NETWORK SECURITY GUIDELINES



Similar documents
Information Technology Security Procedures

Client Security Risk Assessment Questionnaire

How To Protect Your School From A Breach Of Security

CITY OF BOULDER *** POLICIES AND PROCEDURES

ABERDARE COMMUNITY SCHOOL

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Network Security & Connection Policy

1B1 SECURITY RESPONSIBILITY

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

Supplier Information Security Addendum for GE Restricted Data

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

USFSP Network Security Guidelines

NETWORK AND INTERNET SECURITY POLICY STATEMENT

DHHS Information Technology (IT) Access Control Standard

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Secondary DMZ: DMZ (2)

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Computer Security Policy (Interim)

Policy Document. Communications and Operation Management Policy

SonicWALL PCI 1.1 Implementation Guide

Section 12 MUST BE COMPLETED BY: 4/22

Enterprise K12 Network Security Policy

1 Purpose Scope Roles and Responsibilities Physical & Environmental Security Access Control to the Network...

INFORMATION GOVERNANCE POLICY: NETWORK SECURITY

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

MN-700 Base Station Configuration Guide

Service Children s Education

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

Did you know your security solution can help with PCI compliance too?

Security Policy for External Customers

Consensus Policy Resource Community. Lab Security Policy

Information Security Policy

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

Get Connected! How to Configure Your Computer for MITnet. Red Hat Enterprise Linux Mac OS X Windows XP Professional, Vista

Information Security Operational Procedures Banner Student Information System Security Policy

Information Technology Security Policies

HIPAA Security Alert

Information Security Policy

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

IT Security Procedure

Cyber Security Awareness

Quick Installation Guide For Mac users

Accessing TP SSL VPN

Estate Agents Authority

Dublin Institute of Technology IT Security Policy

How To Protect Decd Information From Harm

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

Data Management Policies. Sage ERP Online

Responsible Access and Use of Information Technology Resources and Services Policy

Procedure Title: TennDent HIPAA Security Awareness and Training

SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices

Payment Card Industry Self-Assessment Questionnaire

[BRING YOUR OWN DEVICE POLICY]

Quick Installation Guide-For MAC users

Securing the Service Desk in the Cloud

Policy Title: HIPAA Security Awareness and Training

TECHNICAL VULNERABILITY & PATCH MANAGEMENT

INCIDENT RESPONSE CHECKLIST

Information Technology Cyber Security Policy

Hengtian Information Security White Paper

FAYETTEVILLE STATE UNIVERSITY POLICY ON INFORMATION SECURITY

Implementation Guide

Network and Workstation Acceptable Use Policy

Cyber Essentials Questionnaire

2.1.1 This policy and any future changes requires ratification by CAUDIT.

How To Manage A Network Safely

Potential Security Vulnerabilities of a Wireless Network. Implementation in a Military Healthcare Environment. Jason Meyer. East Carolina University

Accessing the Media General SSL VPN

Cyber Security Awareness

Developing Network Security Strategies

HIPAA Security Training Manual

A Guide to Information Technology Security in Trinity College Dublin

Hamilton College Administrative Information Systems Security Policy and Procedures. Approved by the IT Committee (December 2004)

How To Write A Health Care Security Rule For A University

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Client Advisory October Data Security Law MGL Chapter 93H and 201 CMR 17.00

Network Security Guidelines. e-governance

Information Security

SERVICE SCHEDULE INFRASTRUCTURE AND PLATFORM SERVICES

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

Transcription:

NETWORK SECURITY GUIDELINES VIRUS PROTECTION STANDARDS All networked computers and networked laptop computers are protected by GST BOCES or district standard anti-virus protection software. The anti-virus DAT files are updated automatically on configured machines; plus the current DAT files are placed on the GST BOCES Helpdesk menu for the end users to update their software manually. It is the shared responsibility of the end users, GST BOCES LAN staff, and the school district IT staff to make sure the anti-virus on the PC s is current. All e-mail (incoming and outgoing) is scanned for viruses. All file servers are scanned for viruses. INCIDENT HANDLING OF VIRUSES It is the shared responsibility of the end-users, GST BOCES LAN staff, and the school district IT staff to ensure that all computers are free of viruses and also to keep the anti-virus DAT files updated on computers. GST BOCES Computer Services staff will have information about anti-virus software and procedures available at http://www.gstboces.org/helpdesk. E-mail Viruses infected e-mails will be deleted automatically by the Anti-Virus programs. Virus files found on any file server will be immediately investigated and eradicated by GST BOCES LAN and/or school district IT staff. SECURITY OFFICER The CSC security team functions as the security officer for the GST BOCES regional network. The security team sets procedures and guidelines for all matters involving network security. The CSC security contact person, as appointed by the manager of CSC, will be responsible for keeping current and knowledgeable on CERT advisories and keep abreast of security exploits. The security contact person is responsible for handling and addressing any reported security incidents. BANNER/WARNINGS All network connected computer workstations should display a warning banner with an authorized user, appropriate use message prior to network login. NETWORK ADDRESSING AND NETWORK DEVICE CONNECTIONS Computer network addressing will be implemented and maintained only by the appropriately authorized school district technology staff and the GST BOCES Computer Services staff. Any and all connections of computer network equipment to the school district and GST BOCES regional WAN (Wide Area Network) will be coordinated with authorized school district technology staff, implemented and executed by GST BOCES Computer Services staff, or by authorized school district technology staff under the guidance/direction/approval of GST BOCES Computer Services staff and/or school district IT staff.

There will be an agreement and assigned responsibility between the contracting school district, a vendor or individual requesting network access, and the GST BOCES Computer Services staff for updating any server operating systems applying (OS) service packs and patches, anti-virus patches, and security patches. This includes any remotely attached devices. 4528-R ACCEPTABLE USE POLICY It is the recommendation of the GST BOCES security team that each school district have a Board approved Acceptable Use Policy including Internet Safety Policy language complying with CIPA legislation. The GST BOCES security team is available as a resource for school districts when composing these Acceptable Use Policies. Appropriate disciplinary action for users that violate the policy will be reviewed and handled on a case-by-case basis by the school district Superintendent, Supervisor, CSC Manager, school district Technology Director, and/or designee. DATA BACKUP AND RECOVERY The GST BOCES Computer Services center will be responsible to implement and support a data backup solution for all network data on the GST BOCES regional wide area network. The GST BOCES Computer Services staff will make every effort to backup all network data on a daily basis. Any and all data located on local drives is the responsibility of the end user. In situations where school district staff are responsible for the execution and maintenance of the daily data backups locally, GST BOCES Computer Services staff cannot be held responsible for the integrity of the backups. It is the responsibility of all systems administrators and school district Technology Directors to notify the GST BOCES backup administrator of any new network file areas and data requiring backup. The GST BOCES Computer Services staff can retrieve network data from these backups up to 30 working days old. Requests are taken by the GST BOCES Helpdesk, and are handled on a case by case basis. It is the recommendation of the GST BOCES Computer Services staff that backup media going back for one week be stored off site for disaster recovery purposes. OUTSIDE REQUESTS FOR NETWORK INFORMATION Details concerning the GST BOCES regional wide area network configuration are considered confidential; therefore, it is the recommendation of the GST BOCES security team that network information be given out over the phone or via e-mail only when appropriate. PROCEDURE FOR ADDING, CHANGING, OR DELETING NETWORK ACCOUNT ACCESS It is the school district s responsibility to collect a completed User Authorization form for any network account created. Network accounts will not be created without a signed GST BOCES Staff User Authorization Form. All requests to modify or delete accounts and/or change access must be authorized by the district Technology Director or their district designee. Requests for transfer of data must be authorized by the district of data ownership. Any forms received by GST BOCES will be kept on file.

GUIDELINES FOR NETWORK ACCOUNT PASSWORDS Network passwords should be required to be changed periodically. Passwords should be at least 5 characters. Passwords should be memorized and never be written down. Passwords should never be shared. Passwords should be a mix of alphanumeric characters and not form any real word. Passwords should not be names or dates easily identified with the end user. Passwords should not be same as username. Password standards do not apply to generic accounts. Staff who actively sync the district email system with a personal device (i.e. smartphone, tablet, etc.) must create and employ a manually entered PIN (numeric, non-swipe, personal identification number). PASSWORD ADMINISTRATION System administrators can periodically scan the password files for weak passwords. Any weak password information (name, initials, children s names, etc.) found will be passed on to the Administrator of Computer Services or to the district Technology Director who will work with other technical and district staff for appropriate action. When the end user forgets their network/e-mail password, the procedure is for them to call the GST BOCES Help Desk, school district s Technology Director, or appropriate district staff to request the change. For all other systems, they should call the application support person (MUNIS, SASI, Mandarin, etc.). Anyone requesting temporary, substitute, or special access staff members are required to follow a GST BOCES or district-approved procedure for obtaining access. SUSPECTED STAFF MISCONDUCT/SECURITY BREACH By specific request of a school district s Technology Director or a school district Superintendent made by phone or e-mail to the CSC Computer Center Manager or the Administrator of Computer Services, a user s account will be disabled. By specific request of a school district s Technology Director or a school district Superintendent made by phone or e-mail to the CSC Computer Center Manager or the Administrator of Computer Services, access will be given to a user s network drive area and/or their e-mail account for review by specified district personnel. Network information, accounts, and data are not considered private and can be monitored, when requested, by authorized school district personnel. Network data is considered the property of the corresponding school district and access to that data will be given only when authorized by appropriate school district personnel.

WIRELESS ACCESS Any wireless access point that is installed on the school district and GST BOCES Regional Network must be secured. Recommendations include: MAC address filtering enabled (whenever feasible) Turn off the Broadcast SSID Turn on Encryption Use secure authentication method for clients (802.1X) SECURITY BREACH All users should report any suspected security breach to their immediate supervisor or teacher. Supervisors will contact the Computer Services Center Manager or their school district Technology Director in the event of a suspected breach. On a case by case basis, CSC Manager, school district Technology Director, Supervisor, and/or other involved parties will discuss appropriate consequences. Security personnel will monitor the system for security breaches; will record and track suspected breach incidents; and will notify school district personnel of any suspected breach. REMOTE ACCESS Any remote access to the school district and GST BOCES Regional Wide Area Network will be allowed based on approval from both school district Technology Director and the GST BOCES Computer Services Manager or Administrator of Computer Services. VENDOR REMOTE ACCESS Vendor remote access is defined as allowing vendor access via a network connection into the school district and GST BOCES Regional Wide Area Network in order to maintain and monitor various vendor applications and servers. Remote access for vendors will be based on approval from both appropriate district supervisory staff and the GST BOCES Computer Services Manager or designee, according to the following suggested criteria. Requested access will be used for monitoring of vendor hardware only; any misuse of the equipment, or determination by GST BOCES Computer Services staff or school district IT staff of a security risk will result in termination of the agreement. Options for vendor remote access: 1. GST BOCES Computer Services staff will provide a VPN solution to the vendor; 2. Vendor can provide a static IP (permanent) address; and GST BOCES Computer Services staff/ authorized school district staff will open a specified port for access by the vendor; unless GST BOCES Computer Services staff determines that this method would pose a security risk to the network; and

3. For a specified time, GST BOCES Computer Services staff/authorized school district staff will open a specified port for access by the vendor and close that access when no longer needed; unless GST BOCES Computer Services staff determines that this method would pose a security risk to the network. Whenever appropriate the vendor s application will be housed in the DMZ (demilitarized zone). There will be an agreement and assigned responsibility between the contracting school district, the vendor, and the GST BOCES Computer Services staff for updating any server operating systems applying (OS) service packs and patches, anti-virus patches, and IIS security patches, this includes any remotely attached devices. PHYSICAL SECURITY It is the recommendation of the GST BOCES Computer Services staff that the transferring of any school district student, financial, or personnel data from the GST BOCES Wide Area Network, to any other removable media, should be approved in writing by a Building administrator, immediate supervisor, or Technology Director of the school district. It is also the recommendation of the GST BOCES Computer Services staff that any requests for transfers of school district data from any outside source or vendor should be approved in writing by a building administrator, immediate supervisor, or Technology Director of the school district. Requests from law enforcement will be communicated to GST BOCES District Superintendent and appropriate component school district Superintendent. Approved: December 1, 2003 Revised and Approved: February 9, 2004; October 4, 2004; December 13, 2007; Sept. 11, 2014 Nov. 13, 2014

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information