Christchurch Polytechnic Institute of Technology Access Control Security Standard
|
|
- Martha Reynolds
- 8 years ago
- Views:
Transcription
1 CPIT Crprate Services Divisin: ICT Christchurch Plytechnic Institute f Technlgy Access Cntrl Security Standard Crprate Plicies & Prcedures Sectin 1: General Administratin Dcument CPP121a Principles Infrmatin Cmmunicatin Technlgy Divisin Security Plicy Security Standard, aligned with Security Standards Guidelines and Prcedures AS/NZS ISO/IEC 27001: 2006 fr Infrmatin Security Management
2 CPIT Crprate Services Divisin: ICT Cntents 1 INTRODUCTION ACCESS REQUIREMENTS ASSESSMENT Access Requirements Checklist ACCOUNT MANAGEMENT STANDARDS Accunt Registratin Standards Privileged Accunt Standards Accunt Mnitring Standards Accunt Clse-dwn Standards PASSWORD MANAGEMENT STANDARDS Passwrd Allcatin Standards Passwrd Settings Standards Remte Access Standards Access Cntrl Security Standard Page 2 f 12
3 CPIT Crprate Services Divisin: ICT Access Cntrl Security Standard Purpse This Standard defines the recmmended security practices fr accunt management and access cntrl including passwrd settings. In additin, this Standard defines acceptable practice fr remte access, use and management f hand held devices and laptps. This dcument sets the benchmark fr administering user and system accunts and the required settings t maintain the level f security required at CPIT. Authrised By: Dcument Owner ICT Directr Infrastructure Manager and Technlgy Manager Date f Issue: 15 March 2012 Review date: Nvember 2014 Versin: 2.4 References: This dcument shuld be read in cnjunctin with the ICT Security Plicy. In additin it shuld be read in cnjunctin with the fllwing ICT Security Standards: 1. ICT Asset and Media Management Standard 2. Human Resurces ICT Security Standard 3. Cmmunicatins and Operatins Management Standard 4. Physical and Envirnmental Security Standard 5. Infrmatin Systems Acquisitin, Develpment and Maintenance Security Standard Access Cntrl Security Standard Page 3 f 12
4 CPIT Crprate Services Divisin: ICT 1 INTRODUCTION These Access Cntrl Security Standards recmmend the security measures t cntrl access t infrmatin and cmputer systems at CPIT. The aim is t define a set f accunt management standards that will restrict access t authrised persnnel and safeguard the services and infrmatin at CPIT. Unauthrised access may expse the Institutin t security threats including data lss r result in the privacy f infrmatin being ignred, knwingly r unknwingly. These standards recmmend the security measures that the Institutin shuld cnsider acrss the fllwing areas f accunt management: The fllwing tpics are cvered: Access Cntrl Accunt Management Passwrd Management Remte Access Standards t determine the level f access required by individuals t reduce the risk f unauthrised access t infrmatin and systems. This includes an Access Cntrl checklist t assess access requirements t ICT systems and services, and prcesses t cntinually re-assess access requirements. Standards t cntrl access t ICT services and particularly recrd visitr access t ICT secure facilities. Security standards fr rbust accunt lifecycle management. This includes; accunt registratin (set-up), privileged accunts set up, accunt mnitring and accunt clse dwn. Standards t be applied when allcating passwrds and defining passwrd settings t reduce the risk f passwrd cmprmises. Passwrds are the primary authenticatin mechanism used t secure ICT services at CPIT. Standards utilised t prevent unauthrised access t the netwrk when cnnecting remtely t ICT services. Access Cntrl Security Standard Page 4 f 12
5 CPIT Crprate Services Divisin: ICT 2 ACCESS REQUIREMENTS ASSESSMENT An effective access cntrl practice reduces the risk f unauthrised access t infrmatin and systems. Prcesses are required t ensure that individuals gain the right level f access t cmplete their wrk, whilst ensuring the apprpriate level f prtectin is applied. This sectin recmmends the access cntrl standards fr determining the level f access t be prvided and the measures t be cnsidered t maintain security. Determining the apprpriate level f access required fr individuals, remte users r third parties, engaged at the Institutin. T simplify the prcess an 'Access Requirements Checklist' can be used which is designed t determine the apprpriate level f access required. 2.1 Access Requirements Checklist Ref Security Access Checklist 1 Determine the security requirements f the business applicatins r data surces they require access t. (Fr example, certain applicatins may nly require read-nly access). 2 Review any particular plicies regarding infrmatin disseminatin and authrisatin. It may be inapprpriate t permit access t specific areas. (Fr example check with Human Resurces r Finance befre granting access). 3 Review infrmatin classificatin and align access cntrl rights t match the classificatin f the infrmatin. (Fr example, review the data gvernance standards and any data that is deemed read-nly). 4 Review Third Party agreements that may impact n cntractrs remte access t infrmatin, if applicable. (Fr example cntractrs may nly be allwed access during an agreed perid f time and hence access is granted fr that time perid nly). 5 Review agreements that are established fr prvisin f ICT services t grups f users at certain times. 6 Review legal requirements that may need t be cnsidered. 7 Clarify the specific task the individual will be perfrming. 8 Manage authrisatin and apprval fr access t be granted. This checklist can als be used t determine grup access t infrmatin r systems at the Institutin. The end result shuld be a clear list indicating the level f access required fr the individual/grup t Why d this? perfrm their rle at the Institutin. Defining the level f access required is nt an event perfrmed nce. It shuld be a cntinuus prcess that is fllwed t maintain the right levels f access fr individuals r grups. Access Cntrl arrangements shuld be regularly reviewed A significant number f security incidents result frm inapprpriate access t infrmatin. Fllwing the checklist each time will remind staff t check access rights and nt make assumptins. Access Cntrl Security Standard Page 5 f 12
6 CPIT Crprate Services Divisin: ICT t ensure they meet the fllwing standards: Access is restricted t a level agreed by the infrmatin wners. Fr example, access rights t financial infrmatin needs t be agreed by financial infrmatin wners. Access is reviewed regularly t ascertain the right level f access has been maintained; this may be by prviding infrmatin wners with a list f thse wh have access fr their validatin. Access is reviewed in respnse t changing threats: a higher security threat r a change in security envirnment may necessitate a change in access cntrl. Access Cntrl Security Standard Page 6 f 12
7 CPIT Crprate Services Divisin: ICT 3 ACCOUNT MANAGEMENT STANDARDS Security standards and guidelines are required fr the lifecycle f Accunt Management. This includes frm initial registratin f an accunt thrugh t clsing dwn accunts. It is acknwledged that these standards will require assistance frm Human Resurces t infrm ICT when staff changes ccur including when staff change rle and start r leave the institutin. The bjective f this standard is t ensure that rbust accunt management standards are fllwed thrughut the accunt management lifecycle. The fllwing security cntrls are detailed: Accunt Registratin (Set-up f Accunts) Privileged Accunts Set Up Accunt Mnitring Accunt Administratin Accunt Clse dwn 3.1 Accunt Registratin Standards A frmal prcedure is fllwed t create a user accunt and permit access t ICT services. The fllwing cntrls are recmmended when creating accunts: The default access rights are set t 'nne' rather than 'read' fr all new accunts. Unique user IDs are required fr all accunts (this is typically enfrced thrugh Windws Active Directry in use at CPIT). User accunts are nt t be shared unless authrised by ICT and will nly be agreed n a case by case basis. The principles f using grups t access infrmatin rather than specifying individual accunt access shuld be fllwed as a default. Individual users are added t grups rather than have direct access t infrmatin. Access t ICT services are dependent upn the rle within the institutin; rle based access whereby access is prvided t the services yu need t cmplete yur wrk. Checking that the user accunt is assciated with the permissins agreed thrugh the Access Requirements Checklist identified in sectin 2.1. In particular the infrmatin wner has apprved access t the infrmatin r service. Define the number f failed accunt lg-in attempts befre requiring an accunt t be re-set. The Standard defined in sectin 4.2 sets this t be 5 attempted lgins befre lcking ut the accunt. Users are infrmed f their access rights and the prcess fr requesting a higher level f access t CPIT services as described within the Service Catalgue. Access is nt permitted until the authrisatin prcess has been cmpleted. Why are unique Ids s imprtant? This security cntrl is imprtant as it establishes a link between a user accunt, an individual and the access rights granted t that accunt. Withut unique user IDs, audit lgs cannt accurately recrd the activities f users and this culd prevent the Institutin frm being able t cmplete security audits and reinfrce disciplinary actin r prsecute fr cmputer abuse. Access Cntrl Security Standard Page 7 f 12
8 CPIT Crprate Services Divisin: ICT 3.2 Privileged Accunt Standards A privileged accunt is an accunt that has higher access rights than a standard user accunt. A privileged accunt can include thse within the infrastructure grup but it als may include thse wh administer netwrks, manage critical business applicatins, administer databases r accunts that have access t sensitive infrmatin. Privileged accunts require a higher degree f security than standard user accunts as these accunts present a higher security risk if the accunt is cmprmised. Higher degrees f security cntrls are required t supprt these accunts. The ICT Security Plicy reinfrces that higher privileged accunts are t fllw the standards belw: Privileged accunts are allcated t an individual n a 'need t use' basis r n an 'event by event basis. Nt all members f ICT will be given higher privilege access. Use system alerts t ntify when privileged accunts settings are changed r additinal privileged accunts are added t a privileged accunt grup. An authrisatin prcess must be agreed t apprve changes in accunt privileges; accunts shuld nt gain access t a higher privilege until apprval has been btained. Accunts that perate at a higher privilege level are unique and nt the same accunt that is used t access line f business applicatins. It is essential that privileged accunts are nt used fr day t day ICT use and are nt used when accessing the internet. Keep an eye n the privileged accunts It is imprtant t keep a clse eye n the privileged accunts within CPIT. An attacker will try t cmprmise a privileged accunt r add an accunt t the privileged accunt grup. T prtect yur business keep these accunts under tight cntrl and mnitr when accunts are added r remved. T enfrce a higher level f prtectin the fllwing security cntrls are recmmended fr CPIT user accunts. Accunt level Descriptin Examples f Cntrls User Accunt Access t business as usual applicatins and infrmatin. CPIT standard passwrd security. See sectin 4.2 High Privileged Accunts Includes Systems Administratin Accunts (Micrsft Admin, Unix rt) and database admin accunts. Strnger passwrd cmplexity by increasing passwrd length t greater than 12 characters. Fr services that d nt supprt 12 characters the highest number f characters is t be used. 3.3 Accunt Mnitring Standards Once accunts have been created and access rights agreed, it is imprtant t define security cntrls t mnitr and recrd accunt activity. Access Cntrl Security Standard Page 8 f 12
9 CPIT Crprate Services Divisin: ICT The fllwing accunt mnitring standards are recmmended: Accunt lgin attempts, successful and unsuccessful, are recrded fr an agreed perid f time t assist with any future accunt investigatins. Unsuccessful lgin attempts must be recrded and reviewed peridically t identify regular unsuccessful passwrd lgins. (This is imprtant as it can identify when passwrd cracking sftware is targeting an accunt ver a perid f time). Lg files cntaining accunt infrmatin must be secured apprpriately t prevent alteratins t hide the tracks f an attacker. Identify accunts fr deletin: accunts that have been 'disabled' are deleted after an agreed perid f time. The ICT Security Plicy stipulates that accunts disabled fr a perid f 6 mnths will be deleted. 3.4 Accunt Clse-dwn Standards T maintain security, accunts must be reviewed regularly and apprpriate measures established t clse dwn accunts when they are n lnger required. The fllwing security standards apply: Accunt access requirements are t be reviewed when the ICT Divisin is advised f the fllwing: Individual emplyee changes psitins within the Institutin, r Services are replaced r renewed. Accunts are t be disabled nce an emplyee's cntract at the Institutin has expired. An emplyee cessatin prcess has been defined within Human Resurce ICT Security Standard. T achieve this standard will require Human Resurces infrming ICT when staff leave r there is a change in an emplyment cntract. Once accunts have been disabled they are t be reviewed at the 6 mnth interval and any accunts n lnger needed are t be permanently deleted. Why clse dwn user accunts It is imprtant fr the preventin f unauthrised access t accunts that they are clsed dwn as sn as the user leaves the Institutin. Often intruders will use accunts that haven t been used fr a perid f time making detectin harder t identify as the accunt activity lks legitimate. Access Cntrl Security Standard Page 9 f 12
10 CPIT Crprate Services Divisin: ICT 4 PASSWORD MANAGEMENT STANDARDS Passwrds are the primary methd used at CPIT t validate a user's identity t access a service r system. It is imprtant t maintain sund passwrd management practices in allcating passwrds, passwrd settings and passwrd awareness practice. This sectin recmmends the security measures fr: Passwrd Allcatin Passwrd Settings 4.1 Passwrd Allcatin Standards Reference: Passwrd Management Plicy in sectin f the ICT Security Plicy. The allcatin f passwrds is t be cntrlled thrugh a frmal prcess which shuld include the fllwing standards: Users are made aware f the imprtance t maintain passwrd cnfidentiality thrugh the staff inductin prcess. Bth staff and students are t be reminded f the imprtance f keeping yur passwrd cnfidential thrugh an nging security awareness prgramme. When passwrds are first issued r a temprary passwrd is sent t a user they are required t be cnfigured s the user is frced t change their passwrd n next use. Passwrds are ideally nt t be seen r stred in clear text (including in-huse develped systems). It is recgnised that passwrds are first issued thrugh an ; this is acceptable practice as the passwrd will be changed n first use. Students are first made aware f their passwrd thrugh the enrlment prcess but are required t change their passwrd n first use. Temprary passwrds, issued when a user frgets their passwrd, need be prvided fllwing psitive identificatin f the user (apprpriate identificatin prcesses are agreed with ICT Service Desk staff). 4.2 Passwrd Settings Standards Passwrd cnstructin is t meet a high standard. Using passwrd settings that are lwer than thse recmmended will increase the risk f a security incident. Recmmended passwrd security settings are listed belw and shuld apply acrss all CPIT systems where the system can supprt the standard. If the system cannt meet the required passwrd setting the highest level f passwrd setting r cmplexity must be set. Set a passwrd histry t prevent users frm repeating passwrds. Recmmended level set t 24 passwrds befre allwing a repeat passwrd t be used. Passwrds s imprtant One f the mst frequently used and successful attack methds fr gaining system access is passwrd guessing, bth manual and autmated dictinary attacks. In bth cases the passwrd management plicy will help t ensure that the attack is unsuccessful by slwing dwn r preventing attempts at passwrd guessing. This may impact the calls t the ICT Service Desk but the security benefits utweigh the incnvenience. Access Cntrl Security Standard Page 10 f 12
11 CPIT Crprate Services Divisin: ICT Set a maximum passwrd age, this will set the number f days befre the user is prmpted t change their passwrd. This setting is applied t all passwrds. The ICT Security Plicy sets the length f time between passwrd changes. Set a minimum passwrd age, this will cntrl when a new passwrd can be changed. This is t prevent users frm changing a passwrd back t a passwrd they have used befre. A setting f 0 days is the recmmended standard t be fllwed. After 5 unsuccessful attempts t enter a passwrd the user accunt must be disabled. Users will need t cntact the ICT Service Desk t have access re-established. Set a minimum passwrd length fr the number f passwrd characters. This is as defined within the ICT Security Plicy. Set the passwrd cnstructin standard. Strng passwrds (smetimes referred t as cmplex passwrds) prvide a higher degree f prtectin. The ICT Security Plicy defines that passwrd cnstructin must fllw the strng passwrd standard. Strng passwrds are required t cntain characters frm at least three f the fllwing five categries: English uppercase (A-Z) English lwercase (a-z) Base digits (0-9) Nn-alphanumeric (fr example!@#$%^) Unicde Characters Passwrds that are stred n netwrk drives must be in a secure encrypted system. Enable the screen saver passwrd with a default setting as defined in the ICT Security Plicy, enfrcing users t re-enter their passwrds after a perid f inactivity. ICT services shuld be cnfigured t reduce further lgins nce a user has successfully lgged int the netwrk. This will reduce the number f passwrds users are required t remember. 4.3 Remte Access Standards This sectin prvides guidelines n the security cntrls t be cnsidered t prevent unauthrised access t the netwrk. These measures are in additin t the measures already discussed in the access cntrls standard. Security Standards fr remte access: A standard set f services are prvided fr staff and students t cnnect t ICT services, remtely. Requests fr alternative remte access services requires authrisatin by an apprpriate CPIT Manager r prject spnsr thrugh the ICT Service Desk. Only apprved cnnectin techniques are allwed. This will minimise the risk f a security incident ccurring. External cnnectins must be individually identified at least t the Organisatin level. Access Cntrl Security Standard Page 11 f 12
12 CPIT Crprate Services Divisin: ICT Access rights must be agreed and the level f access determined thrugh the access checklist, see sectin 2.1 Details f the remte access accunt shuld be kept recrding the fllwing infrmatin: When the accunt was created and why, Remte Access why wrry? External r remte user access t CPIT cmputer systems and netwrks must have the apprpriate authrisatin. This is t ensure that nly apprved and essential cnnectins are permitted. Access requirements (which part f the netwrk they have access t), Wh authrised the access, The methd utilised t cnnect t resurces, and The review date fr the remte access. With any remte access service there is an increased level f risk which needs t be explained, precautins undertaken and reviews made t keep ICT services secure. Any additinal Remte access services must be designed t: Restrict remte access traffic t specific parts f the netwrk (achieved thrugh firewalls, virtual LAN, web publishing services etc), Restrict access frm designated access pints, Verify the surce f the external cnnectin thrugh technlgy including using specific IP addresses. Third Party accunts must be reviewed at regular intervals (recmmend 6 mnths). Third Party accunts must be remved prmptly when n lnger required. Any dedicated equipment used t enable access including: ADSL ruters, data cards, etc, must be returned t ICT. This is the end f the Access Cntrl Standard This standard is ne f six standards that prvide advice and guidance n the best practices t fllw when using and accessing ICT services. The ther standards are available n the CPIT ICT intranet. Access Cntrl Security Standard Page 12 f 12
IT Account and Access Procedure
IT Accunt and Access Prcedure Revisin Histry Versin Date Editr Nature f Change 1.0 3/23/06 Kelly Matt Initial Release Table f Cntents 1.0 Overview... 1 2.0 Purpse... 1 3.0 Scpe... 1 4.0 Passwrds... 1 4.1
More informationHIPAA HITECH ACT Compliance, Review and Training Services
Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical
More informationTrustED Briefing Series:
TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers
More informationGUIDANCE FOR BUSINESS ASSOCIATES
GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.
More informationSecurity Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview
Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the
More informationCOPIES-F.Y.I., INC. Policies and Procedures Data Security Policy
COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus
More informationCPIT Aoraki Communications and Operations Management
This security standard refers t CPIT, which is the current legal name fr the new rganisatin established 1 January 2016 bringing tgether CPIT and Araki Plytechnic. Knwn as CPIT Araki the new rganisatin
More informationCPIT Aoraki ICT Asset and Media Security Standard
CPIT Araki Crprate Services Divisin: ICT This security standard refers t CPIT, which is the current legal name fr the new rganisatin established 1 January 2016 bringing tgether CPIT and Araki Plytechnic.
More informationUniversity of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments
University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department
More informationVCU Payment Card Policy
VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this
More informationVersion Date Comments / Changes 1.0 January 2015 Initial Policy Released
Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance
More informationInformation Services Hosting Arrangements
Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based
More informationChange Management Process For [Project Name]
Management Prcess Fr [Prject Name] i 1 Intrductin The is fllwed during the Executin phase f the Prject Management Life Cycle, nce the prject has been frmally defined and planned. 1.1 What is a Management
More informationCloud Services MDM. Windows 8 User Guide
Clud Services MDM Windws 8 User Guide 10/24/2014 CONTENTS Overview... 2 Supprted Devices... 2 System Capabilities... 2 Enrllment and Activatin... 3 Prcess Overview... 3 Verify Prerequisites... 3 Dwnlad
More informationIT CONTROL ENVIRONMENT ASSESSMENT AND RECOMMENDATIONS REPORT
Chairpersn and Subcmmittee Members AUDIT AND RISK SUBCOMMITTEE 6 AUGUST 2015 Meeting Status: Public Purpse f Reprt: Fr Infrmatin IT CONTROL ENVIRONMENT ASSESSMENT AND RECOMMENDATIONS REPORT PURPOSE OF
More informationFAYETTEVILLE STATE UNIVERSITY
FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty
More informationEA-POL-015 Enterprise Architecture - Encryption Policy
Technlgy & Infrmatin Services EA-POL-015 Enterprise ure - Encryptin Plicy Authr: Craig Duglas Date: 17 March 2015 Dcument Security Level: PUBLIC Dcument Versin: 1.0 Dcument Ref: EA-POL-015 Dcument Link:
More informationPersonal Data Security Breach Management Policy
Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner
More informationLINCOLNSHIRE POLICE Policy Document
LINCOLNSHIRE POLICE Plicy Dcument 1. POLICY IDENTIFICATION PAGE POLICY TITLE: ICT CHANGE & RELEASE MANAGEMENT POLICY POLICY REFERENCE NO: PD 186 POLICY OWNERSHIP: ACPO Cmmissining Officer: Prtfli / Business-area
More informationData Protection Policy & Procedure
Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015
More informationPassword Reset for Remote Users
1 Passwrd Reset fr Remte Users Curin prvides a cmpnent fr the PasswrdCurier Passwrd Prvisining System that manages the lcal passwrd cache in cnjunctin with self-service passwrd reset activities. The slutin
More informationIn addition to assisting with the disaster planning process, it is hoped this document will also::
First Step f a Disaster Recver Analysis: Knwing What Yu Have and Hw t Get t it Ntes abut using this dcument: This free tl is ffered as a guide and starting pint. It is des nt cver all pssible business
More informationPENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK
Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs
More informationSystems Support - Extended
1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets
More informationIntroduction LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE. 2015 Savision B.V. savision.com All rights reserved.
Rev 7.5.0 Intrductin 2 LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE 2015 Savisin B.V. savisin.cm All rights reserved. This manual, as well as the sftware described in it, is furnished under license and
More informationAccess EEC s Web Applications... 2 View Messages from EEC... 3 Sign In as a Returning User... 3
EEC Single Sign In (SSI) Applicatin The EEC Single Sign In (SSI) Single Sign In (SSI) is the secure, nline applicatin that cntrls access t all f the Department f Early Educatin and Care (EEC) web applicatins.
More informationIntel Hybrid Cloud Management Portal Update FAQ. Audience: Public
Intel Hybrid Clud Management Prtal Update FAQ Audience: Public Purpse: Prepare fr the launch f the Intel Hybrid Clud Platfrm multi-user/multi-tier update Versin: Final FAQs What s new in the Intel Hybrid
More information5.2.1 Passwords. Information Technology Policy. Policy. Purpose. Policy Statement. Applicability of this Policy
Infrmatin Technlgy Plicy 5.2.1 Passwrds Plicy Area: 5.2 Security Title: 5.2.1 Passwrds Issued by: Assistant Vice-President/CIO, ITS Date Issued: 2006 July 24 Last Revisin Date: 2011 Octber 19 Apprved by:
More informationefusion Table of Contents
efusin Cst Centers, Partner Funding, VAT/GST and ERP Link Table f Cntents Cst Centers... 2 Admin Setup... 2 Cst Center Step in Create Prgram... 2 Allcatin Types... 3 Assciate Payments with Cst Centers...
More informationServ-U Distributed Architecture Guide
Serv-U Distributed Architecture Guide Hrizntal Scaling and Applicatin Tiering fr High Availability, Security, and Perfrmance Serv-U Distributed Architecture Guide v14.0.1.0 Page 1 f 16 Intrductin Serv-U
More informationTHE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM
THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant
More informationScaleIO Security Configuration Guide
ScaleIO Security Cnfiguratin Guide 1 Intrductin This sectin prvides an verview f the settings available in ScaleIO t ensure secure peratin f the prduct: Security settings are divided int the fllwing categries:
More informationRequest for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply
Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t
More informationInternet and E-Mail Policy User s Guide
Internet and E-Mail Plicy User s Guide Versin 2.2 supprting partnership in mental health Internet and E-Mail Plicy User s Guide Ver. 2.2-1/5 Intrductin Health and Scial Care requires a great deal f cmmunicatin
More informationName. Description. Rationale
Cmplliiance Cmpnentt Descriptin Ratinale Benefits List the Dmain List the Discipline List the Technlgy Area List Prduct Cmpnent Dcument the Cmpliance Cmpnent Type Cmpnent Sub-type DEEFFI INITION Hst-Based
More informationImproved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1
Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues
More informationChange Management Process
Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses
More informationSession 9 : Information Security and Risk
INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin
More informationSymantec User Authentication Service Level Agreement
Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed
More informationHIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337
HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders
More informationPlus500CY Ltd. Statement on Privacy and Cookie Policy
Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and
More informationInternal Audit Charter and operating standards
Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw
More informationUnified Infrastructure/Organization Computer System/Software Use Policy
Unified Infrastructure/Organizatin Cmputer System/Sftware Use Plicy 1. Statement f Respnsibility All emplyees are charged with the security and integrity f the cmputer system. Emplyees are asked t help
More informationHelpdesk Support Tickets & Knowledgebase
Helpdesk Supprt Tickets & Knwledgebase User Guide Versin 1.0 Website: http://www.mag-extensin.cm Supprt: http://www.mag-extensin.cm/supprt Please read this user guide carefully, it will help yu eliminate
More informationMontana Acquisition & Contracting System (emacs) emacs Handbook. Vendor Registration and Data Management
Mntana Acquisitin & Cntracting System (emacs) emacs Handbk Vendr Registratin and Data Management Welcme The purpse f this emacs Handbk fr Vendr Registratin and Data Management is t prvide vendrs with the
More informationService Desk Self Service Overview
Tday s Date: 08/28/2008 Effective Date: 09/01/2008 Systems Invlved: Audience: Tpics in this Jb Aid: Backgrund: Service Desk Service Desk Self Service Overview All Service Desk Self Service Overview Service
More informationBackupAssist SQL Add-on
WHITEPAPER BackupAssist Versin 6 www.backupassist.cm 2 Cntents 1. Requirements... 3 1.1 Remte SQL backup requirements:... 3 2. Intrductin... 4 3. SQL backups within BackupAssist... 5 3.1 Backing up system
More informationSources of Federal Government and Employee Information
Inf Surce Surces f Federal Gvernment and Emplyee Infrmatin Ridley Terminals Inc. TABLE OF CONTENTS General Infrmatin Intrductin t Inf Surce Backgrund Respnsibilities Institutinal Functins, Prgram and Activities
More informationVersion: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013
Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch
More informationSupersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5
Plicy: 13.01 SUBJECT: INTERNET USAGE Supersedes: DPS Plicy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 f 5 1.0 POLICY PURPOSE Detrit Public Schls (DPS) Internet
More informationGETTING STARTED With the Control Panel Table of Contents
With the Cntrl Panel Table f Cntents Cntrl Panel Desktp... 2 Left Menu... 3 Infrmatin... 3 Plan Change... 3 Dmains... 3 Statistics... 4 Ttal Traffic... 4 Disk Quta... 4 Quick Access Desktp... 4 MAIN...
More informationMaaS360 Cloud Extender
MaaS360 Clud Extender Installatin Guide Cpyright 2012 Fiberlink Cmmunicatins Crpratin. All rights reserved. Infrmatin in this dcument is subject t change withut ntice. The sftware described in this dcument
More informationGUIDELINES FOR SECURING SOCIAL MEDIA ACCOUNTS. Version 1.0
GUIDELINES FOR SECURING SOCIAL MEDIA ACCOUNTS Versin 1.0 Published Octber 2015 Dcument Cntrl Versin: 1.0 Authr: Cyber Security Divisin - ictqatar Classificatin: Public Date f Issue: Octber 2015 2 Page
More informationCHANGE MANAGEMENT STANDARD
The electrnic versin is current, r when printed and stamped with the green cntrlled dcument stamp. All ther cpies are uncntrlled. DOCUMENT INFORMATION Descriptin Dcument Owner This standard utlines the
More informationInformation Security Policy
Infrmatin Security Plicy Last updated: 09 March 2010 Plicy Assigned t: Chief Infrmatin Officer, ICT Table f Cntents 1. Overview... 2 2. Backgrund... 2 3. Cverage... 2 4. Definitins... 3 5. Risk Assessment
More informationABELMed Platform Setup Conventions
ABELMed Platfrm Setup Cnventins 1 Intrductin 1.1 Purpse f this dcument The purpse f this dcument is t prvide prspective ABELMed licensees and their hardware vendrs with the infrmatin that they will require
More informationWelcome to Remote Access Services (RAS)
Welcme t Remte Access Services (RAS) Our gal is t prvide yu with seamless access t the TD netwrk, including the TD intranet site, yur applicatins and files, and ther imprtant wrk resurces -- whether yu
More informationOrganisational self-migration guide an overview V1-5 April 2014
Organisatinal self-migratin guide an verview V1-5 April 2014 Cpyright 2013, Health and Scial Care Infrmatin Centre. 1 Self Migratin t NHSmail an verview fr rganisatins Cntents Intrductin 3 1. Initial preparatins
More informationWest Yorkshire Fire & Rescue Service. Data Quality Policy
West Yrkshire Fire & Rescue Service Data Quality Plicy Ownership: Crprate Services Date Issued: Nvember 2007 Date Last Mdified: August 2012 Cntents Table f Cntents Page N. 1 Intrductin 3 2 Why is data
More informationHealth and Safety Training and Supervision
Intrductin: Health and Safety Training and Supervisin University f Nttingham is cmmitted t maintaining and develping standards f excellence in all aspects f its business. T that end, the University aspires
More informationCASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT
CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles
More informationFINRA Regulation Filing Application Batch Submissions
FINRA Regulatin Filing Applicatin Batch Submissins Cntents Descriptin... 2 Steps fr firms new t batch submissin... 2 Acquiring necessary FINRA accunts... 2 FTP Access t FINRA... 2 FTP Accunt n FINRA s
More informationStage 2 Meaningful Use - Core Measure 12 Patient Reminders Configuration Guide
Enterprise EHR Stage 2 Meaningful Use - Cre Measure 12 Patient Reminders Cnfiguratin Guide Last Updated: Nvember 8, 2013 Cpyright 2013 Allscripts Healthcare, LLC. www.allscripts.cm MU Cre 12 Send Patient
More informationOITS Service Level Agreement
OITS Service Level Agreement Objective A Service Level Agreement (SLA) describes the IT Service, dcuments Service Level Targets, and specifies the respnsibilities f the IT Service Prvider and the Custmer.
More information10 th May 2010. Dear Peter, Re: Audit Quality in Australia: A Strategic Review
10 th May 2010 Mr. Peter Levy Audit Quality Strategic Review Crpratins and Financial Services Divisin The Treasury Langtn Crescent PARKES ACT 2600 Dear Peter, Re: Audit Quality in Australia: A Strategic
More informationManaged Firewall Service Definition. SD007v1.1
Managed Firewall Service Definitin SD007v1.1 Managed Firewall Service Definitin Service Backgrund It is imprtant t nte that the functin f any firewall service is t filter traffic cming int the netwrk (als
More informationOnline Learning Portal best practices guide
Online Learning Prtal Best Practices Guide best practices guide This dcument prvides Micrsft Sftware Assurance Benefit Administratrs with best practices fr implementing e-learning thrugh the Micrsft Online
More informationState of Wisconsin. File Server Service Service Offering Definition
State f Wiscnsin File Server Service Service Offering Definitin Dcument Revisin Histry Date Versin Creatr Ntes 2/16/2008 1.0 JD Urfer First pass 2/16/2008 2.0 Tm Runge Editing changes 2/19/2009 2.1 Tm
More informationMDSB. MemberDirect Small Business. User Guide
MDSB MemberDirect Small Business User Guide Table f Cntents Small Business Upgrade... 1 Member Lgin... 3 Delegate Manager... 3 Add a Delegate... 4 Edit a Delegate... 6 Reset a Delegate s Access and /r
More informationUBC Incident Response Plan V1.5
UBC Incident Respnse Plan V1.5 Cntents 1. Ratinale... 2 2. Objective... 2 3. Applicatin... 2 4. Reprting a Cmputer Security Incident... 2 5. Managing the Security Incident... 2 5.1. All Incidents... 2
More informationInformation Systems Overview & Epic Medical Staff Training
Infrmatin Systems Overview & Epic Medical Staff Training Welcme & Overview... 2 Welcme... 2 Overview & Checklist... 2 User ID & Registratin... 3 Request Fr Access Frm... 3 Cntacting Epic Training... 3
More information17 Construction environmental management plan (CEMP)
17 Cnstructin envirnmental management plan (CEMP) Bur Happld Cntents 17 Cnstructin Envirnmental Management Plan (CEMP) 17-1 17.1 Intrductin 17-1 17.2 Intrductin t EMS 17-1 17.2.1 Plicy 17-2 17.2.2 Planning
More informationTechnical Writing - TheUsers Visa (SHR User Accunt)
POLICY Number: 7311-25-004 Title: Saskatn Health Regin User Accunt Plicy Authrizatin [ ] President and CEO [X] Vice President, Finance and Crprate Services Surce: Directr, Infrmatin Technlgy Services Crss
More informationCSAT Account Management
CSAT Accunt Management User Guide March 2011 Versin 2.1 U.S. Department f Hmeland Security 1 CSAT Accunt Management User Guide Table f Cntents 1. Overview... 1 1.1 CSAT User Rles... 1 1.2 When t Update
More informationPENNSYLVANIA SURPLUS LINES ASSOCIATION Electronic Filing System (EFS) Frequently Asked Questions and Answers
PENNSYLVANIA SURPLUS LINES ASSOCIATION Electrnic Filing System (EFS) Frequently Asked Questins and Answers 1 What changed in Release 2.0?...2 2 Why was my accunt disabled?...3 3 Hw d I inactivate an accunt?...4
More informationDisplayNote Technologies Limited Data Protection Policy July 2014
DisplayNte Technlgies Limited Data Prtectin Plicy July 2014 1. Intrductin This dcument sets ut the bligatins f DisplayNte Technlgies Limited ( the Cmpany ) with regard t data prtectin and the rights f
More informationVulnerability Management:
Vulnerability Management: Creating a Prcess fr Results Kyle Snavely Veris Grup, LLC Summary Organizatins increasingly rely n vulnerability scanning t identify risks and fllw up with remediatin f thse risks.
More informationData Protection Act Data security breach management
Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing
More informationThe ADVANTAGE of Cloud Based Computing:
The ADVANTAGE f Clud Based Cmputing: A Web Based Slutin fr: Business wners and managers that perate equipment rental, sales and/r service based rganizatins. R M I Crpratin Business Reprt RMI Crpratin has
More informationViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation
ViPNet VPN in Cisc Envirnment Supplement t ViPNet Dcumentatin 1991 2015 Inftecs Americas. All rights reserved. Versin: 00121-04 90 02 ENU This dcument is included in the sftware distributin kit and is
More informationCorporate Standards for data quality and the collation of data for external presentation
The University f Kent Crprate Standards fr data quality and the cllatin f data fr external presentatin This paper intrduces a set f standards with the aim f safeguarding the University s psitin in published
More informationHillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network
2361/Page 1 f 6 Hillsbrugh Bard f Educatin Acceptable Use Plicy fr Using the Hillsbrugh Twnship Public Schls Netwrk It is the gal f the HTPS (Hillsbrugh Twnship Public Schls) Netwrk t prmte educatinal
More informationMCSA: Windows 7 Boot Camp for Desktop Support Technicians
MCSA: Windws 7 Bt Camp fr Desktp Supprt Technicians Prepare fr the Enterprise Desktp Supprt Technician certificatin n Windws 7. Gain the clud-related skills required fr the latest Micrsft certificatins
More informationChapter 7 Business Continuity and Risk Management
Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity
More informationUSF Remote Desktop Gateway
USF Remte Desktp Gateway Fr Hme Cmputers and Laptps Running Windws XP The Remte Desktp Gateway (RDG) allws access t yur USF campus cmputer frm remte lcatins while adding an additinal layer f security t
More informationWatchDox Server. Administrator's Guide. Version 3.8.5
WatchDx Server Administratr's Guide Versin 3.8.5 Cnfidentiality This dcument cntains cnfidential material that is prprietary WatchDx. The infrmatin and ideas herein may nt be disclsed t any unauthrized
More informationAudit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd
Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew
More informationROSS RepliWeb Operations Suite for SharePoint. SSL User Guide
ROSS RepliWeb Operatins Suite fr SharePint SSL User Guide Sftware Versin 2.5 March 18, 2010 RepliWeb, Inc., 6441 Lyns Rad, Ccnut Creek, FL 33073 Tel: (954) 946-2274, Fax: (954) 337-6424 E-mail: inf@repliweb.cm,
More informationHarePoint HelpDesk for SharePoint. For SharePoint Server 2010, SharePoint Foundation 2010. User Guide
HarePint HelpDesk fr SharePint Fr SharePint Server 2010, SharePint Fundatin 2010 User Guide Prduct versin: 14.1.0 04/10/2013 2 Intrductin HarePint.Cm (This Page Intentinally Left Blank ) Table f Cntents
More informationNERC-CIP Cyber Security Standards Compliance Documentation
Cmpliance Dcumentatin Briv OnAir 8/3/20154 Page 2 Overview This dcument is intended t be the primary surce f infrmatin fr Briv s cmpliance with the Nrth America Electric Reliability Crpratin (NERC) reliability
More informationJunos Pulse Instructions for Windows and Mac OS X
Juns Pulse Instructins fr Windws and Mac OS X When yu pen the Juns client fr the first time yu get the fllwing screen. This screen shws yu have n cnnectins. Create a new cnnectin by clicking n the + icn.
More informationHow To Ensure That The Internet Is Safe For A Health Care Worker
POLICY Dc. Cde: IS I5 INTERNET - ACCEPTABLE USE Applicable t: MidCentral DHB Including MidCentral Health & Enable NZ Issued by: Infrmatin Systems Cntact: Manager Service Delivery 1. PURPOSE This plicy
More information.100 POLICY STATEMENT
Treasury Management Operatins Sectin: Treasury Management Number: 105.100 Title: Treasury Management Operatins POLICY Index.100 POLICY STATEMENT.110 POLICY RATIONALE.120 AUTHORITY.130 APPROVAL AND EFFECTIVE
More informationAdobe Sign. Enabling Single Sign-On with SAML Reference Guide
Enabling Single Sign-On with SAML Reference Guide 2016 Adbe Systems Incrprated. All Rights Reserved. Prducts mentined in this dcument, such as the services f identity prviders Micrsft Active Directry Federatin,
More informationGeneral Records Authority 33. Accredited Training
General Recrds Authrity 33 2012/00579704 Accredited Training February 2013 This is an accurate reprductin f the authrised recrds authrity cntent, created fr accessibility purpses CONTENTS INTRODUCTION
More informationThe user authentication process varies from client to client depending on internal resource capabilities, and client processes and procedures.
Learn Basic Single Sign-On Authenticatin Tale s Basic SSO applicatin grants Learn access t users withut requiring that they enter authenticatin lgin credentials (username and passwrd). The access pint
More informationWadham College Information Security Policy
Wadham Cllege Infrmatin Security Plicy 1. Intrductin In July 2012 the University f Oxfrd apprved its Infrmatin Security plicy that had been created t prtect the University frm serius infrmatin security
More informationDuration of job. Context and environment: (e.g. dept description, region description, organogram)
Rle Prfile Jb Descriptin Jb Title Ref n: Prgramme Manager, Services fr Internatinal Educatin Marketing Directrate r Regin East Asia Department/Cuntry Indnesia Lcatin f pst Jakarta Pay Band G Reprts t Senir
More informationDeployment Overview (Installation):
Cntents Deplyment Overview (Installatin):... 2 Installing Minr Updates:... 2 Dwnlading the installatin and latest update files:... 2 Installing the sftware:... 3 Uninstalling the sftware:... 3 Lgging int
More information