Information Security

Standard Operating Procedure

Procedure # 1 Effective Date: --/---/2023 Email itsecurity@custodianplc.com.ng

Version 1.0 Contact: CISO Phone +234 (01) 277 4000-9

TABLE CONTENTS

1.0 Introduction...............................................................................................................................3

2.0 Purpose......................................................................................................................................3

3.0 Information security Organogram..............................................................................................3

3.0 Security Operations..................................................................................................................4

4.0 Security Monitoring.................................................................................................................13

1.0 Introduction
The Standard Security Procedure (SOP) on Information Security seeks to provide steps and
standardized procedures in the management of information security within the department.

2.0 Purpose
The main aim of the information security department’s standard operating procedure is to outline a
detailed set of instructions for activities. This ensures that tasks are performed in a predictable way,
which reduces risk and ensures stability.

3.0 Information security Organogram

Chief Information
Security Officer
(CISO/DPO)

Head, Security Head, security Head,

Cybersecurity
Operations & Architecture & Governance Risk
Analyst
Monitoring Engineering & Compliance
 Information security operations and Monitoring
 Information security architecture and Engineering
 Governance Risk and Compliance (GRC)
 Cybersecurity analyst

3.0 Security Operations

 A. Process Description: Access Management (VPN Assignment & Set-Up (Sophos))

Purpose:
To configure VPN access for users and grant permission to access critical business application while
working remotely.

Organizational Benefits

 Ability to access critical business application in a safe and secure manner via the public
internet
 Prevent the possibility of an external attackers to intercept network traffic while using public
internet.
 Protect the network from unauthorized users or intruders

Controls

 Duly completed User Access Form must be approved by the Confederal/Unit Head,
Divisional Head, Head of Internal Control and the Chief Information Security Officer.
 Submitted forms must be duly archived for future reference.

Procedures:
How to setup Sophos VPN

Once your user account has been set up for MFA, you will need to download the Sophos
Authenticator app on either your mobile phone (iOS or Android stores), the app logo is shown
below.

Next, go to the URL below to access your Sophos user portal:

 https://10.200.2.2/ for users in the office

 https://80.248.14.55/ for users working remotely.

i. Sign in with your PC username and password.

ii. Once you have logged in, a screen will appear with a barcode. You will be asked to
scan the QR code on the app downloaded on your mobile phone, as shown in the
image below

iii. On your app, you will also see the option to scan the QR code. Select the option and
scan the QR code and you are all set!

iv. You will see a screen on your Authenticator app like the screenshot below, displaying
the OTP you will use for subsequent logons to the user portal & Sophos Connect app
v. Navigate to VPN and download the install package for windows and Sophos SSL
VPN

vi. Double-click The Sophos VPN Connect application icon after installation

vii. Import SSL configuration and connect to the Sophos Connect VPN

viii. Connect using the User’ Username and password (password & 6 digits from the
authenticator app)
 ix. A green check indicated User is connected

B. Process Description: Data loss prevention (Bit locker Creation & Change of Pin)

Purpose:
To prevent data loss and unauthorized access to company’s data.
Organizational Benefits

 Users’ data/information is safe in the event of when the laptop is stolen or misplaced.
 Protect company’s data and information against data breaches
Controls

 Laptops are encrypted during onboarding with state-of-the-art encryption mechanism.

 Encryption keys are centrally managed in the event of forget PIN or wrong PIN.
Procedures
Bit locker Setup:
i. Once your PC has been configured for Device Encryption, you will get a pop-up page
asking you to set your encryption PIN. See screenshot below. Type in your desired
PIN in line with the specifications displayed in the image.

ii. Once your PIN has been set, your PC will restart to save the configuration on your
PC. Once your PC restarts, you will be prompted to put in the PIN you have set, see
screenshot. Type in your correct PIN and hit Enter

iii. You will be prompted for this PIN every time you start up your PC.
As such you need to always remember this PIN, as you will not have access to your
PC without it.

Change of PIN
 iv. Navigate to the “This PC” icon on your computer and double click

v. Right-click on “Windows (C:)” and click on manage Bit locker

C. Process Description: Data loss Prevention (Peripheral Exemption)

Purpose:

To prevent data loss through the use of peripheral like USB, DISK and cloud storage platform

Organizational Benefits

 Prevent unauthorized access to user’s personal data/information

 Prevent unauthorized access to company’s data/information
Controls

 Duly completed User Access Form must be approved by the Confederal/Unit Head,
Divisional Head, Head of Internal Control, and the Chief Information Security Officer.
 Submitted forms must be duly archived for future reference.
 Systems must have the Sophos anti-malware protection.
Procedures:
i. Navigate and log on to Sophos Central 

 
ii. Navigate to Policies and click on peripheral  

iii. From the policies/peripheral control exemption, select the computer user you want
to exempt and move it to the assigned computers 

 
 

Peripheral Exemptions 
  Click the Peripheral Exemptions fold-out if you want to exempt individual peripherals from
the control settings or apply less restrictive controls. 

 Click Add Exemptions. 

 In the Add Peripheral Exemptions dialog, you see a list of detected peripherals. 

 Select a peripheral. 

 Click Add Exemption(s). 

D. Process Description: Threat Prevention (Isolating affected systems)

Purpose:
To avoid the lateral movement of malware from compromised systems to other network nodes in the
enterprise network

Organizational Benefits

 Threats are contained

 Threats are contained and the impact are minimized
Controls

 Alerts are received from Sophos central of the presence of potentially unwanted applications
(PUA) in a given system
 Alerts are analyzed before isolation.

Procedures:

Isolation is an essential feature to isolate a device from the network to avoid the spread of malware or
to investigate cases that threaten the entire network’s security. Isolators can still be managed and un-
isolated at any time from Sophos Central.

From the Endpoint/Server Protection interface. Select Computer/Server and select a computer or
server you want to isolate. Click Isolation.
When clicking Isolation, a window will appear to confirm the reason the device is isolated. Then also
click Isolation.

The system is now isolated.

4.0 Security Monitoring

A. Process Description: Security incident & Event Management (Log360 SIEM)

Purpose
To monitor security incidents and events around the active directory as well as correlates log data
from different devices to detect complex attack patterns and advanced persistent threats.

Organizational Benefits
 Keep logs of user’s activity

 Provides security visibility and audit trails for forensic investigation purposes

Controls
 Organization’s servers must be configured to join the domain.
  A distribution servers must be configured within the infrastructure for quick access to the
Log360 cloud solution
 Cloud agents must be running to poll events and incidents from the cloud.

Procedures:
I. Configure Log360 Cloud Agent

To sync Log360 Cloud with the Log360 Cloud Agent, you will have to obtain the security access key of
Log360 Cloud and enter it in the Log360 Cloud Agent installation.

To obtain the security access key of Log360 Cloud, follow the steps given below.

 Open Log360 Cloud and select the Settings tab.

 Then navigate to Log360Cloud Agent under Admin Settings.
 The access key will be available in Step 3 of the page.

To enter the access key in the Log360 Agent console, follow the steps given below.

 If you have not downloaded the Log360 Cloud Agent already, please download it first
 Run the Log360CloudAgent.msi file. An installation wizard will begin.
  Follow the steps given in the installation wizard to start the installation.

 On starting the installation, you will be prompted for an Access Key. Enter the access key that
was obtained from Log360 Cloud and click OK.

 Now the installation will be completed.

On completing the installation, data synchronization will begin, and Log360 Cloud Agent will start
pushing logs to the cloud.

ii. Configure advanced threat analytics

 Login to Log360 Cloud and navigate to Settings → Admin Settings → Threat Management.
 Enable the Default Threat Server and Advanced Threat Analytics options.
 Now the threat feeds have been enabled.