REMOTE ACCESS POLICY & PROCEDURE



Similar documents
SAO Remote Access POLICY

Remote Access Agreement

Hang Seng HSBCnet Security. May 2016

Best Practices Guide to Electronic Banking

ADMINISTRATIVE POLICY # (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # (2014) Remote Access

Remote Access and Network Security Statement For Apple

Appendix H: End User Rules of Behavior

Sample Employee Agreement for Business Use of Employee-Owned Personal Computing Devices (Including Wearables 1 )

State of South Carolina Policy Guidance and Training

Information Technology Acceptable Use Policy

UCLA Policy 401 Minimum Security Standards for Network Devices

Information Security Policy for Associates and Contractors

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

Boston University Security Awareness. What you need to know to keep information safe and secure

Telemedicine HIPAA/HITECH Privacy and Security

School of Anthropology and Museum Ethnography & School of Interdisciplinary Area Studies Information Security Policy

IT ACCESS CONTROL POLICY

Information Security Policy

INFORMATION SECURITY GUIDE. Employee Teleworking. Information Security Unit. Information Technology Services (ITS) July 2013

West Lothian College. and Computer Network Responsible Use Policy. September 2011

Central Texas College District Human Resource Management Operating Policies and Procedures Manual Policy No. 294: Computer Security Policy

Data Security Incident Response Plan. [Insert Organization Name]

Access Control Policy

Network Security Policy

P Mobile Device Security.

Acceptable Use of Computing and Information Technology Resources

Brazosport College VPN Connection Installation and Setup Instructions. Draft 2 March 24, 2005

HIPAA Security Alert

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security

Odessa College Use of Computer Resources Policy Policy Date: November 2010

SECURITY POLICY REMOTE WORKING

YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY

How To Protect Decd Information From Harm

Online Cash Manager Security Guide

Policy #: HEN-005 Effective Date: April 4, 2012 Program: Hawai i HIE Revision Date: July 17, 2013 Approved By: Hawai i HIE Board of Directors

2.5.1 Policy on Responsible Use of University Computing Resources Introduction This policy governs the proper use and management of all University of

Wright State University Information Security

3.2 This situation is also experienced by Officers who also need remote access to Council networks.

UMHLABUYALINGANA MUNICIPALITY ANTIVIRUS MANAGEMENT POLICY

CITY OF BOULDER *** POLICIES AND PROCEDURES

Network and Security Controls

TABLE OF CONTENTS INTRODUCTION... 1 OVERVIEW... 1

Remote Connection to Your Computers

Dublin Institute of Technology IT Security Policy

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Windows Operating Systems. Basic Security

Remote Access End User Guide (Cisco VPN Client)

Computer Security Policy (Interim)

State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE IT RESOURCES POLICY

Vodafone Global Enterprise Deploy the Apple iphone across your Enterprise with confidence

Cyber Security Best Practices

Security Awareness. ITS Security Training. Fall 2015

Identity Theft Prevention Program Compliance Model

Administrative Procedures Manual. Management Information Services

Dene Community School of Technology Staff Acceptable Use Policy

Policy for Staff and Post 16 Student BYOD (Bring Your Own Device)

esnc ACCESS AGREEMENT

Easy and Secure Remote Access with Cisco QuickVPN

Supplier Information Security Addendum for GE Restricted Data

Data Network Security Policy

Network Password Management Policy & Procedures

VPN Network Access. Principles and Restrictions

Catapult PCI Compliance

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Mobile Devices Policy

GoToMyPC Corporate Administrator Guide

Bank of Brodhead PO Box E Exchange St Brodhead WI

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

County Identity Theft Prevention Program

ICT Acceptable Use Policy

1B1 SECURITY RESPONSIBILITY

Information & Communications Technology Usage Policy Olive AP Academy - Thurrock

Additional Security Considerations and Controls for Virtual Private Networks

Caldwell Community College and Technical Institute

Guadalupe Regional Medical Center

Network & Information Security Policy

INCIDENT RESPONSE CHECKLIST

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.

MANAGEMENT OF USER ACCOUNTS AND PASSWORD POLICY AUGUST Version 2.0

Introduction. PCI DSS Overview

Appendix A. 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Network Usage Guidelines Contents

Acceptable Use Policy

FISMA / NIST REVISION 3 COMPLIANCE

Information Resources Security Guidelines

Responsible Use of Technology and Information Resources

Background. Recommendations for Risk Controls for Trading Firms

City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011

GENERAL INFORMATION. 2 Document Approver Data & Information Management Department Head 3 Minimum list of document

Safety precautions for Internet banking or shopping How to avoid identity theft online

Standard: Information Security Incident Management

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Retention & Destruction

MN-700 Base Station Configuration Guide

Information Technology Acceptable Use Policies and Procedures

BRING YOUR OWN DEVICE

Rocklin Unified School District Employee Authorized Network, Internet Usage, and Privacy Agreement

DHHS Information Technology (IT) Access Control Standard

Department of Homeland Security Management Directive System MD Number: 4900 INDIVIDUAL USE AND OPERATION OF DHS INFORMATION SYSTEMS/ COMPUTERS

Transcription:

REMOTE ACCESS POLICY & PROCEDURE JULY 2013 Author: Steve Williams Date: September 2011 Agreed: EIS Management Unison

Purpose The purpose of this policy is to define standards and restrictions for connecting to West Lothian College s (the College) internal network from an external location via remote access technology. The College s resources (i.e. corporate data, computer systems, networks, databases, etc.) must be protected from unauthorized use and/or malicious attack that could result in loss of information, damage to critical applications, loss of revenue, and damage to our public image. Therefore, all remote access for College employees must be achieved with minimum risk to the College via standard, audited methods. Context College-based systems have until recently been inaccessible from outside the College campus. A remote access solution offers several benefits including: what can be accessed (all resources available to a staff member on campus) from where it can be accessed (files, email and College systems are now accessible from home, from other institutions or via public WiFi services such as in cafes) when it can be accessed (anytime, not dependent on College opening hours). Remote Access Remote access is defined as any connection to West Lothian College s network from off-site locations, such as the employee s home, a hotel room, airport, café or other institution. Scope This policy applies to all authorised College staff members who utilize College or personally-owned computers to remotely access the organisation s data and networks. Employment at the College does not automatically guarantee the granting of remote access privileges. Any and all work performed for West Lothian College through a remote access connection is covered by this policy. Work can include (but is not limited to) e-mail correspondence, Web browsing, accessing server-stored files, and any other company application, for example Columbus or Serengeti. Supported Technology All remote access connections will be centrally managed by West Lothian College s IT department by encryption and strong password protection. Remote access connections as defined by this policy mean Virtual Private Network (VPN) connections which establish a secure tunnel into the College network, over home 1

Broadband, or via WiFi connections in public places. These VPN connections will be made via the Cisco VPN client ONLY, which will be provided by ICT for installation by staff. System Requirements Any member of staff wishing to access College resources via a VPN connection must be able to satisfy ICT Services that they have a PC or laptop with Windows XP or newer (including the latest Windows updates), or a MAC with at least MAC OSX 10.5. Any connection depends on the user having an active Internet connection. Eligible Users All staff requiring remote access for business purposes must go through an application process that clearly outlines why the access is required and what level of service the employee needs should his/her application be accepted. Application forms must be approved and signed by the employee s line manager before submission to ICT Services. Procedures It is the responsibility of any employee of the College with remote access privileges to ensure that their VPN connection remains as secure as his or her network access within the office. It is imperative that any VPN connection used to conduct West Lothian College business be utilized appropriately, responsibly, and ethically. Therefore, the following rules must be observed: 1. General access to the Internet from homethrough West Lothian College s network is permitted. However, this must not be used for recreational purposes the remote access connection must be disconnected prior to accessing such Internet sites. 2. Employees must maintain their personal Windows or Mac operating system with current updates to avoid security issues. For more detail on security for devices see the Electronic Information Security Policy suite on Serengeti. 3. Employees will use secure remote access procedures. This will be enforced through Windows passwords (a mixture of upper- and lower-case letters, numbers and extended characters such as! ). These passwords will also apply when in College.. Employees must not disclose their passwords to anyone, including family members if business work is conducted from home. 4. All remote computer equipment and devices used for business work, whether personal- or college owned must have installed whatever antivirus software is deemed necessary by West Lothian College s ICT Services. 5. Remote users using public areas for wireless Internet access must use a Cisco VPN client which will be provided by ICT Services. 6. ICT Services cannot provide technical support for a home broadband connection, public WiFi connection or other institution connection. 2

7. WiFi users must disconnect wireless sessions when not in use in order to mitigate attacks by hackers and eavesdroppers. 8. Users must apply new Windows passwords every business/personal trip where college data is being utilized over a WiFi service, or when a college device is used for personal Web browsing (steve does this contradict point 1?). ICT Services will provide instruction on changing passwords should this be requested. 9. Employees with remote access privileges will make no modifications of any kind to the remote access connection without the express approval of West Lothian College s ICT Services. 10. Employees with remote access privileges must ensure that their computers are not connected to any other network while connected to West Lothian College s network via remote access, with the obvious exception of Internet connectivity. 11. In order to avoid confusing official company business with personal communications, employees with remote access privileges must never use noncollege e-mail accounts (eg. Hotmail, Yahoo, etc.) to conduct West Lothian College business. 12. No employee is to use Internet access through company networks via a VPN connection for the purpose of illegal transactions, harassment, competitor interests, or obscene behavior, in accordance with the Computer and Email Acceptable Use Policy. 13. All remote access connections must include a time-out system. In accordance with West Lothian College s security policies, remote access sessions will time out after 20 minutes of inactivity, and will terminate after 4 hours of continuous connection. Both time-outs will require the user to reconnect and re-authenticate in order to re-enter company networks. Should a remote user s account be inactive for a period of 90 days, access account privileges will be suspended until ICT Services are notified that the account should be reactivated. 14. If a personally- or college-owned computer or related equipment used for remote access is damaged, lost, or stolen, the authorized user will be responsible for notifying their manager and West Lothian College s ICT Services immediately. 15. The remote access user also agrees to report immediately, to their manager and West Lothian College s ICT Services, any incident or suspected incidents of unauthorized access and/or disclosure of company resources, databases, networks, etc. 16. The remote access user also agrees to and accepts that his or her access and/or connection to West Lothian College s networks may be monitored to record dates, times, duration of access, etc., in order to identify unusual usage patterns or other suspicious activity. As with in-house computers, this is done in 3

order to identify accounts/computers that may have been compromised by external parties. 17. West Lothian College will not pay connection or any other charges for any remote access session. Any queries relating to any of the above points should be referred to ICT Services. 4

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information