Remote Access and Network Security Statement For Apple
|
|
- Winfred Poole
- 3 years ago
- Views:
Transcription
1 Remote Access and Mobile Working Policy & Guidance
2 Document Control Document Details Author Adrian Last Company Name The Crown Estate Division Name Information Services Document Name Remote Access and Mobile Working Policy Version Date 11/08/11 Effective Date 1 November 2012 Issue THREE Review Date October 2013 Change Record Modified Date Author Version Description of Changes 12/05/2010 Clare Kelly 1.1 Incorporates amendments by TB, CK and NS 04/05/2011 R McCaughan 1.2 Incorporated VPN policy 06/07/2011 S Smith 1.3 Review on behalf of Service Desk 09/08/2011 S Smith 1.4 References made to Edge and Direct Access 15/10/2012 S Smith 1.5 Removed references soley to Smartphones and replaced with mobile devices. Add statement for Apple s Common Criteria Certification Security Statement 17/10/2012 A R Last 1.6 Annual review Stakeholder Sign off Name Position Signature Date Nigel Spencer Information Services Manager July 2011 Clare Kelly IT Support Manager July 2011 Nigel Spencer Head of IS October 2012 Security Sign-off Name Position Signature Date Adrian Last Business Support Manager August 2011 Adrian Last ISMS Manager October
3 Table of Contents 1. Purpose 3 2. Scope 3 3. Policy Policy Statement Policy Objectives Policy Overview Policy Maintenance 4 4. Policy Requirements General Documentation and Data Working Remotely General Rules & Principles of VPN s (Virtual Private Networks) Telephone Direct Access Edge devices (Homeworker solution) Reporting Security Incidents Business Continuity User Awareness 6 5. Disciplinary Process 6 6. Deviations from Policy 7 7. Glossary of Terms 7 Appendix A List of related documents, procedures and processes 8 2
4 1. Purpose The purpose of this policy is to protect the confidentiality, integrity and availability of The Crown Estate s information by controlling remote access to its IT systems and to define standards for connecting to The Crown Estate s network from any host. 2. Scope The scope of this policy applies to: The Crown Estate s personnel, temporary staff, contractors and service providers utilising The Crown Estate s information system resources from a remote location; and Information system resources, including data networks, LAN servers and personal computers (stand-alone or network-enabled) located on The Crown Estate and non-crown Estate locations, where these systems are under the jurisdiction and/or ownership of The Crown Estate, and any personal computers and/ or servers authorised to access The Crown Estate s data networks. Third parties shall also adhere to this policy. Remote access connections used to do work on behalf of The Crown Estate, including reading, sending and viewing intranet web resources from all types of equipment. 3. Policy 3.1. Policy Statement The Crown Estate s information system resources are assets important to The Crown Estate s business and stakeholders and its dependency on these assets demands that appropriate levels of information security be instituted and maintained. It is The Crown Estate s policy that appropriate remote access control measures are implemented to protect its information system resources against accidental or malicious destruction, damage, modification or disclosure, and to maintain appropriate levels of confidentiality, integrity and availability of such information system resources Policy Objectives The objectives of this policy with regard to the protection of information system resources against unauthorised access from remote locations are to: Minimise the threat of accidental, unauthorised or inappropriate access to either electronic or paper-based information owned by The Crown Estate or temporarily entrusted to it; Minimise The Crown Estate s network exposure, which may result in a compromise of network integrity, availability and confidentiality of information system resources; and Minimise reputation exposure, which may result in loss, disclosure or corruption of sensitive information and breach of confidentiality Policy Overview The Crown Estate information system resources are important business assets that are vulnerable to access by unauthorised individuals or unauthorised remote electronic processes. Sufficient precautions are required to prevent and detect unwanted access from unauthorised users in remote locations. Users should be made aware of the dangers of unauthorised remote access, and managers should, where appropriate, introduce special controls to detect or prevent such access. 3
5 3.4. Policy Maintenance Supporting standards, guidelines and procedures will be issued on an ongoing basis by The Crown Estate. Users will be informed of any subsequent changes or updated versions of such standards, guidelines and procedures by way of or other relevant communication media. Users shall then have the obligation to obtain the current information systems policies from The Crown Estate intranet (i-site) or other relevant communication media on an ongoing basis and accept the terms and conditions contained therein. 4. Policy Requirements The Crown Estate s information system resources shall be appropriately protected to prevent unauthorised remote access General It is the responsibility of The Crown Estate s employees, contractors, vendors and agents with remote access privileges to The Crown Estate s corporate network to ensure that their remote access connection is given the same consideration as their on-site connection to The Crown Estate. IT equipment provided to the employee to support working from home is for the exclusive use of that employee alone The only permitted remote access method for non Crown Estate computers is via terminal services or The Crown Estate Extranet or the Guest Wireless Network if at one of The Crown Estate Office s offering that facility. Mobile devices e.g Blackberrys, smartphones, iphones and ipads are managed and supported by The Crown Estate IT Service Desk. Users are permitted to connect their personal mobile devices to The Crown Estate system. However, the IT Service Desk will only provide support for this method of connection on a goodwill basis. Furthermore, it is the responsibility of the user to ensure that their personal mobile device is protected by a password. If that device is lost or stolen then it is the responsibility of the user to advise their mobile provider and arrange for the device to be removed from the service. If the IT Service Desk believes that access to The Crown Estate systems is occurring without adequate security provisions, this facility will be withdrawn immediately and a request for the mobile device to be wiped will be issued. The use of external accounts (i.e. Hotmail, Yahoo, AOL), or other external resources to conduct The Crown Estate business is forbidden. The ISMS Committee will be the final arbiter for methods of connection to The Crown Estate corporate IT network Documentation and Data All sensitive and business critical documentation belonging to The Crown Estate and being used at a remote location must be securely stored and not displayed in a manner which allows its content to be viewed by unauthorised persons. Data and documents belonging to The Crown Estate must not be stored on personal equipment unless permission from the Line Manager has been obtained. Any data stored on personal equipment must be encrypted, using advice obtained from the IT Service Desk. iphones and ipads are managed and supported using Apple s Common Criteria Certification 4
6 Security Statement Working Remotely Employees wishing to work away from the office occasionally must secure the agreement of their Line Manager prior to the actual date of working remotely. When approving requests, Line Managers are responsible for ensuring that there is a clear business requirement for the employee to undertake work remotely rather than attending the office. Retrospective requests will not normally be agreed and any absence may be considered as unauthorised, which may lead to disciplinary action being taken. Employees wishing to work from their own equipment should ensure that their hardware and software configuration complies with The Crown Estate s minimum requirements. This check should be done before the date on which they have booked to work remotely May to 2007 ensure that any necessary patches or updates can be implemented. See Remote Access Via Terminal Services User Guide on I-Site. It is the responsibility of the user to ensure their own equipment is patched accordingly. The IT Service Desk will advise the user only on suggested actions but they will not action any changes to non-crown Estate equipment. Subject to line management approval and hardware availability a laptop or other equipment may be provided if the employee intends to work remotely on a more frequent basis. The Crown Estate will retain ownership of the equipment and also insure and maintain the equipment. The employee must take good care of the equipment and ensure that it be used in accordance with The Crown Estate s full range of policies. Alternatively, the employee has access to pool laptops which, subject to availability, can be used when required. When working in a public area, for instance on a train, the employee must take all reasonable steps to ensure that The Crown Estate s information remains confidential and secure. The employee must ensure that any documents/laptop screens are, as much as possible, not readily visible to members of the public General Rules & Principles of Virtual Private Networks (VPNs) It is the responsibility of employees with VPN privileges to ensure that unauthorized users are not allowed access to The Crown Estate internal networks. VPN use is to be controlled using either a one-time password authentication such as a token device or a public/private key system with a strong passphrase. When actively connected to the corporate network, VPNs will force all traffic to and from the PC over the VPN tunnel: all other traffic will be dropped. Dual (split) tunnelling is NOT permitted; only one network connection is allowed. VPN gateways will be set up and managed by The Crown Estate network operational groups. All computers connected to The Crown Estate internal networks via VPN or any other technology must use the most up-to-date anti-virus software that is the corporate standard (provide URL to this software); this includes personal computers. VPN users will be automatically disconnected from The Crown Estate s network after thirty minutes of inactivity. The user must then logon again to reconnect to the network. Pings or other artificial network processes are not to be used to keep the connection open. Users of computers that are not The Crown Estate-owned equipment must configure the 5
7 equipment to comply with The Crown Estate s Network related policies. Only Crown Estate approved VPN clients may be used. By using VPN technology with personal equipment, users must understand that their machines are a de facto extension of The Crown Estate s network, and as such are subject to the same rules and regulations that apply to The Crown Estate-owned equipment, i.e., their machines must be configured to comply with The Crown Estate s information security policies Telephone The Crown Estate will provide external access to voic (via Outlook Web Access via the extranet) which the employee will be required to check on a regular basis when working away from the office. Any application for a mobile phone will need to be agreed by the employee s Line Manager and reviewed by the IT Service Desk on a case-by-case basis Direct Access The Crown Estate will provide external access to members of the business who use a laptop via the Microsoft Direct Access method. See 4.4 General Rules & Principles of Virtual Private Networks (VPNs) for expectations and responsibilities Edge devices (Homeworker solution) Where The Crown Estate provides exceptionally a full Homeworker solution it is expected that that all equipment provided will be used solely for work on behalf of The Crown Estate. See 4.4 General Rules & Principles of VPN s (Virutal Private Networks) Management and HR approval is required for the above solution Reporting Security Incidents All security incidents, including actual or potential unauthorised access to The Crown Estate s information systems via remote access, should be reported immediately to the ISMS Manager or Head of IS Business Continuity Business continuity plans may include provision for working from home or other remote locations in the event of The Crown Estate s corporate headquarters or other premises being unavailable for a significant period of time User Awareness Users commencing remote working will be made aware by their Line Manager of this policy and all its provisions. 5. Disciplinary Process The Crown Estate reserves the right to audit compliance with this policy from time to time. Any disciplinary action, arising from breach of this policy, shall be taken in accordance with The Crown Estate s Rules and Disciplinary Code as amended from time to time. Disciplinary action may ultimately lead to dismissal. 6
8 7
9 6. Deviations from Policy Unless specifically approved, any deviation from this policy is strictly prohibited. Any deviation from or non-compliance with this policy will be reported to the ISMS Manager & Head of IS. 7. Glossary of Terms The terms used in this policy document are to be found in ISMS Glossary of Terms. In particular, Remote Access and Mobile Working is defined as the means of using The Crown Estate s electronic information resources from a remote location in a way which ensures that they are available only to persons authorised to view or process that information in accordance with predetermined rules. 8
COMMERCIALISM INTEGRITY STEWARDSHIP. Security Breach and Weakness Policy & Guidance
Security Breach and Weakness Policy & Guidance Document Control Document Details Author Adrian Last Company Name The Crown Estate Division Name Information Services Document Name Security Breach & Weakness
More informationCOMMERCIALISM INTEGRITY STEWARDSHIP. Back-up Policy & Guidance
Back-up Policy & Guidance Document Control Document Details Author Adrian Last Company Name The Crown Estate Division Name Information Services Document Name Back Up Policy Version Date 10/10/12 Effective
More informationThe purpose of this policy is to provide guidelines for Remote Access IPSec or Virtual Private
1. Policy Overview The purpose of this policy is to provide guidelines for Remote Access IPSec or Virtual Private Network (VPN) connections to the University of Dammam network. 1.1. Purpose University
More informationRecords Management Policy & Guidance
Records Management Policy & Guidance COMMERCIALISM Document Control Document Details Author Nigel Spencer Company Name The Crown Estate Department Name Information Services Document Name Records Management
More informationADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access
Policy Title: Remote Access Policy Type: Administrative Policy Number: ADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access Approval Date: 05/20/2014 Revised Responsible Office: Office of Information
More informationCOMMERCIALISM INTEGRITY STEWARDSHIP. Policy and Procedure for Remote Working
Policy and Procedure for Remote Working Remote Working Contents 1. Aim and purpose 1 2. General Principles 2 3. Legislation 2 4. Requesting to work remotely 2 5. Approving requests for working remotely
More informationBlue Ridge Community College Information Technology Remote Access Policy
Blue Ridge Community College Information Technology Remote Access Policy Last Revised June 13, 2008 1. Purpose Blue Ridge Community College Information Technology Remote Access Policy This policy provides
More informationCOLORADO DEPARTMENT OF LABOR AND EMPLOYMENT STANDARD POLICY AND PROCEDURE. Remote Access and Security I. PURPOSE.2 II. BACKGROUND.
COLORADO DEPARTMENT OF LABOR AND EMPLOYMENT STANDARD POLICY AND PROCEDURE S T A N D A R D P O L I C Y A N D P R O C E D U R E COLORADO DEPARTMENT OF LABOR AND EMPLOYMENT 1515 Arapahoe Street Denver Colorado
More informationMobile Devices Policy
Mobile Devices Policy Item Policy description Division Director Contact Description Guidelines to ensure that mobile devices are deployed and used in a secure and appropriate manner. IT Services and Records
More informationREMOTE WORKING POLICY
Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance
More informationMobile Security Standard
Mobile Security Standard Title Mobile Security Standard Mobile Device Security Category Version: 18/07/2013 PUBLISHED Author:, IT Services Contact: itsecurity@contacts.bham.ac.uk Mobile Security Standard
More informationHow To Protect Research Data From Being Compromised
University of Northern Colorado Data Security Policy for Research Projects Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope... 1 4.0 Definitions, Roles, and Requirements... 1 5.0 Sources of Data...
More information1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...
Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless
More informationIxion Group Policy & Procedure. Remote Working
Ixion Group Policy & Procedure Remote Working Policy Statement The Ixion Group (Ixion) provide laptops and other mobile technology to employees who have a business requirement to work away from Ixion premises
More informationConsensus Policy Resource Community. Lab Security Policy
Lab Security Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is
More informationSAO Remote Access POLICY
SAO Remote Access POLICY Contents PURPOSE... 4 SCOPE... 4 POLICY... 4 AUTHORIZATION... 4 PERMITTED FORMS OF REMOTE ACCESS... 5 REMOTE ACCESS USER DEVICES... 5 OPTION ONE: SAO-OWNED PC... 5 OPTION TWO:
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationTEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for
More informationARTICLE 10. INFORMATION TECHNOLOGY
ARTICLE 10. INFORMATION TECHNOLOGY I. Virtual Private Network (VPN) The purpose of this policy is to provide guidelines for Virtual Private Network (VPN) connections to Education Division s resources.
More informationDublin Institute of Technology IT Security Policy
Dublin Institute of Technology IT Security Policy BS7799/ISO27002 standard framework David Scott September 2007 Version Date Prepared By 1.0 13/10/06 David Scott 1.1 18/09/07 David Scott 1.2 26/09/07 David
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationABERDARE COMMUNITY SCHOOL
ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationesnc ACCESS AGREEMENT
FEDERAL RESERVE BOARD Shared National Credit Function esnc ACCESS AGREEMENT A. Introduction This agreement (Agreement) sets forth the terms for your Institution s use of our Electronic Shared National
More informationVPN Network Access. Principles and Restrictions
BBG VPN WINDOWS CLIENT INSTALLATION PROCEDURES Page 1 of 11 Principles and Restrictions VPN Network Access High Speed access via broadband Internet connections is available for the Agency network resources
More informationLAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY
LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationDHHS Information Technology (IT) Access Control Standard
DHHS Information Technology (IT) Access Control Standard Issue Date: October 1, 2013 Effective Date: October 1,2013 Revised Date: Number: DHHS-2013-001-B 1.0 Purpose and Objectives With the diversity of
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationInformation Services. The University of Kent Information Technology Security Policy
Information Services The University of Kent Information Technology Security Policy 1. General The University IT Security Policy (the Policy) shall be approved by the Information Services Committee (ISC)
More informationRemote Working and Portable Devices Policy
Remote Working and Portable Devices Policy Policy ID IG04 Version: V1 Date ratified by Governing Body 29/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review
More informationMusina Local Municipality. Information and Communication Technology User Account Management Policy -Draft-
Musina Local Municipality Information and Communication Technology User Account Management Policy -Draft- Version Control Version Date Author(s) Details V1.0 June2013 Perry Eccleston Draft Policy Page
More informationCCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY
CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review
More informationInformation Security Policy. Policy and Procedures
Information Security Policy Policy and Procedures Issue Date February 2013 Revision Date February 2014 Responsibility/ Main Point of Contact Neil Smedley Approved by/date Associated Documents Acceptable
More informationTameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:
Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationmicros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.
micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 1 Table of Contents Overview /Standards: I. Information Security Policy/Standards Preface...5 I.1 Purpose....5
More information[BRING YOUR OWN DEVICE POLICY]
2013 Orb Data Simon Barnes [BRING YOUR OWN DEVICE POLICY] This document specifies a sample BYOD policy for use with the Orb Data SaaS MDM service Contents 1 ACCEPTABLE USE... 3 1.1 GENERAL RULES... 3 2
More informationVersion: 2.0. Effective From: 28/11/2014
Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director
More informationRemote Access Policy
BASINGSTOKE AND NORTH HAMPSHIRE NHS FOUNDATION TRUST Remote Access Policy Summary This is a new document which sets out the policy for remote access to the Trust s network and systems. Remote access is
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September
More informationUniversity of Sunderland Business Assurance PCI Security Policy
University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Chief Financial
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationCentral Agency for Information Technology
Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage
More informationNHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction
NHSnet : PORTABLE COMPUTER SECURITY POLICY 9.2 Introduction This document comprises the IT Security policy for Portable Computer systems as described below. For the sake of this document Portable Computers
More informationGuidance on Bring Your Own Device (BYOD) Policy for Staff, Pupils and Visitors
Guidance on Bring Your Own Device (BYOD) Policy for Staff, Pupils and Visitors Policy Nr 109 Published 30-Jun-15 Page 1 of 5 Bring Your Own Device (BYOD) Policy for Staff, Pupils and Visitors School Guidelines
More informationWritten Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.
Written Information Security Plan (WISP) for HR Knowledge, Inc. This document has been approved for general distribution. Last modified January 01, 2014 Written Information Security Policy (WISP) for HR
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationRotherham CCG Network Security Policy V2.0
Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October
More informationLSE PCI-DSS Cardholder Data Environments Information Security Policy
LSE PCI-DSS Cardholder Data Environments Information Security Policy Written By: Jethro Perkins, Information Security Manager Reviewed By: Ali Lindsley, PCI-DSS Project Manager Endorsed By: PCI DSS project
More informationCourse: Information Security Management in e-governance
Course: Information Security Management in e-governance Day 2 Session 2: Security in end user environment Agenda Introduction to IT Infrastructure elements in end user environment Information security
More informationRemote Access and Mobile Working Policy. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.1. Approval. Review By June 2012
Remote Access and Mobile Working Policy Document Status Security Classification Version 1.1 Level 4 - PUBLIC Status DRAFT Approval Life 3 Years Review By June 2012 Owner Secure Research Database Analyst
More informationThird Party Security Requirements Policy
Overview This policy sets out the requirements expected of third parties to effectively protect BBC information. Audience Owner Contacts This policy applies to all third parties and staff, including contractors,
More informationINFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c
INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information
More informationIM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...
IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This
More informationAppendix 1b. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA. Review of Mobile Portable Devices Management
Appendix 1b DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA Review of Mobile Portable Devices Management DISTRIBUTION LIST Audit Team David Esling, Head of Audit and Assurance
More informationAccounting and Administrative Manual Section 100: Accounting and Finance
No.: C-13 Page: 1 of 6 POLICY: It is the policy of the University of Alaska that all payment card transactions are to be executed in compliance with standards established by the Payment Card Industry Security
More informationCyber Self Assessment
Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have
More informationHighland Council Information Security Policy
Highland Council Information Security Policy Document Owner: Vicki Nairn, Head of Digital Transformation Page 1 of 16 Contents 1. Document Control... 4 Version History... 4 Document Authors... 4 Distribution...
More informationHengtian Information Security White Paper
Hengtian Information Security White Paper March, 2012 Contents Overview... 1 1. Security Policy... 2 2. Organization of information security... 2 3. Asset management... 3 4. Human Resources Security...
More informationCITY OF BOULDER *** POLICIES AND PROCEDURES
CITY OF BOULDER *** POLICIES AND PROCEDURES CONNECTED PARTNER EFFECTIVE DATE: SECURITY POLICY LAST REVISED: 12/2006 CHRISS PUCCIO, CITY IT DIRECTOR CONNECTED PARTNER SECURITY POLICY PAGE 1 OF 9 Table of
More informationMike Casey Director of IT
Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date
More informationHow to Practice Safely in an era of Cybercrime and Privacy Fears
How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,
More informationDepartment of Information Technology Remote Access Audit Final Report. January 2010. promoting efficient & effective local government
Department of Information Technology Remote Access Audit Final Report January 2010 promoting efficient & effective local government Background Remote access is a service provided by the county to the Fairfax
More informationVirtual Private Networks (VPN) Connectivity and Management Policy
Connectivity and Management Policy VPN Policy for Connectivity into the State of Idaho s Wide Area Network (WAN) 02 September 2005, v1.9 (Previous revision: 14 December, v1.8) Applicability: All VPN connections
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationSTRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction
Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,
More informationAcceptable Use Guidelines
Attachment to the Computer and Information Security and Information Management Policies Acceptable Use Guidelines NZQA Quality Management System Supporting Document Purpose These Acceptable Use Guidelines
More informationInformation Security Program Management Standard
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
More informationA Rackspace White Paper Spring 2010
Achieving PCI DSS Compliance with A White Paper Spring 2010 Summary The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard defined by the Payment Card Industry
More informationWashwood Heath Academy Use by staff of private communication devices policy
As a learning community, Washwood Heath Academy wants all staff and students to be able to be safe users of ICT and all data storage. The development of responsible, independent users is a prime aim of
More informationTHE RICE MARKETING BOARD FOR THE STATE OF NEW SOUTH WALES RESPONSIBLE COMPUTING POLICY
THE RICE MARKETING BOARD FOR THE STATE OF NEW SOUTH WALES RESPONSIBLE COMPUTING POLICY Version Author Date Approved by Board 2009-1 Gillian Kirkup 24 March 2010 Page 1 of 8 THE RICE MARKETING BOARD FOR
More informationNetwork Security Policy
IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service
More informationICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation
ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette
More informationNetwork & Information Security Policy
Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk
More informationManaged Hosting & Datacentre PCI DSS v2.0 Obligations
Any physical access to devices or data held in an Melbourne datacentre that houses a customer s cardholder data must be controlled and restricted only to approved individuals. PCI DSS Requirements Version
More informationBARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY
Putting Barnsley People First BARNSLE CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLIC Version: 2.0 Approved By: Governing Body Date Approved: Feb 2014 (initial approval), March
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationIT TECHNOLOGY ACCESS POLICY
IT TECHNOLOGY ACCESS POLICY Effective Date May 19, 2016 Cross- Reference 1. IT Access Control and User Access Management Policy Responsibility Director, Information 2. IT Acceptable Use Policy Technology
More informationSt Hugh s School. Remote Access Policy
St Hugh s School Remote Access Policy Remote Access Policy v1.0 17/11/15 Item Title Page number 1.0 Introduction 2 1.6 Definitions 2 2.0 Scope and limitations 3 3.0 Available remote services 3-4 4.0 Method
More informationHuddersfield New College Further Education Corporation
Huddersfield New College Further Education Corporation Card Payments Policy (including information security and refunds) 1.0 Policy Statement Huddersfield New College Finance Office handles sensitive cardholder
More informationMONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)
MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) 201 CMR 17.00 Standards for the Protection of Personal Information Of Residents of the Commonwealth of Massachusetts Revised April 28,
More informationUniversity of Kent Information Services Information Technology Security Policy
University of Kent Information Services Information Technology Security Policy IS/07-08/104 (A) 1. General The University IT Security Policy (the Policy) shall be approved by the Information Systems Committee
More informationUse of tablet devices in NHS environments: Good Practice Guideline
Use of Tablet Devices in NHS environments: Good Practice Guidelines Programme NPFIT Document Record ID Key Sub-Prog / Project Technology Office Prog. Director Chris Wilber Status APPROVED Owner James Wood
More informationPolicy Document. Communications and Operation Management Policy
Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author
More informationInformation Security and Electronic Communications Acceptable Use Policy (AUP)
Policy No.: AUP v2.0 Effective Date: August 16, 2004 Revision Date: January 17, 2013 Revision No.: 1 Approval jwv / mkb Information Security and Electronic Communications (AUP) 1. INTRODUCTION Southwestern
More informationOhio Supercomputer Center
Ohio Supercomputer Center Portable Security Computing No: Effective: OSC-09 05/27/09 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original Publication
More informationAppendix 1c. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF NETWORK/INTERNET SECURITY
Appendix 1c DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF NETWORK/INTERNET SECURITY DISTRIBUTION LIST Audit Team Prakash Gohil, Audit Manager Steven Snaith, Risk
More informationAccess Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL
AU7087_C013.fm Page 173 Friday, April 28, 2006 9:45 AM 13 Access Control The Access Control clause is the second largest clause, containing 25 controls and 7 control objectives. This clause contains critical
More informationAPPROVED BY: DATE: NUMBER: PAGE: 1 of 9
1 of 9 PURPOSE: To define standards for appropriate and secure use of MCG Health electronic systems, specifically e-mail systems, Internet access, phones (static or mobile; including voice mail) wireless
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date
More informationMiami University. Payment Card Data Security Policy
Miami University Payment Card Data Security Policy IT Policy IT Standard IT Guideline IT Procedure IT Informative Issued by: IT Services SCOPE: This policy covers all units within Miami University that
More informationTitle: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION
Title: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION The purpose of this policy is to outline essential roles and responsibilities within the University community for
More informationICANWK406A Install, configure and test network security
ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with
More informationInternet Use Policy and Code of Conduct
Internet Use Policy and Code of Conduct UNIQUE REF NUMBER: AC/IG/023/V1.1 DOCUMENT STATUS: Agreed by Audit Committee 18 July 2013 DATE ISSUED: July 2013 DATE TO BE REVIEWED: July 2014 1 P age AMENDMENT
More information