Computer and Network Security Policy



Similar documents
GFI White Paper PCI-DSS compliance and GFI Software products

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Consensus Policy Resource Community. Lab Security Policy

Account Management Standards

Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme

Cybersecurity Health Check At A Glance

Automate PCI Compliance Monitoring, Investigation & Reporting

Supplier IT Security Guide

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

Central Agency for Information Technology

Secondary DMZ: DMZ (2)

Cyber Essentials Questionnaire

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

Introduction. PCI DSS Overview

Did you know your security solution can help with PCI compliance too?

Remote Deposit Terms of Use and Procedures

How To Protect Your Data From Being Stolen

How To Control Vcloud Air From A Microsoft Vcloud (Vcloud)

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Network Security Policy

Information Security Policy

74% 96 Action Items. Compliance

Policies and Procedures

Integrating LANGuardian with Active Directory

Introduction to Endpoint Security

Integrating Trend Micro OfficeScan 10 EventTracker v7.x

Firewalls Overview and Best Practices. White Paper

Corporate Account Takeover (CATO) Risk Assessment

Windows Operating Systems. Basic Security

Implementation Guide

State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE NETWORK RESOURCES POLICY

FIREWALL POLICY November 2006 TNS POL - 008

Information Security Basic Concepts


Guidelines for Account Management and Effective Usage

PCI PA - DSS. Point BKX Implementation Guide. Version Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core

EMR Link Server Interface Installation

PCI DSS Requirements - Security Controls and Processes

HIPAA Risk Analysis By: Matthew R. Johnson GIAC HIPAA Security Certificate (GHSC) Practical Assignment Version 1.0 Date: April 12, 2004

USM IT Security Council Guide for Security Event Logging. Version 1.1

Quick Start Guide to Logging in to Online Banking

ASDI Full Audit Guideline Federal Aviation Administration

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Data Management Policies. Sage ERP Online

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Client Security Risk Assessment Questionnaire

Penetration testing. A step beyond missing patches and weak passwords

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

Integrating Juniper Netscreen (ScreenOS)

Guide to Vulnerability Management for Small Companies

CTS2134 Introduction to Networking. Module Network Security

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

ADMINISTRATIVE POLICY # (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # (2014) Remote Access

PCI Compliance Can Make Your Organization Stronger and Fitter. Brent Harman Manager, Systems Consultant Team West NetPro Computing, Inc.

Management Standards for Information Security Measures for the Central Government Computer Systems

Network and Workstation Acceptable Use Policy

IT Security Procedure

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Research Information Security Guideline

FileCloud Security FAQ

NETWORK SECURITY GUIDELINES

Cyber Security: An Introduction

A Guide to New Features in Propalms OneGate 4.0

Global Partner Management Notice

Network Security Policy

How To Audit The Mint'S Information Technology

TECHNICAL WHITE PAPER. Symantec pcanywhere Security Recommendations

Security Standard: Servers, Server-based Applications and Databases

Best Practices for DanPac Express Cyber Security

How To Secure An Rsa Authentication Agent

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

ILTA HANDS ON Securing Windows 7

CITY OF BOULDER *** POLICIES AND PROCEDURES

SUPPLIER SECURITY STANDARD

Standard: Event Monitoring

Wellesley College Written Information Security Program

Network Usage Guidelines Contents

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Patch Management Policy

Running the SANS Top 5 Essential Log Reports with Activeworx Security Center

Best Practices (Top Security Tips)

Hong Kong Baptist University

AVG Business Secure Sign On Active Directory Quick Start Guide

Top Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009

Transcription:

Coffeyville Community College Computer and Network Security Policy Created By: Jeremy Robertson Network Administrator Created on: 6/15/2012 Computer and Network Security Page 1

Introduction: The Coffeyville Community College Network Security Policy provides the operational detail required for the successful implementation of a safe and efficient computer network environment for the College. These security policies were developed based on the understanding of the educational and Administrative needs of the College and an evaluation of the existing technical configuration and requirements. These policies are meant to complement existing computer and network policies relating to computer data network security. Policies: Computer Registration: All Computers not provided by the College that access the network must be registered. Personal computers used by Faculty, Staff, and Students will be registered with the following information: Media Access Control (MAC) Address of all network interface adapters in the computer. Full name of primary user of the computer. In the case of multiple users the name of the owner of the machine who will be held directly responsible for the use of the machine. Domain Computer Authentication: The College will maintain a centralized computer authentication system for computers of the College. All College owned networked computers which are capable of utilizing this authentication system will be configured to verify login credentials with the system. Departments will notify Technical and Network Services of changes to employment status of an employee so that user accounts can be hanged or revoked as necessary. Technical and Network Services will maintain documented procedures for departments to notify them of personnel changes. All College owned computers must be registered on the domain, to ensure that they are kept up-to-date, as well as maintain backups of user s data, and enforce policies. Computer and Network Security Page 2

Preset Configuration: All College owned networked computers will a standard preset configuration. This configuration will vary depending on the department and or purpose of the machines intended use. This preset configuration will include the following All Machines: 1) The Operating System a) Windows 7 b) Most current Service pack c) All current updates including security updates d) Will be registered to the proper domain e) Local Administrator account enabled with IT s local admin credentials f) Computer shall be named by building abbreviation and room number unless computer is designated to a lab then it will be the Lab room number and the computer number in the lab. 2) Latest Microsoft Office and all security packs 3) Flash, Java, adobe Reader Student Accessed Machines: 1.) Compass where needed. 2.) Adobe CS (Lab 102) Lab administrator may add software needed by instructors to these machines at their discretion. Faculty Accessed Machines: 1.) Jenzabar 2.) DVD Software 3.) Smart Software Administrative Access to All College Owned Computers: Faculty and staff will be made local administrators of their primary machines. IT, will have exclusive administrative access to the domain level administrator accounts and local administrator accounts. Computer and Network Security Page 3

Account Login Sharing is strictly prohibited. Accounts that give users access to information resources are to be used only by the persons to whom the accounts are assigned. Log-on Ids, passwords, and other means of access must not be shared with anyone. Holders of the means of access are responsible for unauthorized access to their accounts that results from their negligence in maintaining the confidentiality of their means of access. Privately Owned Computers: Computers not owned by the College that connect to the data network must be configured to ensure reasonable network security and integrity. The computer must be configured but not limited to the following 1.) The computer Operating System must be updated and patched to eliminate security vulnerabilities that exist for that computers configuration. 2.) An actively running, up-to-date anti-virus. Privately-owned computers which do not adhere to the minimum standards will not be allowed to connect to the computer data network reserved for faculty, staff, students, and computer labs. Privately-owned computers which are found to be performing activities which cause network degradation, violate College policies, or violate local, state, or federal laws, will not be allowed to connect to the computer data network reserved for faculty, staff, students, and computer labs. Network Security: The security of the network is the responsibility of the Network administrator, He will ensure the following. 1.) Routers are configured properly 2.) Where possible firewalls will block malware and viruses 3.) Enforce security policies 4.) Servers can be accessed without risk to network security. Proper router configuration will include blocking all incoming and outbound traffic destined for unsafe ports. Any user that tries to access the router with the wrong credentials more than five times in a minute will be considered a brute force attack and their address will be blacklisted. Computer and Network Security Page 4

Exception Process: The College Network Security Policies are likely to be impacted by changing technology, legislation, educational and administrative requirements. The steps for permitting and documenting an exception are: 1.) A request for an exception is received by the Director of Technology and the Network Administrator along with a rationale for justifying the exception. 2.) The Director of Technology and the Network Administrator analyzes the request and the rationale and determines if the exception should be accepted, denied, or if it requires more investigation 3.) If more investigation is required the Director of Technology and the Network Administrator determine if there is a cost effective solution to the problem that does not require an exception. 4.) If there is not an alternate cost effective solution, and the risk is minimal, the exception may be granted 5.) Each exception must be re-examined according to its assigned schedule. 6.) The schedule can vary from 3 months to 12 months depending on the nature of the exception. 7.) Any exception request that is rejected may be appealed to the Chairs. Change Drivers: A number of factors could result in the need or desire to change the Network Security Polices. These factors include, but are not limited to: 1.) Review schedule 2.) New legislation 3.) Newly discovered security vulnerability 4.) New technology 5.) Audit report 6.) Cost/benefit analysis 7.) Change in the educational and administrative needs of the College Computer and Network Security Page 5

Change Process: Updates to the Network Security Policies, which include establishing new policies, modifying existing policies, or removing policies, can result from three different processes: 1.) At least annually, the Director of Technology and the Network Administrator will review the Policies for possible addition, revision, or deletion. An addition, revision, or deletion is proposed to the College Chairs for approval. If approved by the Chairs, the addition, revision, or deletion will be put into effect. 2.) Every time new computer network technology is introduced into the College a security assessment must be completed. The result of the security assessment could necessitate changes to the Network Security Policies before the new technology is placed into use in the College of Education computer network. 3.) Any user may propose the establishment, revision, or deletion of any policy at any time. These proposals should be directed to the Director of Technology and the Network Administrator who will evaluate the proposal and make recommendations to the Chairs if the proposal is deemed valid and reasonable in accordance with the goals of the Network Security Policy. Computer and Network Security Page 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information