NETWORK SECURITY GUIDELINES

Size: px
Start display at page:

Download "NETWORK SECURITY GUIDELINES"

Transcription

1 NETWORK SECURITY GUIDELINES VIRUS PROTECTION STANDARDS All networked computers and networked laptop computers are protected by GST BOCES or district standard anti-virus protection software. The anti-virus DAT files are updated automatically on configured machines; plus the current DAT files are placed on the GST BOCES Helpdesk menu for the end users to update their software manually. It is the shared responsibility of the end users, GST BOCES LAN staff, and the school district IT staff to make sure the anti-virus on the PC s is current. All (incoming and outgoing) is scanned for viruses. All file servers are scanned for viruses. INCIDENT HANDLING OF VIRUSES It is the shared responsibility of the end-users, GST BOCES LAN staff, and the school district IT staff to ensure that all computers are free of viruses and also to keep the anti-virus DAT files updated on computers. GST BOCES Computer Services staff will have information about anti-virus software and procedures available at Viruses infected s will be deleted automatically by the Anti-Virus programs. Virus files found on any file server will be immediately investigated and eradicated by GST BOCES LAN and/or school district IT staff. SECURITY OFFICER The CSC security team functions as the security officer for the GST BOCES regional network. The security team sets procedures and guidelines for all matters involving network security. The CSC security contact person, as appointed by the manager of CSC, will be responsible for keeping current and knowledgeable on CERT advisories and keep abreast of security exploits. The security contact person is responsible for handling and addressing any reported security incidents. BANNER/WARNINGS All network connected computer workstations should display a warning banner with an authorized user, appropriate use message prior to network login. NETWORK ADDRESSING AND NETWORK DEVICE CONNECTIONS Computer network addressing will be implemented and maintained only by the appropriately authorized school district technology staff and the GST BOCES Computer Services staff. Any and all connections of computer network equipment to the school district and GST BOCES regional WAN (Wide Area Network) will be coordinated with authorized school district technology staff, implemented and executed by GST BOCES Computer Services staff, or by authorized school district technology staff under the guidance/direction/approval of GST BOCES Computer Services staff and/or school district IT staff.

2 There will be an agreement and assigned responsibility between the contracting school district, a vendor or individual requesting network access, and the GST BOCES Computer Services staff for updating any server operating systems applying (OS) service packs and patches, anti-virus patches, and security patches. This includes any remotely attached devices R ACCEPTABLE USE POLICY It is the recommendation of the GST BOCES security team that each school district have a Board approved Acceptable Use Policy including Internet Safety Policy language complying with CIPA legislation. The GST BOCES security team is available as a resource for school districts when composing these Acceptable Use Policies. Appropriate disciplinary action for users that violate the policy will be reviewed and handled on a case-by-case basis by the school district Superintendent, Supervisor, CSC Manager, school district Technology Director, and/or designee. DATA BACKUP AND RECOVERY The GST BOCES Computer Services center will be responsible to implement and support a data backup solution for all network data on the GST BOCES regional wide area network. The GST BOCES Computer Services staff will make every effort to backup all network data on a daily basis. Any and all data located on local drives is the responsibility of the end user. In situations where school district staff are responsible for the execution and maintenance of the daily data backups locally, GST BOCES Computer Services staff cannot be held responsible for the integrity of the backups. It is the responsibility of all systems administrators and school district Technology Directors to notify the GST BOCES backup administrator of any new network file areas and data requiring backup. The GST BOCES Computer Services staff can retrieve network data from these backups up to 30 working days old. Requests are taken by the GST BOCES Helpdesk, and are handled on a case by case basis. It is the recommendation of the GST BOCES Computer Services staff that backup media going back for one week be stored off site for disaster recovery purposes. OUTSIDE REQUESTS FOR NETWORK INFORMATION Details concerning the GST BOCES regional wide area network configuration are considered confidential; therefore, it is the recommendation of the GST BOCES security team that network information be given out over the phone or via only when appropriate. PROCEDURE FOR ADDING, CHANGING, OR DELETING NETWORK ACCOUNT ACCESS It is the school district s responsibility to collect a completed User Authorization form for any network account created. Network accounts will not be created without a signed GST BOCES Staff User Authorization Form. All requests to modify or delete accounts and/or change access must be authorized by the district Technology Director or their district designee. Requests for transfer of data must be authorized by the district of data ownership. Any forms received by GST BOCES will be kept on file.

3 GUIDELINES FOR NETWORK ACCOUNT PASSWORDS Network passwords should be required to be changed periodically. Passwords should be at least 5 characters. Passwords should be memorized and never be written down. Passwords should never be shared. Passwords should be a mix of alphanumeric characters and not form any real word. Passwords should not be names or dates easily identified with the end user. Passwords should not be same as username. Password standards do not apply to generic accounts. Staff who actively sync the district system with a personal device (i.e. smartphone, tablet, etc.) must create and employ a manually entered PIN (numeric, non-swipe, personal identification number). PASSWORD ADMINISTRATION System administrators can periodically scan the password files for weak passwords. Any weak password information (name, initials, children s names, etc.) found will be passed on to the Administrator of Computer Services or to the district Technology Director who will work with other technical and district staff for appropriate action. When the end user forgets their network/ password, the procedure is for them to call the GST BOCES Help Desk, school district s Technology Director, or appropriate district staff to request the change. For all other systems, they should call the application support person (MUNIS, SASI, Mandarin, etc.). Anyone requesting temporary, substitute, or special access staff members are required to follow a GST BOCES or district-approved procedure for obtaining access. SUSPECTED STAFF MISCONDUCT/SECURITY BREACH By specific request of a school district s Technology Director or a school district Superintendent made by phone or to the CSC Computer Center Manager or the Administrator of Computer Services, a user s account will be disabled. By specific request of a school district s Technology Director or a school district Superintendent made by phone or to the CSC Computer Center Manager or the Administrator of Computer Services, access will be given to a user s network drive area and/or their account for review by specified district personnel. Network information, accounts, and data are not considered private and can be monitored, when requested, by authorized school district personnel. Network data is considered the property of the corresponding school district and access to that data will be given only when authorized by appropriate school district personnel.

4 WIRELESS ACCESS Any wireless access point that is installed on the school district and GST BOCES Regional Network must be secured. Recommendations include: MAC address filtering enabled (whenever feasible) Turn off the Broadcast SSID Turn on Encryption Use secure authentication method for clients (802.1X) SECURITY BREACH All users should report any suspected security breach to their immediate supervisor or teacher. Supervisors will contact the Computer Services Center Manager or their school district Technology Director in the event of a suspected breach. On a case by case basis, CSC Manager, school district Technology Director, Supervisor, and/or other involved parties will discuss appropriate consequences. Security personnel will monitor the system for security breaches; will record and track suspected breach incidents; and will notify school district personnel of any suspected breach. REMOTE ACCESS Any remote access to the school district and GST BOCES Regional Wide Area Network will be allowed based on approval from both school district Technology Director and the GST BOCES Computer Services Manager or Administrator of Computer Services. VENDOR REMOTE ACCESS Vendor remote access is defined as allowing vendor access via a network connection into the school district and GST BOCES Regional Wide Area Network in order to maintain and monitor various vendor applications and servers. Remote access for vendors will be based on approval from both appropriate district supervisory staff and the GST BOCES Computer Services Manager or designee, according to the following suggested criteria. Requested access will be used for monitoring of vendor hardware only; any misuse of the equipment, or determination by GST BOCES Computer Services staff or school district IT staff of a security risk will result in termination of the agreement. Options for vendor remote access: 1. GST BOCES Computer Services staff will provide a VPN solution to the vendor; 2. Vendor can provide a static IP (permanent) address; and GST BOCES Computer Services staff/ authorized school district staff will open a specified port for access by the vendor; unless GST BOCES Computer Services staff determines that this method would pose a security risk to the network; and

5 3. For a specified time, GST BOCES Computer Services staff/authorized school district staff will open a specified port for access by the vendor and close that access when no longer needed; unless GST BOCES Computer Services staff determines that this method would pose a security risk to the network. Whenever appropriate the vendor s application will be housed in the DMZ (demilitarized zone). There will be an agreement and assigned responsibility between the contracting school district, the vendor, and the GST BOCES Computer Services staff for updating any server operating systems applying (OS) service packs and patches, anti-virus patches, and IIS security patches, this includes any remotely attached devices. PHYSICAL SECURITY It is the recommendation of the GST BOCES Computer Services staff that the transferring of any school district student, financial, or personnel data from the GST BOCES Wide Area Network, to any other removable media, should be approved in writing by a Building administrator, immediate supervisor, or Technology Director of the school district. It is also the recommendation of the GST BOCES Computer Services staff that any requests for transfers of school district data from any outside source or vendor should be approved in writing by a building administrator, immediate supervisor, or Technology Director of the school district. Requests from law enforcement will be communicated to GST BOCES District Superintendent and appropriate component school district Superintendent. Approved: December 1, 2003 Revised and Approved: February 9, 2004; October 4, 2004; December 13, 2007; Sept. 11, 2014 Nov. 13, 2014

Information Technology Security Procedures

Information Technology Security Procedures Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3

More information

Client Security Risk Assessment Questionnaire

Client Security Risk Assessment Questionnaire Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2

More information

SECURITY MANAGEMENT IT Security Policy (ITSP- 1)

SECURITY MANAGEMENT IT Security Policy (ITSP- 1) SECURITY MANAGEMENT IT Security Policy (ITSP- 1) 1A Policy Statement District management and IT staff will plan, deploy, and monitor IT security mechanisms, policies, procedures, and technologies necessary

More information

CITY OF BOULDER *** POLICIES AND PROCEDURES

CITY OF BOULDER *** POLICIES AND PROCEDURES CITY OF BOULDER *** POLICIES AND PROCEDURES CONNECTED PARTNER EFFECTIVE DATE: SECURITY POLICY LAST REVISED: 12/2006 CHRISS PUCCIO, CITY IT DIRECTOR CONNECTED PARTNER SECURITY POLICY PAGE 1 OF 9 Table of

More information

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING 6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING The following is a general checklist for the audit of Network Administration and Security. Sl.no Checklist Process 1. Is there an Information

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

ABERDARE COMMUNITY SCHOOL

ABERDARE COMMUNITY SCHOOL ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

Network Security & Connection Policy

Network Security & Connection Policy Network Security & Connection Policy Effective from 17 February 2015 Version Number: 2.0 Author: Network Manager, IT Services Document Control Information Status and reason for development Revised to reflect

More information

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams

More information

DHHS Information Technology (IT) Access Control Standard

DHHS Information Technology (IT) Access Control Standard DHHS Information Technology (IT) Access Control Standard Issue Date: October 1, 2013 Effective Date: October 1,2013 Revised Date: Number: DHHS-2013-001-B 1.0 Purpose and Objectives With the diversity of

More information

1B1 SECURITY RESPONSIBILITY

1B1 SECURITY RESPONSIBILITY (ITSP-1) SECURITY MANAGEMENT 1A. Policy Statement District management and IT staff will plan, deploy and monitor IT security mechanisms, policies, procedures, and technologies necessary to prevent disclosure,

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Computer Security Policy (Interim)

Computer Security Policy (Interim) Computer Security Policy (Interim) Updated May, 2001 Department of Information Systems & Telecommunications Table of Contents 1. SCOPE...1 2. OVERVIEW...1 3. RESPONSIBILITIES...3 4. PHYSICAL SECURITY...4

More information

Secondary DMZ: DMZ (2)

Secondary DMZ: DMZ (2) Secondary DMZ: DMZ (2) Demilitarized zone (DMZ): From a computer security perspective DMZ is a physical and/ or logical sub-network that resides on the perimeter network, facing an un-trusted network or

More information

NETWORK AND INTERNET SECURITY POLICY STATEMENT

NETWORK AND INTERNET SECURITY POLICY STATEMENT TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB NETWORK AND INTERNET SECURITY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January 2004

More information

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for

More information

UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY

UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY Originator: IT Performance and Capacity Management Policy Approval and Version Control Approval Process: Position or Meeting

More information

USFSP Network Security Guidelines

USFSP Network Security Guidelines USFSP Network Security Guidelines Table of Contents I. Access to Data II. Workstations and Personal Computers A. Computer Viruses B. Software C. Hardware D. Storage Media III. Local Area Networks (LANs)

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Policy Document. Communications and Operation Management Policy

Policy Document. Communications and Operation Management Policy Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

SonicWALL PCI 1.1 Implementation Guide

SonicWALL PCI 1.1 Implementation Guide Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard

More information

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date: A SYSTEMS UNDERSTANDING A 1.0 Organization Objective: To ensure that the audit team has a clear understanding of the delineation of responsibilities for system administration and maintenance. A 1.1 Determine

More information

Section 12 MUST BE COMPLETED BY: 4/22

Section 12 MUST BE COMPLETED BY: 4/22 Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege

More information

1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...

1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network... Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless

More information

MN-700 Base Station Configuration Guide

MN-700 Base Station Configuration Guide MN-700 Base Station Configuration Guide Contents pen the Base Station Management Tool...3 Log ff the Base Station Management Tool...3 Navigate the Base Station Management Tool...4 Current Base Station

More information

Enterprise K12 Network Security Policy

Enterprise K12 Network Security Policy Enterprise K12 Network Security Policy I. Introduction The K12 State Wide Network was established by MDE and ITS to provide a private network infrastructure for the public K12 educational community. Therefore,

More information

Please note that in VISA s vernacular this security program for merchants is sometimes called CISP (cardholder information security program).

Please note that in VISA s vernacular this security program for merchants is sometimes called CISP (cardholder information security program). Introduction This document serves as a guide for TCS Retail users who are credit card merchants. It is written to help them become compliant with the PCI (payment card industry) security requirements.

More information

INFORMATION GOVERNANCE POLICY: NETWORK SECURITY

INFORMATION GOVERNANCE POLICY: NETWORK SECURITY INFORMATION GOVERNANCE POLICY: NETWORK SECURITY Original Approved by: Policy and Procedure Ratification Sub-group on 23 October 2007 Version 1.2 Approved by: Information Governance Group Approval Date:

More information

Cyber Security Awareness

Cyber Security Awareness Cyber Security Awareness User IDs and Passwords Home Computer Protection Protecting your Information Firewalls Malicious Code Protection Mobile Computing Security Wireless Security Patching Possible Symptoms

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

University of Maryland Active Directory Policies

University of Maryland Active Directory Policies University of Maryland Active Directory Policies Purpose of this policy Scope AD Forest Forest Schema & Data Visibility Account and Group Synchronization Account Creation and Password Forest Security Principle

More information

Auburn Montgomery. Registration and Security Policy for AUM Servers

Auburn Montgomery. Registration and Security Policy for AUM Servers Auburn Montgomery Title: Responsible Office: Registration and Security Policy for AUM Servers Information Technology Services I. PURPOSE To outline the steps required to register and maintain departmental

More information

Security Policy for External Customers

Security Policy for External Customers 1 Purpose Security Policy for This security policy outlines the requirements for external agencies to gain access to the City of Fort Worth radio system. It also specifies the equipment, configuration

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10) MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...

More information

Estate Agents Authority

Estate Agents Authority INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in

More information

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version

More information

SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices

SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices 8-27-2015 4-007.1 Supersedes 4-007 Page Of 1 5 Responsible Authority Vice Provost for Information

More information

University of Northern Colorado. Data Security Policy for Research Projects

University of Northern Colorado. Data Security Policy for Research Projects University of Northern Colorado Data Security Policy for Research Projects Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope... 1 4.0 Definitions, Roles, and Requirements... 1 5.0 Sources of Data...

More information

Information Security Policy

Information Security Policy Information Security Policy Steve R. Hutchens, CISSP EDS, Global Leader, Homeland Security Agenda Security Architecture Threats and Vulnerabilities Design Considerations Information Security Policy Current

More information

Payment Card Industry Self-Assessment Questionnaire

Payment Card Industry Self-Assessment Questionnaire How to Complete the Questionnaire The questionnaire is divided into six sections. Each section focuses on a specific area of security, based on the requirements included in the PCI Data Security Standard.

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

Consensus Policy Resource Community. Lab Security Policy

Consensus Policy Resource Community. Lab Security Policy Lab Security Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is

More information

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name Introduction Removable Media and Mobile Device Policy Removable media and mobile devices are increasingly used to enable information access

More information

Get Connected! How to Configure Your Computer for MITnet. Red Hat Enterprise Linux Mac OS X Windows XP Professional, Vista

Get Connected! How to Configure Your Computer for MITnet. Red Hat Enterprise Linux Mac OS X Windows XP Professional, Vista Get Connected! How to Configure Your Computer for MITnet Red Hat Enterprise Linux Mac OS X Windows XP Professional, Vista 2008 Massachusetts Institute of Technology Table of Contents Introduction...3 About

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

NETWORK INFRASTRUCTURE USE

NETWORK INFRASTRUCTURE USE NETWORK INFRASTRUCTURE USE Information Technology Responsible Office: Information Security Office http://ooc.usc.edu infosec@usc.edu (213) 743-4900 1.0 Purpose The (USC) provides its faculty, staff and

More information

Information Security Policy

Information Security Policy Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems

More information

Quick Installation Guide For Mac users

Quick Installation Guide For Mac users Quick Installation Guide For Mac users Packing List 1) IP CAMERA X 1 2) Wi-Fi Antenna (only available for wireless model) 3) DC Power Supply X 1 4) Network Cable X 1 5) Mounting bracket 1 6) CD X 1 (Include

More information

Accessing TP SSL VPN

Accessing TP SSL VPN Accessing TP SSL VPN This guide describes the steps to install, connect and disconnect the SSL VPN for remote access to TP intranet systems using personal notebooks. A. Installing the SSL VPN client Junos

More information

Information Technology Security Policies

Information Technology Security Policies Information Technology Security Policies Randolph College 2500 Rivermont Ave. Lynchburg, VA 24503 434-947- 8700 Revised 01/10 Page 1 Introduction Computer information systems and networks are an integral

More information

Accessing the Media General SSL VPN

Accessing the Media General SSL VPN Launching Applications and Mapping Drives Remote Desktop Outlook Launching Web Applications Full Access VPN Note: To access the Media General VPN, anti-virus software must be installed and running on your

More information

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by: Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether

More information

Information Security Operational Procedures Banner Student Information System Security Policy

Information Security Operational Procedures Banner Student Information System Security Policy Policy No: 803 Area: Information Technology Services Adopted: 8/6/2012 Information Security Operational Procedures Banner Student Information System Security Policy INTRODUCTION This document provides

More information

IT Security Procedure

IT Security Procedure IT Security Procedure 1. Purpose This Procedure outlines the process for appropriate security measures throughout the West Coast District Health Board (WCDHB) Information Systems. 2. Application This Procedure

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

How to Practice Safely in an era of Cybercrime and Privacy Fears

How to Practice Safely in an era of Cybercrime and Privacy Fears How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,

More information

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8. micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 1 Table of Contents Overview /Standards: I. Information Security Policy/Standards Preface...5 I.1 Purpose....5

More information

Reliance Bank Fraud Prevention Best Practices

Reliance Bank Fraud Prevention Best Practices Reliance Bank Fraud Prevention Best Practices May 2013 User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters and numbers.

More information

Dublin Institute of Technology IT Security Policy

Dublin Institute of Technology IT Security Policy Dublin Institute of Technology IT Security Policy BS7799/ISO27002 standard framework David Scott September 2007 Version Date Prepared By 1.0 13/10/06 David Scott 1.1 18/09/07 David Scott 1.2 26/09/07 David

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

Procedure Title: TennDent HIPAA Security Awareness and Training

Procedure Title: TennDent HIPAA Security Awareness and Training Procedure Title: TennDent HIPAA Security Awareness and Training Number: TD-QMP-P-7011 Subject: Security Awareness and Training Primary Department: TennDent Effective Date of Procedure: 9/23/2011 Secondary

More information

Policy Title: HIPAA Security Awareness and Training

Policy Title: HIPAA Security Awareness and Training Policy Title: HIPAA Security Awareness and Training Number: TD-QMP-7011 Subject: HIPAA Security Awareness and Training Primary Department: TennDent/Quality Monitoring/Improvement Effective Date of Policy:

More information

ASCINSURE SPECIALTY RISK PRIVACY/SECURITY PLAN July 15, 2010

ASCINSURE SPECIALTY RISK PRIVACY/SECURITY PLAN July 15, 2010 ASCINSURE SPECIALTY RISK PRIVACY/SECURITY PLAN July 15, 2010 OBJECTIVE This Security Plan (the Plan ) is intended to create effective administrative, technical and physical safeguards for the protection

More information

Cyber Security Awareness

Cyber Security Awareness Cyber Security Awareness William F. Pelgrin Chair Page 1 Introduction Information is a critical asset. Therefore, it must be protected from unauthorized modification, destruction and disclosure. This brochure

More information

Quick Installation Guide-For MAC users

Quick Installation Guide-For MAC users Quick Installation Guide-For MAC users Packing List 1) IP CAMERA X 1 2) Wi-Fi Antenna (only available for wireless model) 3) DC Power Supply X 1 4) Network Cable X 1 5) Mounting bracket 1 6) CD X 1 (Include

More information

[BRING YOUR OWN DEVICE POLICY]

[BRING YOUR OWN DEVICE POLICY] 2013 Orb Data Simon Barnes [BRING YOUR OWN DEVICE POLICY] This document specifies a sample BYOD policy for use with the Orb Data SaaS MDM service Contents 1 ACCEPTABLE USE... 3 1.1 GENERAL RULES... 3 2

More information

Responsible Access and Use of Information Technology Resources and Services Policy

Responsible Access and Use of Information Technology Resources and Services Policy Responsible Access and Use of Information Technology Resources and Services Policy Functional Area: Information Technology Services (IT Services) Applies To: All users and service providers of Armstrong

More information

TECHNICAL VULNERABILITY & PATCH MANAGEMENT

TECHNICAL VULNERABILITY & PATCH MANAGEMENT INFORMATION SECURITY POLICY TECHNICAL VULNERABILITY & PATCH MANAGEMENT ISO 27002 12.6.1 Author: Owner: Organisation: Document No: Chris Stone Ruskwig TruePersona Ltd SP-12.6.1 Version No: 1.1 Date: 1 st

More information

FAYETTEVILLE STATE UNIVERSITY POLICY ON INFORMATION SECURITY

FAYETTEVILLE STATE UNIVERSITY POLICY ON INFORMATION SECURITY FAYETTEVILLE STATE UNIVERSITY POLICY ON INFORMATION SECURITY Authority: Category: Applies to: Chancellor, Fayetteville State University University-wide Faculty, Staff, and Students History: Approved on

More information

A Guide to Information Technology Security in Trinity College Dublin

A Guide to Information Technology Security in Trinity College Dublin A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2

More information

DMA Information Security Management Requirements January 2012. DMA Standard: produced for the protection of electronic information.

DMA Information Security Management Requirements January 2012. DMA Standard: produced for the protection of electronic information. January 2012 DMA Standard: produced for the protection of electronic information. INTRODUCTION Information within an organisation can take many paths and can be used for many varied purposes. This data

More information

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations

More information

INCIDENT RESPONSE CHECKLIST

INCIDENT RESPONSE CHECKLIST INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged

More information

Business ebanking Fraud Prevention Best Practices

Business ebanking Fraud Prevention Best Practices Business ebanking Fraud Prevention Best Practices User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters, numbers, and special

More information

Securing the Service Desk in the Cloud

Securing the Service Desk in the Cloud TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,

More information

YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY

YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY Author Head of IT Equality impact Low Original Date September 2003 Equality No This Revision September

More information

Policies and Procedures

Policies and Procedures Policies and Procedures Provided by PROGuard The following are policies and procedures which need to be enforced to ensure PCI DSS compliance. In order to answer yes to the questions and pass the SAQ,

More information

PA-DSS Implementation Guide for. Sage MAS 90 and 200 ERP. Credit Card Processing

PA-DSS Implementation Guide for. Sage MAS 90 and 200 ERP. Credit Card Processing for Sage MAS 90 and 200 ERP Credit Card Processing Version 4.30.0.18 and 4.40.0.1 - January 28, 2010 Sage, the Sage logos and the Sage product and service names mentioned herein are registered trademarks

More information

Godley Primary School. E-Security Policy 23/05/2014. Schools ICT Security Policy 1

Godley Primary School. E-Security Policy 23/05/2014. Schools ICT Security Policy 1 Godley Primary School E-Security Policy 23/05/2014 Schools ICT Security Policy 1 E-Security Information systems (IS) play a major role in supporting the school s activities. The reliability, confidentiality

More information

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014 Tenth Judicial Circuit of Florida Information Systems Acceptable Use s Polk, Hardee and Highlands Counties as of January 2014 The following guidelines define the acceptable use of information technology

More information

Information Technology Cyber Security Policy

Information Technology Cyber Security Policy Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please

More information

Hengtian Information Security White Paper

Hengtian Information Security White Paper Hengtian Information Security White Paper March, 2012 Contents Overview... 1 1. Security Policy... 2 2. Organization of information security... 2 3. Asset management... 3 4. Human Resources Security...

More information

SAO Remote Access POLICY

SAO Remote Access POLICY SAO Remote Access POLICY Contents PURPOSE... 4 SCOPE... 4 POLICY... 4 AUTHORIZATION... 4 PERMITTED FORMS OF REMOTE ACCESS... 5 REMOTE ACCESS USER DEVICES... 5 OPTION ONE: SAO-OWNED PC... 5 OPTION TWO:

More information

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy

More information

Policy on Connection to the University Network

Policy on Connection to the University Network Policy on Connection to the University Network Revision History Version Date Changes 0.1 01/12/04 David Conway 0.2 02/12/04 David Conway 0.3 19/01/05 David Conway 0.4 21/01/05 David Conway 1.0 07/03/05

More information

Network and Workstation Acceptable Use Policy

Network and Workstation Acceptable Use Policy CONTENT: Introduction Purpose Policy / Procedure References INTRODUCTION Information Technology services including, staff, workstations, peripherals and network infrastructures are an integral part of

More information

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more

More information

Implementation Guide

Implementation Guide Implementation Guide PayLINK Implementation Guide Version 2.1.252 Released September 17, 2013 Copyright 2011-2013, BridgePay Network Solutions, Inc. All rights reserved. The information contained herein

More information

Chapter 15: Computer and Network Security

Chapter 15: Computer and Network Security Chapter 15: Computer and Network Security Complete CompTIA A+ Guide to PCs, 6e What is in a security policy Mobile device security methods and devices To perform operating system and data protection How

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

Potential Security Vulnerabilities of a Wireless Network. Implementation in a Military Healthcare Environment. Jason Meyer. East Carolina University

Potential Security Vulnerabilities of a Wireless Network. Implementation in a Military Healthcare Environment. Jason Meyer. East Carolina University Potential Security Vulnerabilities of a Wireless Network Implementation in a Military Healthcare Environment Jason Meyer East Carolina University Abstract This paper will look into the regulations governing

More information

2.1.1 This policy and any future changes requires ratification by CAUDIT.

2.1.1 This policy and any future changes requires ratification by CAUDIT. 1.0 Background to this document 1.1 This document sets out guidelines that cover the control of the supply and receipt of Internet access for educational purposes, that is primarily (but not exclusively)

More information

INTERNET AND COMPUTER ACCEPTABLE USE POLICY (AUP)

INTERNET AND COMPUTER ACCEPTABLE USE POLICY (AUP) 4510.2 INTERNET AND COMPUTER ACCEPTABLE USE POLICY (AUP) The Board of Education is committed to the optimization of student learning and teaching. The Board considers computers to be a valuable tool for

More information