NETWORK INFRASTRUCTURE USE
|
|
- Jeffery Dalton
- 8 years ago
- Views:
Transcription
1 NETWORK INFRASTRUCTURE USE Information Technology Responsible Office: Information Security Office (213) Purpose The (USC) provides its faculty, staff and students with a network infrastructure to facilitate the missions of the university, including instruction, research, service and administration. The purpose of this policy is to confirm the ownership of the USC Network Infrastructure, defined below, and establish the responsibilities of faculty, staff, students and other employees in protecting and securing the network infrastructure. 2.0 Scope This policy applies to all university faculty members (including part time and visiting faculty), staff and other employees (such as postdoctoral scholars) and students (including postdoctoral fellows and graduate students) as well as any other users of the network infrastructure, including independent contractors or others (e.g., temporary agency employees) who may be given access on a temporary basis to university systems. 3.0 Policy 3.1 Ownership of Network Infrastructure The USC Network Infrastructure is owned by and is the property of USC. The Information Technology Services (ITS) department is primarily responsible for overseeing the operations of the network infrastructure. There is no expectation of a right to privacy when using the network infrastructure, which includes, but is not limited to, the following: USC network connections (wired and wireless) and other network equipment including jacks, wiring, switches, panels, hubs and routers; USC network-based communication services, such as and instant messaging; computers and electronic devices (such as desktops, laptops, servers, PDAs and other handheld or mobile equipment, wireless technologies, copiers, Page 1 of 9
2 faxes, pagers, IP phones) that are purchased or leased using university funds; and USC purchased, licensed or developed software. 3.2 User Responsibilities User is defined as anyone who has access to or is otherwise connected to the network infrastructure (see section 2.0, above, and the information security policy at for additional information about users). Users are expected to comply with information security policies to ensure the security of the network infrastructure, which includes ensuring that the devices they use that are connected to the network infrastructure are in compliance with this policy. A complete list of information security policies is available at Users are responsible for utilizing appropriate measures (including passwords, virus protection and current patch management software, and other measures as described below and in the appendices to this document) to protect the security of those components of the network infrastructure that they access and/or use. 3.3 System Administrator Responsibilities System administrator is defined as any faculty, staff, or other employee who has been designated by the USC Information Steward or Owner, as defined in information security policy, as the individual responsible for maintaining the security of the network infrastructure for that particular school, unit, division or department 1. In many cases, the system administrator may be that department or unit s Information Security Liaison, as described in information security policy at The system administrator is responsible for overseeing the security of the network infrastructure for his or her school, unit, division or department, which includes monitoring and oversight of user compliance with this policy. 1 Administrative Information Systems (AIS) and ITS are considered departments or units covered under this policy. Page 2 of 9
3 3.4 Private Networks (a.k.a. Local Area Networks, Sub-Nets, Non-Standard and Specialized Networks) Private networks are defined as any network segment or subnet behind a router, firewall, or Network Address Translation (NAT) device, behind which ITS does not have administrative control of the switches or routers to which the endsystems (PCs, servers, etc.) connect. a) All private networks must have a system administrator assigned to oversee and maintain security, who will liaison with ITS and the Information Security Office (ISO). b) System administrators must promptly register any departmental servers 2 on a private network (as defined in this section) with the Director of ITS Systems Security in accordance with ITS s registration procedures. c) System administrators should document the network infrastructure which includes, but is not limited to, hardware inventory, network diagram, physical location, IP addresses, description and related information about the system. This documentation shall be made available to the ISO and ITS upon request. d) All private networks must comply with all information security policies. 3.5 Access and Authorization Procedures System administrators must establish written procedures to grant, modify, and terminate access to the information systems within the administrator s department, school, or unit. Refer to Appendix A for further information about access and authorization procedures. 3.6 Virus Protection and Patch Management Desktops, laptops, and servers must have up-to-date virus protection and patch management. This is a shared responsibility between the user and system administrator. Refer to Appendix B for further information about computer security maintenance procedures, including how to obtain and maintain current virus protection and patch updates. 2 Departmental server is defined as any server administered or managed within a particular department or unit, including those maintained by ITS and AIS. Page 3 of 9
4 3.7 Audit Logs System administrators are responsible for implementing and monitoring audit logs on desktops containing information requiring enhanced protections (as defined by the information security policy, available at and departmental servers. 3.8 Physical Security System administrators are responsible for establishing procedures to secure the physical environment of departmental servers, including, at minimum: (a) locked or otherwise restricted access to server rooms, and (b) current inventory of all individuals with access to server rooms. 3.9 Unauthorized Access to Network Infrastructure Unauthorized access to, or tampering and interference with, the network infrastructure is prohibited. The responsibility to implement access control mechanisms to prevent unauthorized access or use of the network infrastructure is shared between ITS and the system administrators for private networks. 4.0 System Monitoring and Auditing ITS and the ISO are authorized to monitor the network infrastructure and take proactive measures, including scanning, to maintain operation and security. The ISO is authorized to conduct monitoring and auditing of ITS, users, and system administrators to ensure compliance with this and other information security policies, in coordination with Audit Services, as appropriate. The university reserves the right to access any computer or electronic device connecting to the USC Network Infrastructure in order to verify compliance with this and other applicable information security policies. 5.0 Enforcement Compliance with information security policies shall be monitored regularly in conjunction with the university s monitoring of its information security program. Audit Services will conduct periodic internal audits to ensure compliance with federal and state laws and regulations as well as university policy. Individuals who do not comply with these policies shall be subject to remedial action in accordance with the Faculty Handbook, the Staff Employment Policies and Procedures and SCampus, as appropriate. Page 4 of 9
5 Any disciplinary action under this policy shall take into account the severity of the offense and the individual s intent. Disciplinary action can include revocation of privileges to use or access any or all components of the network infrastructure, up to and including termination or dismissal from USC. Page 5 of 9
6 Related Policy and/or Additional References Appendix A Access Authorization Procedures 1.0 Purpose This appendix A describes the procedures for establishing, modifying, and terminating access to USC information systems. 2.0 Establishing and Modifying Access a) System administrators shall have documented procedures for establishing and modifying user access to information systems and applications within the department/school/unit. b) The procedure will document the process for obtaining supervisor approval to establish or modify access. c) System administrators will perform an annual review of their access procedures and will update and revise accordingly. d) System administrators shall determine to which systems and applications these procedures apply, and will document the justification for their determinations. 3.0 Terminating Access a) System administrators shall have documented procedures for terminating user access to information systems and applications within the department/school/unit. b) System administrators must promptly delete user access upon notification by Human Resources that access should be terminated. 4.0 Password Guidelines 4.1 User Responsibilities 1) Users shall not give their passwords to other individuals to use on their behalf. 2) Users shall not post or otherwise display their passwords where they can be seen by others. 3) Where applicable, users shall create strong passwords. For example: a) Passwords should consist of a minimum of 6 alphanumeric characters. b) Passwords should contain a combination of alpha-characters, numbers and/or special characters. Page 6 of 9
7 c) Passwords should be selected with the intention of not allowing other people to guess them easily. d) Passwords must never be the same as or resemble the Logon-ID. Passwords such as password, administrator, user, guest, , etc. should not be used. Repeating passwords such as or Z1Z1Z1 should not be used. 4.2 System Administrator Responsibilities 1) Where possible, system administrators should enforce user responsibilities as outlined above. 2) Where possible, passwords should use an expiration policy requiring passwords to expire. 3) Where possible, systems should be configured to disallow re-use of passwords for 3 generations. 4) Where possible, systems should be configured to lock-out the account after 5 incorrect password attempts. 5) Where possible, the use of single sign-on (shibboleth) logins and passwords for applications through the Global Directory Services (GDS) should be encouraged. 6) Passwords should be stored in an encrypted format only, not in plain text format. 7) Where possible, system administrators should implement password protected screensaver controls after a specified idle time, to be determined by the system administrator and unit. 8) System administrators have the discretion to implement stricter guidelines; the above are minimum standards. 4.3 Exceptions a) Those systems that operate in an environment that does not allow for the use of passwords (i.e. sub-systems and systems without a user interface), must be appropriately secured by other security means by system administrator. b) Systems that do not currently allow for these requirements to be implemented must be able to comply when that system is replaced or substantially upgraded. Page 7 of 9
8 Appendix B Virus Protection and Patch Management Procedures 1.0 Purpose This Appendix B describes USC s requirements for anti-virus protection and patch management. 2.0 Anti-Virus Protection 2.1 System Administrator Responsibilities a) System administrators must ensure that all departmental servers and workstations have current and updated anti-virus software installed. b) With the exception of troubleshooting or special installation activities, system administrators shall ensure that anti-virus software is not modified or disabled on servers or workstations. c) Any virus with potential harmful impact on the network infrastructure should be reported to ITS. 2.2 User Responsibilities a) Users must contact their system administrator for assistance if they become aware that they do not have current up to date anti-virus software installed on their workstation or laptop. b) Once the anti-virus software is installed, users shall not modify the software or its configuration in any manner, unless directed by their system administrator or ITS. c) Users should report virus incidents to system administrator or ITS. 3.0 Patch Management 3.1 System Administrator Responsibilities System administrators must ensure that all departmental servers and workstations have automated patch management software or are updated by regularly scheduled update procedures. Page 8 of 9
9 3.2 User Responsibilities Once the automated patch management is configured on the computer, users shall not modify the software or its configuration in any manner, unless directed by their system administrator or ITS. 4.0 ITS Responsibilities a) ITS is responsible for providing an enterprise anti-virus solution for university computers. b) ITS is responsible for providing guidelines on installing and maintaining the anti-virus software and updates on university computers. 5.0 System Monitoring and Auditing ITS and the ISO are authorized to monitor the network infrastructure and take proactive measures, including scanning, to maintain the operation and security of the network infrastructure (refer to section 3.6 of this policy). 6.0 Exceptions Those systems that operate in an isolated environment (i.e. sub-systems, systems without a user interface, systems with no external or internet connectivity), may be exempted from virus protection and patch management procedures (this appendix) if appropriate, but they must be identified and secured with other security means. Page 9 of 9
Franciscan University of Steubenville Information Security Policy
Franciscan University of Steubenville Information Security Policy Scope This policy is intended for use by all personnel, contractors, and third parties assisting in the direct implementation, support,
More informationOSU INSTITUTE OF TECHNOLOGY POLICY & PROCEDURES
Network Security 6-005 INFORMATION TECHNOLOGIES July 2013 INTRODUCTION 1.01 OSU Institute of Technology (OSUIT) s network exists to facilitate the education, research, administration, communication, and
More informationSTRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction
Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,
More informationThe Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3
Table of Contents 1 Acceptable use 1 Violations 1 Administration 1 Director and Supervisor Responsibilities 1 MIS Director Responsibilities 1 The Internet and e-mail 2 Acceptable use 2 Unacceptable use
More informationINFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION
INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION Information security is a critical issue for institutions of higher education (IHE). IHE face issues of risk, liability, business continuity,
More informationInformation Resources Security Guidelines
Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive
More informationInformation Technology Security Procedures
Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3
More informationDHHS Information Technology (IT) Access Control Standard
DHHS Information Technology (IT) Access Control Standard Issue Date: October 1, 2013 Effective Date: October 1,2013 Revised Date: Number: DHHS-2013-001-B 1.0 Purpose and Objectives With the diversity of
More informationAuthorized. User Agreement
Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationNetwork and Workstation Acceptable Use Policy
CONTENT: Introduction Purpose Policy / Procedure References INTRODUCTION Information Technology services including, staff, workstations, peripherals and network infrastructures are an integral part of
More informationNetwork Security Policy
Network Security Policy Policy Contents I. POLICY STATEMENT II. REASON FOR POLICY III. SCOPE IV. AUDIENCE V. POLICY TEXT VI. PROCEDURES VII. RELATED INFORMATION VIII. DEFINITIONS IX. FREQUENTLY ASKED QUESTIONS
More informationApproved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2
Texas Wesleyan Firewall Policy Purpose... 1 Scope... 1 Specific Requirements... 1 PURPOSE Firewalls are an essential component of the Texas Wesleyan information systems security infrastructure. Firewalls
More informationControls for the Credit Card Environment Edit Date: May 17, 2007
Controls for the Credit Card Environment Edit Date: May 17, 2007 Status: Approved in concept by Executive Staff 5/15/07 This document contains policies, standards, and procedures for securing all credit
More informationState HIPAA Security Policy State of Connecticut
Health Insurance Portability and Accountability Act State HIPAA Security Policy State of Connecticut Release 2.0 November 30 th, 2004 Table of Contents Executive Summary... 1 Policy Definitions... 3 1.
More informationCITRUS COMMUNITY COLLEGE DISTRICT GENERAL INSTITUTION COMPUTER AND NETWORK ACCOUNT AND PASSWORD MANAGEMENT
CITRUS COMMUNITY COLLEGE DISTRICT GENERAL INSTITUTION AP 3721 COMPUTER AND NETWORK ACCOUNT AND PASSWORD MANAGEMENT 1.0 Purpose The purpose of this procedure is to establish a standard for the administration
More informationPayment Card Industry Self-Assessment Questionnaire
How to Complete the Questionnaire The questionnaire is divided into six sections. Each section focuses on a specific area of security, based on the requirements included in the PCI Data Security Standard.
More informationRevision Date: October 16, 2014 Effective Date: March 1, 2015. Approved by: BOR Approved on date: October 16, 2014
Information Security Information Technology Policy Identifier: IT-003 Revision Date: October 16, 2014 Effective Date: March 1, 2015 Approved by: BOR Approved on date: October 16, 2014 Table of Contents
More informationAntivirus and Malware Prevention Policy and Procedures (Template) Employee Personal Device Use Terms and Conditions (Template)
Below you will find the following sample policies: Antivirus and Malware Prevention Policy and Procedures (Template) Employee Personal Device Use Terms and Conditions (Template) *Log in to erisk Hub for
More informationPOL 08.00.02 Information Systems Access Policy. History: First issued: November 5, 2001. Revised: April 5, 2010. Last revised: June 18, 2014
POL 08.00.02 Information Systems Access Policy Authority: History: First issued: November 5, 2001. Revised: April 5, 2010. Last revised: June 18, 2014 Related Policies: NC General Statute 14-454 - Accessing
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationWindows Operating Systems. Basic Security
Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System
More informationInformation Security Policy Manual
Information Security Policy Manual Latest Revision: May 16, 2012 1 Table of Contents Information Security Policy Manual... 3 Contact... 4 Enforcement... 4 Policies And Related Procedures... 5 1. ACCEPTABLE
More informationAASTMT Acceptable Use Policy
AASTMT Acceptable Use Policy Classification Information Security Version 1.0 Status Not Active Prepared Department Computer Networks and Data Center Approved Authority AASTMT Presidency Release Date 19/4/2015
More informationStudent Affairs Information Technology Policies. January 2013
Student Affairs Information Technology Policies January 2013 Contents Applications Consultants and Non-SAIT Technical Staff Computers and Equipment Data: Local, Network, and Backups E-Mail Relationships
More informationData Stored on a Windows Server Connected to a Network
Attachment A Form to Describe Sensitive Data Security Plan For the Use of Sensitive Data from The National Longitudinal Study of Adolescent to Adult Health Data Stored on a Windows Server Connected to
More informationDEPARTMENT OF MENTAL HEALTH POLICY/PROCEDURE
2 of 10 2.5 Failure to comply with this policy, in whole or in part, if grounds for disciplinary actions, up to and including discharge. ADMINISTRATIVE CONTROL 3.1 The CIO Bureau s Information Technology
More informationINFORMATION SECURITY OVERVIEW
INFORMATION SECURITY OVERVIEW December 2003 TABLE OF CONTENTS 1 INTRODUCTION... 1 1.1 SECURITY POLICY HIGHLIGHTS... 1 1.1.1 INFORMATION SECURITY POLICY RECAP... 1 1.1.2 NETWORK POLICY RECAP... 2 1.2 COMPUTER
More informationNetwork Service Policy
Network Service Policy TABLE OF CONTENTS PURPOSE... 3 SCOPE... 3 AUDIENCE... 3 COMPLIANCE & ENFORCEMENT... 3 POLICY STATEMENTS... 4 1. General... 4 2. Administrative Standards... 4 3. Network Use... 5
More informationWellesley College Written Information Security Program
Wellesley College Written Information Security Program Introduction and Purpose Wellesley College developed this Written Information Security Program (the Program ) to protect Personal Information, as
More informationNetwork and Security Controls
Network and Security Controls State Of Arizona Office Of The Auditor General Phil Hanus IT Controls Webinar Series Part I Overview of IT Controls and Best Practices Part II Identifying Users and Limiting
More informationInformation Security Policy and Handbook Overview. ITSS Information Security June 2015
Information Security Policy and Handbook Overview ITSS Information Security June 2015 Information Security Policy Control Hierarchy System and Campus Information Security Policies UNT System Information
More informationC. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer)
I. Title A. Name: Information Systems Security Incident Response Policy B. Number: 20070103-secincidentresp C. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer)
More informationHIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS
Department of Health and Human Services OFFICE OF INSPECTOR GENERAL HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS AT STATE MEDICAID AGENCIES Inquiries
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationCITY OF BOULDER *** POLICIES AND PROCEDURES
CITY OF BOULDER *** POLICIES AND PROCEDURES CONNECTED PARTNER EFFECTIVE DATE: SECURITY POLICY LAST REVISED: 12/2006 CHRISS PUCCIO, CITY IT DIRECTOR CONNECTED PARTNER SECURITY POLICY PAGE 1 OF 9 Table of
More informationConsensus Policy Resource Community. Lab Security Policy
Lab Security Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is
More informationREMOTE ACCESS POLICY OCIO-6005-09 TABLE OF CONTENTS
OFFICE OF THE CHIEF INFORMATION OFFICER REMOTE ACCESS POLICY OCIO-6005-09 Date of Issuance: May 22, 2009 Effective Date: May 22, 2009 Review Date: TABLE OF CONTENTS Section I. PURPOSE II. AUTHORITY III.
More informationInformation Security Policy. Policy and Procedures
Information Security Policy Policy and Procedures Issue Date February 2013 Revision Date February 2014 Responsibility/ Main Point of Contact Neil Smedley Approved by/date Associated Documents Acceptable
More informationAPHIS INTERNET USE AND SECURITY POLICY
United States Department of Agriculture Marketing and Regulatory Programs Animal and Plant Health Inspection Service Directive APHIS 3140.3 5/26/2000 APHIS INTERNET USE AND SECURITY POLICY 1. PURPOSE This
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationPolicy on Connection to the University Network
Policy on Connection to the University Network Revision History Version Date Changes 0.1 01/12/04 David Conway 0.2 02/12/04 David Conway 0.3 19/01/05 David Conway 0.4 21/01/05 David Conway 1.0 07/03/05
More informationSAO Remote Access POLICY
SAO Remote Access POLICY Contents PURPOSE... 4 SCOPE... 4 POLICY... 4 AUTHORIZATION... 4 PERMITTED FORMS OF REMOTE ACCESS... 5 REMOTE ACCESS USER DEVICES... 5 OPTION ONE: SAO-OWNED PC... 5 OPTION TWO:
More informationICT USER ACCOUNT MANAGEMENT POLICY
ICT USER ACCOUNT MANAGEMENT POLICY Version Control Version Date Author(s) Details 1.1 23/03/2015 Yaw New Policy ICT User Account Management Policy 2 Contents 1. Preamble... 4 2. Terms and definitions...
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationThe University of Information Technology Management System
IT Monitoring Code of Practice 1.4 University of Ulster Code of Practice Cover Sheet Document Title IT Monitoring Code of Practice 1.4 Custodian Approving Committee Deputy Director of Finance and Information
More informationDOT.Comm Oversight Committee Policy
DOT.Comm Oversight Committee Policy Enterprise Computing Software Policy Service Owner: DOTComm Operations Effective Date: TBD Review Schedule: Annual Last Review Date: Last Revision Date: Approved by:
More informationMusina Local Municipality. Information and Communication Technology User Account Management Policy -Draft-
Musina Local Municipality Information and Communication Technology User Account Management Policy -Draft- Version Control Version Date Author(s) Details V1.0 June2013 Perry Eccleston Draft Policy Page
More informationPassword Expiration Passwords require a maximum expiration age of 60 days. Previously used passwords may not be reused.
DRAFT 6.1 Information Systems Passwords OVERVIEW Passwords are an important aspect of information security. They are the front line of protection for user accounts. A poorly chosen password may result
More informationIntroduction. PCI DSS Overview
Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure with products such as Network monitoring, Helpdesk management, Application management,
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationSystem Security Policy Management: Advanced Audit Tasks
System Security Policy Management: Advanced Audit Tasks White Paper October 6, 2005 2005 Altiris Inc. All rights reserved. ABOUT ALTIRIS Altiris, Inc. is a pioneer of IT lifecycle management software that
More informationIII. RESPONSIBILITIES
Issued by: Calvin O. Butts, III, President Effective Date: September 23, 2013 Page 1 of 5 I. POLICY & SCOPE This is the SUNY College at Old Westbury policy on College-provided access to electronic information
More informationProcedure Title: TennDent HIPAA Security Awareness and Training
Procedure Title: TennDent HIPAA Security Awareness and Training Number: TD-QMP-P-7011 Subject: Security Awareness and Training Primary Department: TennDent Effective Date of Procedure: 9/23/2011 Secondary
More informationMicrosoft Windows Client Security Policy. Version 2.1 POL 033
Microsoft Windows Client Security Policy Version 2.1 POL 033 Ownership Policy Owner: Information Security Manager Revision History Next Review Date: 2 nd April 2015 Approvals This document requires the
More informationStudent Halls Network. Connection Guide
Student Halls Network Connection Guide Contents: Page 3 Page 4 Page 6 Page 10 Page 17 Page 18 Page 19 Page 20 Introduction Network Connection Policy Connecting to the Student Halls Network Connecting to
More informationMiami University. Payment Card Data Security Policy
Miami University Payment Card Data Security Policy IT Policy IT Standard IT Guideline IT Procedure IT Informative Issued by: IT Services SCOPE: This policy covers all units within Miami University that
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More informationCentral Agency for Information Technology
Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage
More informationA Systems Approach to HVAC Contractor Security
LLNL-JRNL-653695 A Systems Approach to HVAC Contractor Security K. M. Masica April 24, 2014 A Systems Approach to HVAC Contractor Security Disclaimer This document was prepared as an account of work sponsored
More informationUniversity System of Maryland University of Maryland, College Park Division of Information Technology
Audit Report University System of Maryland University of Maryland, College Park Division of Information Technology December 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationGeneral Rules of Behavior for Users of DHS Systems and IT Resources that Access, Store, Receive, or Transmit Sensitive Information
General Rules of Behavior for Users of DHS Systems and IT Resources that Access, Store, Receive, or Transmit Sensitive Information The following rules of behavior apply to all Department of Homeland Security
More informationTEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for
More informationPII Compliance Guidelines
Personally Identifiable Information (PII): Individually identifiable information from or about an individual customer including, but not limited to: (a) a first and last name or first initial and last
More informationDepartment of Finance and Administration Telephone and Information Technology Resources Policy and Procedures March 2007
Department of Finance and Administration Telephone and Information Technology Resources Policy and Procedures March 2007 I. Statement of Policy The Department of Finance and Administration (DFA) makes
More informationName: Position held: Company Name: Is your organisation ISO27001 accredited:
Third Party Information Security Questionnaire This questionnaire is to be completed by the system administrator and by the third party hosting company if a separate company is used. Name: Position held:
More informationData Stored on a Windows Computer Connected to a Network
Attachment A Form to Describe Sensitive Data Security Plan For the Use of Sensitive Data from The National Longitudinal Study of Adolescent to Adult Health Data Stored on a Windows Computer Connected to
More informationINITIAL APPROVAL DATE INITIAL EFFECTIVE DATE
TITLE AND INFORMATION TECHNOLOGY RESOURCES DOCUMENT # 1107 APPROVAL LEVEL Alberta Health Services Executive Committee SPONSOR Legal & Privacy / Information Technology CATEGORY Information and Technology
More informationPREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:
A SYSTEMS UNDERSTANDING A 1.0 Organization Objective: To ensure that the audit team has a clear understanding of the delineation of responsibilities for system administration and maintenance. A 1.1 Determine
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationMCOLES Information and Tracking Network. Security Policy. Version 2.0
MCOLES Information and Tracking Network Security Policy Version 2.0 Adopted: September 11, 2003 Effective: September 11, 2003 Amended: September 12, 2007 1.0 POLICY STATEMENT The Michigan Commission on
More informationRAS Associates, Inc. Systems Development Proposal. Scott Klarman. March 15, 2009
Systems Development Proposal Scott Klarman March 15, 2009 Systems Development Proposal Page 2 Planning Objective: RAS Associates will be working to acquire a second location in Detroit to add to their
More informationOdessa College Use of Computer Resources Policy Policy Date: November 2010
Odessa College Use of Computer Resources Policy Policy Date: November 2010 1.0 Overview Odessa College acquires, develops, and utilizes computer resources as an important part of its physical and educational
More informationPolicy Title: HIPAA Access Control
Policy Title: HIPAA Access Control Number: TD-QMP-7018 Subject: Ensuring that access to EPHI is only available to those persons or programs that have been appropriately granted such access. Primary Department:
More informationSOFTWARE LICENSING POLICY
SOFTWARE LICENSING POLICY Version 12/12/2012 University of Birmingham 2012 David Deighton, IT Services CONTENTS 1. Policy on Software Licensing... 3 1.1 Software Licensing Compliance... 3 1.2 Software
More informationCalifornia State Polytechnic University, Pomona. Desktop Security Standard and Guidelines
California State Polytechnic University, Pomona Desktop Security Standard and Guidelines Version 1.7 February 1, 2008 Table of Contents OVERVIEW...3 AUDIENCE...3 MINIMUM DESKTOP SECURITY STANDARD...3 ROLES
More informationICT OPERATING SYSTEM SECURITY CONTROLS POLICY
ICT OPERATING SYSTEM SECURITY CONTROLS POLICY TABLE OF CONTENTS 1. INTRODUCTION... 3 2. LEGISLATIVE FRAMEWORK... 3 3. OBJECTIVE OF THE POLICY... 4 4. AIM OF THE POLICY... 4 5. SCOPE... 4 6. BREACH OF POLICY...
More informationDepartment of Homeland Security Management Directive System MD Number: 4900 INDIVIDUAL USE AND OPERATION OF DHS INFORMATION SYSTEMS/ COMPUTERS
Department of Homeland Security Management Directive System MD Number: 4900 INDIVIDUAL USE AND OPERATION OF DHS INFORMATION SYSTEMS/ COMPUTERS 1. Purpose This directive establishes the Department of Homeland
More informationData Network Security Policy
Authors: Mike Smith Rod Makosch Network Manager Data Security Officer IM&T IM&T Version No : 1 Approval Date: March 2005 Approved by : John Aird Director of IM&T Review Date : 1 April 2006 Trust Ref: C7/2005
More informationUniversity of San Francisco
University of San Francisco Acceptable Use Policy (AUP) & Agreement for POS Devices and PCI Network 1. Purpose University of San Francisco (USF) provides access to the PCI network for processing CASHNet
More informationBusiness Internet Banking / Cash Management Fraud Prevention Best Practices
Business Internet Banking / Cash Management Fraud Prevention Best Practices This document provides fraud prevention best practices that can be used as a training tool to educate new Users within your organization
More informationDublin City University
Asset Management Policy Asset Management Policy Contents Purpose... 1 Scope... 1 Physical Assets... 1 Software Assets... 1 Information Assets... 1 Policies and management... 2 Asset Life Cycle... 2 Asset
More informationSection 12 MUST BE COMPLETED BY: 4/22
Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege
More informationNETWORK SECURITY GUIDELINES
NETWORK SECURITY GUIDELINES VIRUS PROTECTION STANDARDS All networked computers and networked laptop computers are protected by GST BOCES or district standard anti-virus protection software. The anti-virus
More informationHuddersfield New College Further Education Corporation
Huddersfield New College Further Education Corporation Card Payments Policy (including information security and refunds) 1.0 Policy Statement Huddersfield New College Finance Office handles sensitive cardholder
More informationNew River Community College. Information Technology Policy and Procedure Manual
New River Community College Information Technology Policy and Procedure Manual 1 Table of Contents Asset Management Policy... 3 Authentication Policy... 4 Breach Notification Policy... 6 Change Management
More informationQuestion Name C 1.1 Do all users and administrators have a unique ID and password? Yes
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
More informationDUUS Information Technology (IT) Acceptable Use Policy
DUUS Information Technology (IT) Acceptable Use Policy Issue Date: October 1, 2013 Effective Date: October 1, 2013 Revised Date: Number: DHHS-2013-002 1.0 Purpose and Objectives The purpose of this policy
More informationNETWORK AND INTERNET SECURITY POLICY STATEMENT
TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB NETWORK AND INTERNET SECURITY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January 2004
More informationHow to Secure Your Environment
End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge
More informationCITY OF SAN DIEGO ADMINISTRATIVE REGULATION Number 95.51 PAYMENT CARD INDUSTRY (PCI) COMPLIANCE POLICY. Page 1 of 9.
95.5 of 9. PURPOSE.. To establish a policy that outlines the requirements for compliance to the Payment Card Industry Data Security Standards (PCI-DSS). Compliance with this standard is a condition of
More informationAutomation Suite for. 201 CMR 17.00 Compliance
WHITEPAPER Automation Suite for Assurance with LogRhythm The Massachusetts General Law Chapter 93H regulation 201 CMR 17.00 was enacted on March 1, 2010. The regulation was developed to safeguard personal
More informationGuidelines for Distributed Computing Administration and Security
Guidelines for Distributed Computing Administration and Security As the University enters into the era of networked microcomputers and a distributed computing environment, many of the critical tasks originally
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More information