
Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless
More informationCorporate Information Security Management Policy
Corporate Information Security Management Policy Signed: Chief Executive. 1. Definition of Information Security 1.1. Information security means safeguarding information from unauthorised access or modification
More informationInternet Acceptable Use Policy A council-wide information management policy. Version 1.5 June 2014
Internet Acceptable Use Policy A council-wide information management policy Version 1.5 June 2014 Copyright Notification Copyright London Borough of Islington 20134This document is distributed under the
More informationInformation Security Incident Management Policy and Procedure. CONTROL SHEET FOR Information Security Incident Management Policy
Bolsover District Council North East Derbyshire District Council & Rykneld Homes Ltd Information Security Incident Management Policy September 2013 Version 1.0 Page 1 of 13 CONTROL SHEET FOR Information
More informationCentral Bedfordshire Council. IT Acceptable Use Policy. Version 1.7 January 2016 Not Protected. Not Protected Page 1 of 11
Central Bedfordshire Council IT Acceptable Use Policy Version 1.7 January 2016 Not Protected Not Protected Page 1 of 11 Policy Approval Central Bedfordshire Council acknowledges that information is a valuable
More informationCOVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name
COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name Introduction Removable Media and Mobile Device Policy Removable media and mobile devices are increasingly used to enable information access
More informationPolicy on Connection to the University Network
Policy on Connection to the University Network Revision History Version Date Changes 0.1 01/12/04 David Conway 0.2 02/12/04 David Conway 0.3 19/01/05 David Conway 0.4 21/01/05 David Conway 1.0 07/03/05
More informationHow To Protect School Data From Harm
43: DATA SECURITY POLICY DATE OF POLICY: FEBRUARY 2013 STAFF RESPONSIBLE: HEAD/DEPUTY HEAD STATUS: STATUTORY LEGISLATION: THE DATA PROTECTION ACT 1998 REVIEWED BY GOVERNING BODY: FEBRUARY 2013 EDITED:
More informationData Network Security Policy
Authors: Mike Smith Rod Makosch Network Manager Data Security Officer IM&T IM&T Version No : 1 Approval Date: March 2005 Approved by : John Aird Director of IM&T Review Date : 1 April 2006 Trust Ref: C7/2005
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationInternal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority
Internal Audit Progress Report (19 th August 2015) Contents 1. Introduction 2. Key Messages for Committee Attention 3. Work in progress Appendix A: Risk Classification and Assurance Levels Appendix B:
More informationHUMAN RESOURCES POLICIES & PROCEDURES
HUMAN RESOURCES POLICIES & PROCEDURES Policy title Application IT systems and social networking policy All employees and students CONTENTS PAGE Introduction and scope 2 General points 2 Authorisation to
More informationPerformance Audit E-Service Systems Security
Performance Audit E-Service Systems Security October 2009 City Auditor s Office City of Kansas City, Missouri 15-2008 October 21, 2009 Honorable Mayor and Members of the City Council: This performance
More informationPhysical Security Policy
Physical Security Policy Author: Policy & Strategy Team Version: 0.8 Date: January 2008 Version 0.8 Page 1 of 7 Document Control Information Document ID Document title Sefton Council Physical Security
More informationSTRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction
Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,
More informationAberdeen City Council IT Security (Network and perimeter)
Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary
More informationInformation Security Incident Management Policy and Procedure
Information Security Incident Management Policy and Procedure Version Final 1.0 Document Control Organisation Title Author Filename Owner Subject Protective Marking North Dorset District Council IT Infrastructure
More informationIT Data Security Policy
IT Data Security Policy Contents 1. Purpose...2 2. Scope...2 3. Policy...2 Access to the University computer network... 3 Security of computer network... 3 Data backup... 3 Secure destruction of data...
More informationICTTEN5204A Produce technical solutions from business specifications
ICTTEN5204A Produce technical solutions from business specifications Release: 1 ICTTEN5204A Produce technical solutions from business specifications Modification History Not Applicable Unit Descriptor
More informationICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationRotherham CCG Network Security Policy V2.0
Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October
More informationU06 IT Infrastructure Policy
Dartmoor National Park Authority U06 IT Infrastructure Policy June 2010 This document is copyright to Dartmoor National Park Authority and should not be used or adapted for any purpose without the agreement
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More information2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy
Version History Author Approved Committee Version Status date Eddie Jefferson 09/15/2009 Full Governing 1.0 Final Version Body Eddie Jefferson 18/08/2012 Full Governing Body 2.0 Emended due to the change
More informationWest Lothian College. E-Mail and Computer Network Responsible Use Policy. September 2011
West Lothian College E-Mail and Computer Network Responsible Use Policy September 2011 Author: Steve Williams Date: September 2011 Agreed: Computer Network & Email Policy September 2011 E-Mail and Computer
More informationDacorum Borough Council Final Internal Audit Report
Dacorum Borough Council Final Internal Audit Report ICT Change Management Distribution list: Chris Gordon Group Manager Neil Telkman - Information, Security and Standards Officer Gary Osler ICT Service
More informationService Children s Education
Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and
More informationICT POLICY AND PROCEDURE
ICT POLICY AND PROCEDURE POLICY STATEMENT St Michael s College regards the integrity of its computer resources, including hardware, databases and software, as central to the needs and success of our day-to-day
More informationWest Highland College. Internal Audit 2014/15 Annual Report August 2015
Internal Audit 2014/15 Annual Report August 2015 TABLE OF CONTENTS Section Page 1. Introduction 3 2. Executive Summary 4 5 3. Audit Findings 6 11 4. Benchmarking 12 5. Key Performance Indicators 13 Appendices
More informationInformation Security Policy
Information Security Policy Last updated By A. Whillance/ Q. North/ T. Hanson On April 2015 This document and other Information Services documents are held online on our website: https://staff.brighton.ac.uk/is
More informationREMOTE WORKING POLICY
Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance
More informationBetter secure IT equipment and systems
Chapter 5 Central Services Data Centre Security 1.0 MAIN POINTS The Ministry of Central Services, through its Information Technology Division (ITD), provides information technology (IT) services to government
More informationUniversity of Kent Information Services Information Technology Security Policy
University of Kent Information Services Information Technology Security Policy IS/07-08/104 (A) 1. General The University IT Security Policy (the Policy) shall be approved by the Information Systems Committee
More informationInformation Security Policies. Version 6.1
Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access
More informationJOB DESCRIPTION CONTRACTUAL POSITION
Ref #: IT/P /01 JOB DESCRIPTION CONTRACTUAL POSITION JOB TITLE: INFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) SECURITY SPECIALIST JOB SUMMARY: The incumbent is required to provide specialized technical
More informationICT Security. High-Quality Information and Know How Protection. Design and implementation of security. Covering almost all of ICT security
ICT High-Quality Information and Know How Protection Design and implementation of security solutions optimised to meet the client s needs Implementing state-of-the-art hardware and software security products
More informationSWGfL E-Safety School Template Policies
Ravensmead School Technical Security Policy Introduction Effective technical security depends not only on technical measures, but also on appropriate policies and procedures and on good user education
More informationPortable Devices and Removable Media Acceptable Use Policy v1.0
Portable Devices and Removable Media Acceptable Use Policy v1.0 Organisation Title Creator Oxford Brookes University Portable Devices and Removable Media Acceptable Use Policy Information Security Working
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationInformation Security Policy
Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems
More informationRemote Access and Home Working Policy London Borough of Barnet
Remote Access and Home Working Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Remote Access and Home Working Policy Document Description This policy applies to home and
More informationT141 Computer Systems Technician MTCU Code 50505 Program Learning Outcomes
T141 Computer Systems Technician MTCU Code 50505 Program Learning Outcomes Synopsis of the Vocational Learning Outcomes * The graduate has reliably demonstrated the ability to 1. analyze and resolve information
More informationUniversity of Brighton School and Departmental Information Security Policy
University of Brighton School and Departmental Information Security Policy This Policy establishes and states the minimum standards expected. These policies define The University of Brighton business objectives
More informationDBC 999 Incident Reporting Procedure
DBC 999 Incident Reporting Procedure Signed: Chief Executive Introduction This procedure is intended to identify the actions to be taken in the event of a security incident or breach, and the persons responsible
More informationVersion 1.0. Ratified By
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience
More informationAberdeen City Council IT Asset Management
Aberdeen City Council IT Asset Management Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates
More informationPATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region
PATCH MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationRemote Access and Network Security Statement For Apple
Remote Access and Mobile Working Policy & Guidance Document Control Document Details Author Adrian Last Company Name The Crown Estate Division Name Information Services Document Name Remote Access and
More informationInformation Security Policy. Chapter 10. Information Security Incident Management Policy
Information Security Policy Chapter 10 Information Security Incident Management Policy Author: Policy & Strategy Team Version: 0.4 Date: December 2007 Version 0.4 Page 1 of 6 Document Control Information
More informationMANAGEMENT OF USER ACCOUNTS AND PASSWORD POLICY AUGUST 2011. Version 2.0
MANAGEMENT OF USER ACCOUNTS AND PASSWORD POLICY AUGUST 2011 Version 2.0 Western Health and Social Care Trust Page 0 of 6 Management of User Accounts Policy Policy Title MANAGEMENT OF USER ACCOUNTS AND
More information1. Perimeter Security Dealing with firewall, gateways and VPNs and technical entry points. Physical Access to your premises can also be reviewed.
Service Definition Technical Security Review Overview of Service Considering the increasing importance of security, the number of organisations that allow for contingency in their Information Security
More informationLEASEHOLD MANAGEMENT & SHARED OWNERSHIP; INCLUDING SERVICE CHARGES
LEASEHOLD MANAGEMENT & SHARED OWNERSHIP; INCLUDING SERVICE CHARGES Final Distribution Director of Housing Services Home Ownership Manager Insurance Risk Manager Head of Finance Audit Manager, Audit Commission
More informationBest Value toolkit: Information management
Best Value toolkit: Information management Prepared by Audit Scotland July 2010 Contents Introduction 2 The Audit of Best Value 2 The Best Value toolkits 4 Using the toolkits 4 Auditors evaluations 5 Best
More informationSummary Electronic Information Security Policy
University of Chichester Summary Electronic Information Security Policy 2015 Summary Electronic Information Security Policy Date of Issue 24 December 2015 Policy Owner Head of ICT, Strategy and Architecture
More informationData Transfer Policy. Data Transfer Policy London Borough of Barnet
Data Transfer Policy Data Transfer Policy London Borough of Barnet Document Control POLICY NAME Data Transfer Policy Document Description Policy surrounding data transfers (electronic and paper based).
More informationFINAL. Internal Audit Report. Data Centre Operations and Security
FINAL Internal Audit Report Data Centre Operations and Security Document Details: Reference: Report nos from monitoring spreadsheet/2013.14 Senior Manager, Internal Audit & Assurance: ext. 6567 Engagement
More informationUniversity System of Maryland University of Maryland, College Park Division of Information Technology
Audit Report University System of Maryland University of Maryland, College Park Division of Information Technology December 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND
More informationUsing a Firewall General Configuration Guide
Using a Firewall General Configuration Guide Page 1 1 Contents There are no satellite-specific configuration issues that need to be addressed when installing a firewall and so this document looks instead
More informationColeg Gwent. Wireless Audit. Internal Audit Report (2.10/11) 23 May 2011. Overall Opinion: Amber Green
Coleg Gwent Wireless Audit Internal Audit Report (2.10/11) 23 May 2011 Overall Opinion: Amber Green Coleg Gwent CONTENTS Section Page Executive Summary 1 Action Plan 5 Findings and Recommendations 10 Debrief
More information