Scribd Logo
Upload

Welcome to Scribd!

  • 36 views

    Deve Letech Security Policy

    Uploaded by

    Edison Zapata
    This document outlines the IT security policies and physical security requirements for computer equipment at Develetech Industries. The key policies include maintaining confidentiality of company data, restricting external access to authorized personnel only, encrypting data on laptops and mobile devices, only using authorized software, regularly backing up data, and implementing virus protection measures. The physical security requirements are categorized into four levels depending on the value of computer equipment in a given room or area, and include features such as locking PC cases, intruder alarms, window locks, and reinforced doors and windows for high-risk areas containing over $50,000 of equipment.

    Copyright:

    © All Rights Reserved
    Download as RTF, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Deve Letech Security Policy

    Uploaded by

    Edison Zapata
    36 views19 pages
    This document outlines the IT security policies and physical security requirements for computer equipment at Develetech Industries. The key policies include maintaining confidentiality of company data, restricting external access to authorized personnel only, encrypting data on laptops and mobile devices, only using authorized software, regularly backing up data, and implementing virus protection measures. The physical security requirements are categorized into four levels depending on the value of computer equipment in a given room or area, and include features such as locking PC cases, intruder alarms, window locks, and reinforced doors and windows for high-risk areas containing over $50,000 of equipment.

    Original Description:

    fgfg

    Copyright

    © © All Rights Reserved

    Available Formats

    RTF, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines the IT security policies and physical security requirements for computer equipment at Develetech Industries. The key policies include maintaining confidentiality of company data, restricting external access to authorized personnel only, encrypting data on laptops and mobile devices, only using authorized software, regularly backing up data, and implementing virus protection measures. The physical security requirements are categorized into four levels depending on the value of computer equipment in a given room or area, and include features such as locking PC cases, intruder alarms, window locks, and reinforced doors and windows for high-risk areas containing over $50,000 of equipment.

    Copyright:

    © All Rights Reserved
    Download as RTF, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as rtf, pdf, or txt
    36 views19 pages

    Deve Letech Security Policy

    Uploaded by

    Edison Zapata
    This document outlines the IT security policies and physical security requirements for computer equipment at Develetech Industries. The key policies include maintaining confidentiality of company data, restricting external access to authorized personnel only, encrypting data on laptops and mobile devices, only using authorized software, regularly backing up data, and implementing virus protection measures. The physical security requirements are categorized into four levels depending on the value of computer equipment in a given room or area, and include features such as locking PC cases, intruder alarms, window locks, and reinforced doors and windows for high-risk areas containing over $50,000 of equipment.

    Copyright:

    © All Rights Reserved
    Download as RTF, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as rtf, pdf, or txt
    of 19

    Develetech Industries

    IT SECURITY POLICY

    TABLE OF CONTENTS
    1. POLICY STATEMENT
    2. VIRUS PROTECTION
    3. PHYSICAL SECURITY OF COMPUTER EQUIPMENT
    3.1. DEFINITIONS
    3.2. CATEGORIES OF RISK
    3.3. REQUIRED PHYSICAL SECURITY
    3.4. COMPUTER SUITE
    4. ACCESS CONTROL
    5. PHYSICAL LAN SECURITY

    Develetech Industries
    IT Security Policy
    1. POLICY STATEMENT
    ItshallbetheresponsibilityoftheITServicesDepartmenttoprovideadequate
    protectionandconfidentialityofallcorporatedataandproprietarysoftwaresystems,
    whetherheldcentrally,onlocalstoragemedia,orremotely,toensurethecontinued
    availabilityofdataandprogramstoallauthorizedmembersofstaff,andtoensurethe
    integrityofalldataandconfigurationcontrols.

    SummaryofMainSecurityPolicies
    1.1.

    Confidentialityofallcompanydataistobemaintainedthroughdiscretionaryand
    mandatoryaccesscontrols,andwhereverpossibletheseaccesscontrolsshould
    meetwithC2classsecurityfunctionality.

    1.2.

    Internetandotherexternalserviceaccessisrestrictedtoauthorizedpersonnel
    only.

    1.3.

    Accesstodataonalllaptopcomputersandmobiledevicesistobesecured
    throughencryptionorothermeans,toprovideconfidentialityofcompanydatain
    theeventoflossortheftofcompanyequipment.

    1.4.

    Onlyauthorizedandlicensedsoftwaremaybeinstalled,andinstallationmayonly
    beperformedbyITServicesstaff.

    1.5.

    Theuseofunauthorizedsoftwareisprohibited.Intheeventofunauthorized
    softwarebeingdiscovered,itwillberemovedfromtheworkstationimmediately.

    1.6.

    Datamayonlybetransferredforpurposesregisteredunderthecompanysdata
    protectionregistration.

    1.7.

    Allremovablemediafromexternalsourcesmustbeviruscheckedbeforetheyare

    usedwithinthecompany.
    1.8.

    Passwordsmustconsistofamixtureofatleastsixalphanumericcharacters,must
    bechangedevery40days,andmustbeunique.

    1.9.

    WorkstationconfigurationsmayonlybechangedbyITServicesstaff.

    1.10.

    Thephysicalsecurityofcomputerequipmentwillconformtotheguidelineslaid
    downbythecompany'sinsurancecompany.

    1.11.

    TopreventthelossofavailabilityofcompanyITresources,measuresmustbe
    takentobackupdata,applications,andtheconfigurationsofallworkstations.

    2. VIRUS PROTECTION
    2.1.

    ITServiceswillhaveavailableuptodatevirusscanningsoftwareforthe
    scanningandremovalofsuspectedviruses.

    2.2.

    Corporatefileserverswillbeprotectedwithvirusscanningsoftware.

    2.3.

    Workstationsusedbyuserswhoregularlyneedtobringindatafromoutsidethe
    companywillbeprotectedbyvirusscanningsoftware.

    2.4.

    AllworkstationswillbeperiodicallyscannedbyITServices.

    2.5.

    Nomediathatisbroughtinfromoutsidethecompanyistobeuseduntilithas
    beenscannedonastandalonemachinethatisusedfornootherpurposeandnot
    connectedtothenetwork.Thescanningsoftwareonthismachinewillbeupdated
    regularly.

    2.6.

    Allsystemswillbebuiltfromoriginal,cleanmastercopieswhosewrite
    protectionhasalwaysbeeninplace.Onlyoriginalmastercopieswillbeuseduntil
    virusscanninghastakenplace.

    2.7.

    Allmediacontainingexecutablesoftwarewillbewriteprotectedwherever
    possible.

    2.8.

    Alldemonstrationsbyvendorswillberunontheirmachinesandnotthe
    companys.

    2.9.

    Sharewareisnottobeused.Ifitisabsolutelynecessarytouseshareware,itmust
    bethoroughlyscannedbeforeuse.

    2.10.

    Newcommercialsoftwarewillbescannedbeforeitisinstalled,asitoccasionally
    containsviruses.

    2.11.

    Allmediabroughtintothecompanybyfieldengineersorsupportpersonnelwill
    bescannedbyComputerServicesbeforetheyareusedonsite.

    2.12.

    Toenabledatatoberecoveredintheeventofavirusoutbreak,regularbackups
    willbetakenbyITServices.

    2.13.

    Managementstronglyendorsesthecompany'santiviruspoliciesandwillmakethe
    necessaryresourcesavailabletoimplementthem.

    2.14.

    Userswillbekeptinformedofcurrentproceduresandpolicies.

    2.15.

    Userswillbenotifiedofvirusincidents.

    2.16.

    Employeeswillbeaccountableforanybreachesofthecompany'santivirus
    policies.

    2.17.

    Antiviruspoliciesandprocedureswillbereviewedregularly.

    2.18.

    Intheeventofapossiblevirusinfection,theusermustinformITServices
    immediately.ITServiceswillthenscantheinfectedmachineanddevicesorother
    workstationstowhichthevirusmayhavespreadanderadicateit.

    3. PHYSICAL SECURITY OF COMPUTER EQUIPMENT


    PhysicalSecurityofcomputerequipmentwillcomplywiththeguidelinesasdetailed
    below.
    3.1. DEFINITIONS
    3.1.1.AREA
    Twoormoreadjacentlinkedroomswhich,forsecuritypurposes,cannotbeadequately
    segregatedinphysicalterms.
    3.1.2.COMPUTERSUITE
    Mainframe,minicomputer,fileserver,plusallinterconnectedwiring,fixeddisks,
    telecommunicationequipment,ancillary,peripheral,andterminalequipmentlinkedinto
    themainframe,containedwithinapurposebuiltcomputersuite.
    3.1.3.COMPUTEREQUIPMENT
    AllcomputerequipmentnotcontainedwithintheCOMPUTERSUITE,whichwill
    includePCs,monitors,laptops,mobiledevices,printers,andallassociatedperipheral
    equipment.
    3.1.4.HIGHRISKSITUATION(S)
    ReferstoanyroomorAREAthatisaccessible:
    *Atgroundfloorlevel
    *Atfirstfloorlevel,butaccessiblefromadjoiningroof
    *Atanylevelviaexternalfireescapesorotherfeaturesprovidingaccess
    *Inroomsinremote,concealed,orhiddenareas
    3.1.5.LOCKDOWNDEVICE(S)
    Acombinationoftwometalplates,oneforfixingtofurniture,orthebuildingstructure,
    andtheotherforrestrainingtheequipmentwhichisimmobilizedwhenthetwoplatesare
    lockedtogether.Theplateforrestrainingtheequipmentshouldincorporateanenclosure
    orothermechanismwhichwillhinderunauthorizedremovaloftheouterPCcasingand
    renderaccesstointernalcomponentsdifficult.

    3.1.6.NACOSS

    NationalApprovalCompanyforSecuritySystems

    3.2. CATEGORIES OF RISK


    3.2.1. SECURITYLEVEL1:

    ThesecuritymeasuresdetailedinLevel1are
    guidelinesforallCOMPUTEREQUIPMENTnot
    describedbelow.

    3.2.2. SECURITYLEVEL2:

    Theseguidelinesapplywhereasingleroomor
    AREAcontainsPCswherethetotalreplacement
    valueofthishardwareisLESSthan$20,000per
    roomorAREA.

    3.2.3. SECURITYLEVEL3:

    Theseguidelinesapplywhereasingleroomor
    AREAcontainsPCswherethetotalreplacement
    valueofthishardwareisbetween$20,000and
    $50,000perroomorAREA.

    3.2.4. SECURITYLEVEL4:

    Theseguidelinesapplywhereasingleroomor
    AREAcontainsPCswherethetotalreplacement
    valueofthishardwareisinexcessof$50,000per
    roomorAREA.

    3.2.5. COMPUTERSUITE:

    Theseguidelinesapplytothelocationorroom
    comprisingthepurposebuiltcomputersuite.

    3.3. REQUIRED PHYSICAL SECURITY


    ThelistbelowsummarizestherequiredfeaturesforeachSecurityLevel.
    SecurityFeature

    SecurityLevel(s)

    SecurityMarking........................................................................................................1,2,3,4
    LockingPCcase
    Computersplacedawayfromwindows......................................................................1,2,3,4
    Highrisksituationwindowlocks...............................................................................1,2,3,4
    Blindsforobservablewindows...................................................................................1,2,3,4
    Allequipment>$1,500haslockdowndevice
    (ifnointruderalarm).......................................................................................1,2,3,4
    IntruderalarminstalledbyNACOSScompany.............................................................2,3,4
    ProtectionofsignaltransmissiontoAlarmReceivingCenter.......................................2,3,4
    Assessmentoflocationofintruderalarmprotection.....................................................2,3,4
    Walktestofmovementdetectors...................................................................................2,3,4
    Checkthatmovementdetectorsnotobscured...............................................................2,3,4
    Antimaskingintruderalarmsensorsinroomorarea......................................................3,4
    Breakglassalarmsensors.................................................................................................3,4
    Individualalarmzoningofroomorarea..........................................................................3,4
    ImprovedprotectionofsignaltransmissiontoAlarmReceivingCenter.........................3,4
    Minimumroomorareaconstruction................................................................................3,4
    Doorspecificationforentrytoroomorarea....................................................................3,4
    Antimaskingintruderalarmsensorsinroomandaccessroutes.........................................4
    Alarmshuntlockondoor....................................................................................................4
    Visualoraudioalarmconfirmation.....................................................................................4
    Superiorprotectionofalarmsignaltransmission................................................................4
    Improvedroomorareaconstruction....................................................................................4
    Allexternalopeningwindowstohavelocks.......................................................................4
    Highrisksituationwindowstohaveshutters/bars..............................................................4
    3.3.1. SecurityMarking
    Allcomputerequipmentshouldbeprominentlysecuritymarkedbybrandingor
    etchingwiththenameoftheestablishmentandareapostcode.Advisorysigns
    informingthatallpropertyhasbeensecuritymarkedshouldbeprominently
    displayedexternally.Thefollowingareconsideredinferiormethodsofsecurity
    marking:textcomprisedsolelyofinitialsorabbreviations,markingbypaintor
    ultravioletink(indelibleorotherwise),oradhesivelabelsthatdonotincludean
    etchingfacility.
    3.3.2. LockingofPCcases

    PCsfittedwithlockingcaseswillbekeptlockedatalltimes.

    3.3.3. LocationofComputers
    Whereverpossible,COMPUTEREQUIPMENTshouldbekeptatleast1.5meters
    awayfromexternalwindowsinHIGHRISKSITUATIONS.
    3.3.4. OpeningWindows
    AllopeningwindowsonexternalelevationsinHIGHRISKSITUATIONSshould
    befittedwithkeyoperatedlocks.
    3.3.5. Blinds
    AllexternalwindowstoroomscontainingCOMPUTEREQUIPMENTatground
    floorlevelorotherwisevisibletothepublicshouldbefittedwithwindowblinds
    orobscurefilming.
    3.3.6. LockdownDevices
    ForanyitemofCOMPUTEREQUIPMENTwithapurchasepriceinexcessof
    $1,500whichisnotdirectlycoveredbyanintruderalarm,theprocessingunit
    shouldhaveaLOCKDOWNDEVICEfittedtotheworkstation.
    Whenitisimpossibleorundesirabletoanchorhardware,suchequipmentcanbe
    movedtoasecuritystoreorcabinetoutsidenormalhoursofoccupation.
    3.3.7. IntruderAlarm
    Anintruderalarmincorporatingthefollowingfeaturesshouldbeinstalled.
    Installation,maintenance,andmonitoringbyaNACOSSlistedcompany.
    3.3.8. ProtectionofSignalTransmission
    Unlesstelephonewiresdirectlyentertheprotectedpremisesunderground,
    signalingtotheAlarmReceivingCentershouldbebymonitoreddirectline,
    BritishTelecomRedDirectorRedcare,oraPaknetradiosignalingsystem.
    3.3.9. LocationofIntruderAlarms
    DetectiondevicesshouldbelocatedwithintheroomorAREAandelsewherein
    thepremisestoensurethatunauthorizedaccesstotheroomorAREAisnot
    possiblewithoutdetection.Thisshouldincludeanassessmentastowhether
    accessispossibleviaexternalelevations,doors,windows,androoflights.
    3.3.10. WalkTest
    Awalktestofmotiondetectorsshouldbeundertakenonaregularbasisinorder
    toensurethatallPCsarelocatedwithinthealarmprotectedarea.Thisis
    necessaryduetothepossibleongoingchangesinthepositionoffurniture,
    screens,andpartitions,whichmayseriouslyimpedethefieldofcoverprovided
    byexistingdetectiondevices.

    ForanyPCwhichisnotdirectlycoveredbyanintruderalarm,theprocessingunit
    shouldhaveaLOCKDOWNDEVICE.
    3.3.11. CheckDetectors
    Buildingmanagersshouldensure,aspartoftheirnormaldutiesatlockingup
    time,thatinternalspacedetectorshavenotbeenindividuallyobscuredorhad
    theirfieldofvisionrestricted.
    3.3.12. AntiMaskingIntruderAlarm
    Antimaskingintruderalarmmovementsensorsarerecommendedtoimmediately
    detectamovementwithintheroomorAREA.
    3.3.13. BreakGlassAlarmSensors
    BreakGlassalarmsensorstodetectforcedentrythroughexternalwindowsofthe
    roomorAREAarerecommended.
    3.3.14. AlarmZoning
    Theabilitytozonetheintruderalarmfromthemaincontrolpanelshouldbe
    providedtoenableauthorizedusageofotherareasofthebuildingoutsidenormal
    hours,whileretainingalarmdetectionwithintheroomorAREA.
    3.3.15. ImprovedProtectionofSignalTransmission
    Unlesstelephonewiresdirectlyentertheprotectedpremisesunderground,
    signalingtotheAlarmReceivingCentershouldbebymonitoreddirectline,
    BritishTelecomRedDirectorRedcare,oraPaknetradiosignalingsystem.
    3.3.16. AREAConstruction
    PartitionsseparatingtheroomorAREAfromadjoiningroomsandcorridors
    shouldbeaminimumof100mmsolidnonlightweightblockworkorbrickwork
    devoidofglazingorotheropeningsexceptforprotecteddoorsasdefinedbelow.
    Ifglazingisessentialforlightingorotherpurposes,itshouldbeupgradedby
    beingsupplementedinternallywith1.5mmmesh,securityshuttersorbars.
    3.3.17. DoorSpecification
    AlldoorsgivingaccesstotheroomorAREAbothfromwithinandoutsidethe
    buildingshouldbe,asaminimum,solidtimberandatleast45mmthick,
    preferablyunglazed.Doorsshouldhaveamortisedeadlockwithkeyregistration.
    Doorfittingsshouldcomprisethreehinges,supplementedbytwohingeboltsif
    outwardopening.InwardopeningdoorstotheroomorAREAshouldhavea
    Londonbar(ametalstripstrengtheningthelockingpostofthedoorframe).
    Whereadoorisglazedasafirerequirement,andentryiseitherpossiblethrough
    theglazing(wherethewidthorheightoftheglazingexceeds200mmineither
    direction)orbybreakingtheglazingtoreachaninternalreleasemechanism,the

    glazingshouldbesupplementedinternallywith1.5mmor7.5mmlaminated
    glass,retainingthewiredglassforfireresistance.
    3.3.18. IntruderAlarmSensorsonAccessRoutes
    Antimaskingintruderalarmmovementsensorsarerecommendedtoimmediately
    detectamovementwithintheroomorAREAandanyinternalcorridorsorrooms
    givingaccesstotheroomorAREA.
    3.3.19. AlarmShuntLock
    Thealarmshouldhavethefacilityforsettingandunsettingwithintheroomor
    AREAindependentlyofthestatusofthemainpremisescontrolpanelviaashunt
    lockontheroomorAREAaccessdoor.Itshouldnotbepossibletosetthemain
    systemiftheroomorAREAdetectionisshuntedout.
    3.3.20. AlarmConfirmation
    Visualoraudioalarmconfirmationshouldbeprovidedatthemonitoringfacility
    forallconventionaldetectionwithintheroomorAREA.
    3.3.21. SuperiorProtectionofSignalTransmission
    MonitoredsignalingtotheAlarmReceivingCentershouldbeeitherbydirectline
    orBritishTelecomRedDirect.
    3.3.22. ImprovedAREAConstruction
    PartitionsseparatingtheroomorAREAfromadjoiningroomsandcorridors
    shouldbeaminimumof150mmsolidnonlightweightblockworkorbrickwork
    devoidofglazingorotheropeningsexceptforprotecteddoorsasdefinedbelow.
    Whereglazingisessentialforlightingorotherpurposesthisshouldbeprotected
    bysecurityshuttersorbars.
    SecuredoorsgivingaccesstotheroomorAREA,fromwithinthebuilding,
    shouldbesolidtimberatleast45mmthickandunglazed.Thelockingshouldbe
    bytwomortisedeadlockswithregisteredkeys,amicroswitchbeingavailablefor
    analarmshuntlock.Doorfittingsshouldcomprisethreehinges,supplementedby
    twohingeboltsifoutwardopeningdoors.Inwardopeningdoorstoroomor
    AREAshouldhaveaLondonbar(ametalstripstrengtheningthelockingpostof
    thedoorframe).
    3.3.23. ExternalWindowstoHaveLocks
    AllopeningwindowswithintheperimeteroftheroomorAREAshouldbefitted
    withkeyoperatedwindowlocks.

    3.3.24. HIGHRISKSITUATIONS
    WheretheroomorAREAisclassifiedasbeinginaHIGHRISKSITUATION
    thefollowingadditionalprotectionshouldbeprovided.
    Windowstoexternalelevationsshouldbefittedwithsecurityshuttersorbars
    insteadoflocks.
    Anydoorintheexternalelevationshouldbeprovidedwithasecurityshutter
    wherepractical.Considerationsshouldbegiventoreplacementoffireexitdoors
    whichcannotbesecuredinthisfashion,andanyotherdoorsdesignatedasfire
    escapesbytheFirePreventionOfficer,withproprietarysecuritydoorsandframes
    fittedwithanAbloySecurXitfourpointlockingboltandanalarmvibration
    sensor.

    3.4. COMPUTER SUITE


    3.4.1. Thecomputersuiteshouldbehousedinapurposebuiltroom.
    3.4.2. PartitionsseparatingtheroomorAREAfromadjoiningroomsandcorridors
    shouldbeaminimumof150mmsolidnonlightweightblockworkorbrickwork
    devoidofglazingorotheropeningsexceptforprotecteddoorsasdefinedbelow.
    Whereglazingisessentialforlightingorotherpurposesthisshouldbeprotected
    bybars.
    3.4.3. SecuredoorsgivingaccesstotheroomorAREA,fromwithinthebuilding,
    shouldbesolidtimberatleast45mmthickandunglazed.Thelockingshouldbe
    bytwomortisedeadlockswithregisteredkeys,amicroswitchbeingavailablefor
    analarmshuntlock.Doorfittingsshouldcomprisethreehinges,supplementedby
    twohingeboltsifoutwardopeningdoors.Inwardopeningdoorstoroomor
    AREAshouldhaveaLondonbar(ametalstripstrengtheningthelockingpostof
    thedoorframe).
    3.4.4. Thecomputersuiteshouldcontainanadequateairconditioningsystemtoprovide
    astableoperatingenvironmenttoreducetheriskofsystemcrashesdueto
    componentfailure.
    3.4.5. Nowater,rainwater,ordrainagepipesshouldrunwithinorabovethecomputer
    suitetoreducetheriskofflooding.
    3.4.6. Thefloorwithinthecomputersuiteshouldbearaisedfalsefloortoallow
    computercablestorunbeneaththefloorandreducetheriskofdamageto
    computerequipmentinthecaseofflooding.
    3.4.7. Powerpointsshouldberaisedfromthefloortoallowthesmoothshutdownof
    computersystemsincaseofflooding.
    3.4.8. Wherepossible,generatorpowershouldbeprovidedtothecomputersuitetohelp
    protectthecomputersystemsinthecaseofamainpowerfailure.
    3.4.9. AccesstothecomputersuiteisrestrictedtoITServicesstaff.
    3.4.10. Allcontractorsworkingwithinthecomputersuitearetobesupervisedatall
    times,andtheITServicesSectionistobenotifiedoftheirpresenceandprovided
    withdetailsofallworktobecarriedout,atleast48hoursinadvanceofits
    commencement.

    4. ACCESS CONTROL
    4.1.

    Userswillonlybegivensufficientrightstoallsystemstoenablethemtoperform
    theirjobfunction.Userrightswillbekepttoaminimumatalltimes.

    4.2.

    Usersrequiringaccesstosystemsmustmakeawrittenapplicationontheforms
    providedbyITServices.

    4.3.

    Wherepossiblenoonepersonwillhavefullrightstoanysystem.ITServiceswill
    controlnetwork/serverpasswords,andsystempasswordswillbeassignedbythe
    systemadministratorintheenduserdepartment.
    Thesystemadministratorwillberesponsibleforthemaintainingthedataintegrity
    oftheenduserdepartmentsdataandfordeterminingenduseraccessrights.

    4.4.

    Accesstothenetwork/serversandsystemswillbebyindividualusernameand
    password.

    4.5.

    Usernamesandpasswordsmustnotbesharedbyusers.

    4.6.

    Usernamesandpasswordsshouldnotbewrittendown.

    4.7.

    Usernameswillconsistofinitialsandsurnameuptoeightcharactersinlength.

    4.8.

    Alluserswillhaveanalphanumericpasswordofatleastsixcharacters.

    4.9.

    Passwordswillexpireevery40daysandmustbeunique.

    4.10.

    Intruderdetectionwillbeimplementedwherepossible.Theuseraccountwillbe
    lockedafterthreeincorrectattempts.

    4.11.

    Userswillbegivenausernameandpasswordtologintothenetwork/serversand
    anotherpasswordtologintoindividualsystems.

    4.12.

    ITServiceswillbenotifiedofallemployeesleavingthecompany'semployment.

    4.13.

    Network/serversupervisorpasswordsandsystemsupervisorpasswordswillbe
    storedinthefiresafeinITServicesincaseofanemergency.

    4.14.

    Auditingwillbeimplementedonallsystemstorecordloginattempts/failures,
    successfullogins,andchangesmadetoallsystems.

    4.15.

    DefaultpasswordsonsystemssuchasOraclewillbechangedafterinstallation.

    4.16.

    Accesstothenetwork/serverswillberestrictedtonormalworkinghours.

    5. Physical LAN Security


    Hubs
    5.1.
    LANequipment,hubs,bridges,andrepeaterswillbekeptinsecurehubrooms.
    Hubroomswillbekeptlockedatalltimes.Accesstohubroomswillberestricted
    toITServicesstaffonly.
    Workstations
    5.2.
    Usersmustlogoutoftheirworkstationswhentheyleavetheirworkstationforany
    lengthoftime.
    5.3.

    Allunusedworkstationsmustbeswitchedoffoutsideworkinghours.

    Wiring
    5.4.
    Allnetworkwiringwillbefullydocumented.
    5.5.

    Allunusednetworkpointswillbedeactivatedwhennotinuse.

    5.6.

    Allnetworkcableswillbeperiodicallyscannedandreadingsrecordedforfuture
    reference.

    5.7.

    Usersmustnotplaceorstoreanyitemontopofnetworkcabling.

    5.8.

    Redundantcablingschemeswillbeusedwherepossible.

    MonitoringSoftware
    5.10. TheuseofLANanalyzersoftwareisrestrictedtoITServicesstaffonly.
    5.11.

    LANanalyzerswillbesecurelylockedupwhennotinuse.

    Servers
    5.12. Allserverswillbekeptsecurelyunderlockandkey.
    5.13.

    Accesstothesystemconsoleandserverdisk/tapedriveswillberestrictedto
    authorizedITServicesstaffonly.

    ElectricalSecurity
    5.14. AllserverswillbefittedwithUPSsthatalsoconditionthepowersupply.
    5.15.

    Allhubs,bridges,repeaters,andothercriticalnetworkequipmentwillalsobe
    fittedwithUPSs.

    5.16.

    Intheeventofamainpowerfailure,theUPSswillhavesufficientpowertokeep
    thenetworkandserversrunninguntilthegeneratortakesover.

    5.17.

    Softwarewillbeinstalledonallserverstoimplementanorderlyshutdowninthe
    eventofatotalpowerfailure.

    5.18.

    AllUPSswillbetestedperiodically.

    (Sourceforpolicytemplate:Ruskwig.com)

    You might also like