Professional Documents
Culture Documents
Information Security SOP
Information Security SOP
1.0 Introduction...............................................................................................................................3
2.0 Purpose......................................................................................................................................3
2.0 Purpose
The main aim of the information security department’s standard operating procedure is to outline a
detailed set of instructions for activities. This ensures that tasks are performed in a predictable way,
which reduces risk and ensures stability.
Chief Information
Security Officer
(CISO/DPO)
Purpose:
To configure VPN access for users and grant permission to access critical business application while
working remotely.
Organizational Benefits
Ability to access critical business application in a safe and secure manner via the public
internet
Prevent the possibility of an external attackers to intercept network traffic while using public
internet.
Protect the network from unauthorized users or intruders
Controls
Duly completed User Access Form must be approved by the Confederal/Unit Head,
Divisional Head, Head of Internal Control and the Chief Information Security Officer.
Submitted forms must be duly archived for future reference.
Procedures:
How to setup Sophos VPN
Once your user account has been set up for MFA, you will need to download the Sophos
Authenticator app on either your mobile phone (iOS or Android stores), the app logo is shown
below.
iii. On your app, you will also see the option to scan the QR code. Select the option and
scan the QR code and you are all set!
iv. You will see a screen on your Authenticator app like the screenshot below, displaying
the OTP you will use for subsequent logons to the user portal & Sophos Connect app
v. Navigate to VPN and download the install package for windows and Sophos SSL
VPN
vi. Double-click The Sophos VPN Connect application icon after installation
vii. Import SSL configuration and connect to the Sophos Connect VPN
viii. Connect using the User’ Username and password (password & 6 digits from the
authenticator app)
ix. A green check indicated User is connected
B. Process Description: Data loss prevention (Bit locker Creation & Change of Pin)
Purpose:
To prevent data loss and unauthorized access to company’s data.
Organizational Benefits
Users’ data/information is safe in the event of when the laptop is stolen or misplaced.
Protect company’s data and information against data breaches
Controls
ii. Once your PIN has been set, your PC will restart to save the configuration on your
PC. Once your PC restarts, you will be prompted to put in the PIN you have set, see
screenshot. Type in your correct PIN and hit Enter
iii. You will be prompted for this PIN every time you start up your PC.
As such you need to always remember this PIN, as you will not have access to your
PC without it.
Change of PIN
iv. Navigate to the “This PC” icon on your computer and double click
Purpose:
To prevent data loss through the use of peripheral like USB, DISK and cloud storage platform
Organizational Benefits
Duly completed User Access Form must be approved by the Confederal/Unit Head,
Divisional Head, Head of Internal Control, and the Chief Information Security Officer.
Submitted forms must be duly archived for future reference.
Systems must have the Sophos anti-malware protection.
Procedures:
i. Navigate and log on to Sophos Central
ii. Navigate to Policies and click on peripheral
iii. From the policies/peripheral control exemption, select the computer user you want
to exempt and move it to the assigned computers
Peripheral Exemptions
Click the Peripheral Exemptions fold-out if you want to exempt individual peripherals from
the control settings or apply less restrictive controls.
Select a peripheral.
Purpose:
To avoid the lateral movement of malware from compromised systems to other network nodes in the
enterprise network
Organizational Benefits
Alerts are received from Sophos central of the presence of potentially unwanted applications
(PUA) in a given system
Alerts are analyzed before isolation.
Procedures:
Isolation is an essential feature to isolate a device from the network to avoid the spread of malware or
to investigate cases that threaten the entire network’s security. Isolators can still be managed and un-
isolated at any time from Sophos Central.
From the Endpoint/Server Protection interface. Select Computer/Server and select a computer or
server you want to isolate. Click Isolation.
When clicking Isolation, a window will appear to confirm the reason the device is isolated. Then also
click Isolation.
Purpose
To monitor security incidents and events around the active directory as well as correlates log data
from different devices to detect complex attack patterns and advanced persistent threats.
Organizational Benefits
Keep logs of user’s activity
Provides security visibility and audit trails for forensic investigation purposes
Controls
Organization’s servers must be configured to join the domain.
A distribution servers must be configured within the infrastructure for quick access to the
Log360 cloud solution
Cloud agents must be running to poll events and incidents from the cloud.
Procedures:
I. Configure Log360 Cloud Agent
To sync Log360 Cloud with the Log360 Cloud Agent, you will have to obtain the security access key of
Log360 Cloud and enter it in the Log360 Cloud Agent installation.
To obtain the security access key of Log360 Cloud, follow the steps given below.
To enter the access key in the Log360 Agent console, follow the steps given below.
If you have not downloaded the Log360 Cloud Agent already, please download it first
Run the Log360CloudAgent.msi file. An installation wizard will begin.
Follow the steps given in the installation wizard to start the installation.
On starting the installation, you will be prompted for an Access Key. Enter the access key that
was obtained from Log360 Cloud and click OK.
On completing the installation, data synchronization will begin, and Log360 Cloud Agent will start
pushing logs to the cloud.
Login to Log360 Cloud and navigate to Settings → Admin Settings → Threat Management.
Enable the Default Threat Server and Advanced Threat Analytics options.
Now the threat feeds have been enabled.