Professional Documents
Culture Documents
Cyber Security and Security Training
Cyber Security and Security Training
Issue # 02
NISHAT MILLS LIMITED 09/02/2022
Factory Security Manual
CYBER SECURITY
Cybersecurity is the activity or process that focuses on protecting computers, networks, programs, and data
from unintended or unauthorized access, change or destruction. It is the process of identifying, analyzing,
assessing, and communicating a cyber-related risk and accepting, avoiding, transferring, or mitigating it to an
acceptable level, considering costs and benefits taken.
We are committed for comprehensive and documented cyber security policy to protect IT systems with
identify and resolve threats. Policy is reviewed and updated annually.
IT systems have taken following security measures:
1-Password Protection
2-Email
3-Personnel
BLOCKING
To block specific users from using specific servers, or to block access to the following TCP/IP or UDP based
services including:
1. Email (POP and SMTP)
2. Web browsing (HTTP)
3. News (NNTP)
4. Telnet
5. FTP
In order to block network games (e.g. Doom and Quake) and customized protocols (e.g. IRC and Point Cast), we
have the ability to block or disrupt sessions based on the protocol being used, the origin or destination address,
the URL, or the content. We can block by rule or in real-time in response to an alert. When a session matches the
conditions of a rule, we can also define an action that will dynamically build a new rule to block future sessions
with these properties, or terminate a session when an intrusion is detected or a company security policy is
violated.
Passwords are an important aspect of computer security. They are the front line of protection for
user accounts. A poorly chosen password may result harmful for company and user data all the users are
responsible for taking the appropriate steps, as outlined below, to select and secure their passwords. The
purpose of this policy is to establish a standard for creation of strong passwords, the protection of those
passwords, and the frequency of change. As per this password policy user account information at NML is
password-protected for privacy and security.
SCOPE
The scope of this policy includes all personnel who have or are responsible for an account (or any form of access
that supports or requires a password) on any system that resides at NML
USER RIGHTS
We have assigned rights to each user on database level. User cannot enter, update or delete data records unless
he has the specified rights.
GENERAL
All system-level passwords (e.g., root, enable, NT admin, application administrator user accounts, email
administrator accounts etc.) must be changed on at least a quarterly basis.
All user-level passwords (e.g., email, web, desktop computer, etc.) must be changed at least every three
months. The recommended change interval is every 15 days.
User accounts that have system-level privileges granted through group account or programs such as "oracle"
must have a unique password from all other accounts held by that user.
Passwords must not be inserted into email messages or other forms of electronic communication.
All user-level and system-level passwords must conform to the guidelines described below.
2) VISITORS/OUTSIDERS
3) All kind of visitors, auditors, contractors, consultants who are not directly employed by the Nishat will not be
allowed to access company electronic computerized database to comply with the complete IT security
measures.
QAD/PLPM/01
Issue # 02
NISHAT MILLS LIMITED 09/02/2022
Factory Security Manual