-------------------------------------------------------------------------------------------------

Desktop Security Policy

1 OBJECTIVE

Desktops are an important source of information and their use allows them to be an ideal staging point
for intrusions and attacks. Desktop users use services like the Internet and e-mail, which can potentially
result into threats like viruses being downloaded, worms exploiting un-patched systems, hostile websites
exploiting data and so forth. This policy is intended to ensure minimum acceptable level of protection to
all desktops within Goldstone technologies and an enhanced standard of protection to critical desktops.

2 SCOPE

This policy covers all desktops used within all Goldstone Technologies facilities.

3 APPLICABILITY

This policy applies to all users of desktops within Goldstone.

4 HIGH LEVEL POLICY

All information, IT assets (both Hardware and Software) and physical infrastructure assets shall be
provided adequate security.

5 DETAILED POLICY

This policy shall be implemented and enforced through processes and procedures set by Goldstone
Technologies.
The classification for desktops within Goldstone is as below:
 Critical: The systems, compromise of which will result into loss of business or legal breaches or
render an important business function or project disrupted for an unacceptable/long period.

 Non - Critical: All other systems that are not critical.

The function heads and project managers shall identify the critical desktops within their functions and
projects.

Page 1
-------------------------------------------------------------------------------------------------
Common for all Desktops

All desktops shall have password protected Screen Savers with timeouts of 5 minutes or less.
The operating system of all desktops in Goldstone shall remain up to date with latest Service packs,
Patches, Hot-fixes.
All desktops shall be sited behind the main firewalls and protected from external networks. Desktops
outside the Goldstone firewall must have personal firewalls and hardened configurations.
All desktops shall have authorised anti-virus software installed and configured with latest signature
updates.
All desktop users should not share their hard drives. The GH should approve any exceptions.
All desktop users shall take back up of the critical data in the space allotted on project or allocated file
servers.
Asset list of critical and non-critical desktops must be maintained. GIM must maintain traceability of the
owner.
All project related desktops shall be logically segregated based on clients requirements. Physical
segregations shall be as per Goldstone Physical Security policy.
All desktops media shall be formatted before re-allocating to other user.
All desktop users shall follow the Acceptable Usage Guidelines.
All desktop users shall change LAN, and other passwords, as recommended in the - Logical access
management policy.

Critical Desktops

All critical desktop users shall rigorously update all latest patches and hot fixes.
Critical desktops within Goldstone shall not have network shares.
All desktops shall have a boot-up (BIOS) password.
Critical or sensitive data shall be password protected and transferred to a folder, the inherited access right
to this folder shall be only to the user
GIM would audit desktops every three months on a sample basis.

Non Critical Desktops

For network shares on all non-critical desktops within Goldstone, appropriate rights shall be assigned.
Password protection shall be mandatory for all shares.
GIM would audit desktops every six months on a sample basis.

6 ROLES & RESPONSIBILITIES

Page 2
-------------------------------------------------------------------------------------------------
Information Security Group Policy Ownership, Development and Maintenance

Compliance audit & risk reviews

GIM Procedure Development and Maintenance

Desktop Management

Desktop Security Configuration, Implementation and Administration

Monitoring of all Desktops

Page 3