Upload File

team 8 policy library

11

Click here to load reader

Upload: yasir-r-khan

Post on 13-Sep-2015

216 views

Category:

Documents


1 download

Report

TRANSCRIPT

Cynthia HoldenRicardo LauHira Faheemen

The senior management for Globex Corporation formed a cross- functional team comprised of personnel from the financial, legal, human resources, marketing, and information technology organizations from Globex to address the concern of Globex potentially losing governmentally regulated company data. As the Globex team was uncertain of how to implement a risk assessment plan, Team 8 Consultants was hired and charged with identifying strategic areas of improvement for the companys information security program. Globexs senior management tasked the internal team and Group 8 Consultants with the following: Determining the Swiss privacy regulations Identifying the current information security controls Assessing the risk of data loss within Globex Developing a plan to mitigate any information security control gapsIn order to assess Globexs current state of information security, Team 8 Consultants performed an information security risk assessment and relied on the cross-functional team to supply documentation and complete questionnaires. Both the Globex team and Team 8 Consultants agree it is the responsibility of Globex to preserve the confidentiality, integrity, and availability of proprietary company and customer data. From the data gathering efforts, Team 8 Consultants identified several opportunities to decrease Globexs risk of losing regulated data, incurring expensive legal cost, and damaging Globexs corporate image. Some high-risk information security items identified by Team 8 Consultants include: Malicious hacker attacks Improper internal access to sensitive data Unaccountable company assets To combat the aforementioned high-risk items, Team 8 Consultants recommends the prompt implementation of the following polices: Information Technology Network Security Policy Data Access Policy Asset Management PolicyThe following policies are also important to strengthen Globexs overall information security posture, but postponing their implementation will not increase Globex's currently known risks. Those policies include: System/Application Domain Policy Telecommunication Policy Remote Access Policy Incident Response Policy Security Awareness and Education Policy Acceptable Use Policy Physical Security Policy

Globex Corporation Policy LibraryTable of ContentsDocument NumberDocument TypeDocument TitlePage Number

POL-001PolicyInformation Technology Network Policy3

GDL-001GuidelineInformation Technology Network Guidelines4

POL-002PolicyData Access Policy5

GDL-002GuidelineData Access Guidelines6

POL-003PolicyAsset Management Policy7

GDL-003GuidelineAsset Management Guidelines8

POL-001: Information Technology (IT) Network Security Policy001.1 JustificationThreats to Globex Corporations information technology network from external or internal forces may hinder Globex Corporations ability to preserve the confidentiality, integrity, and availability of Globex proprietary, vendor owned, and customer data. The implementation of the IT network security policy is an administrative control designed to mitigate the risks of exploited vulnerabilities to Globex Corporations IT network security. 001.2 ScopeCompliance with the Globex IT Network Security Policy is applicable to the following: All full/part-time, intern, and seasonal employees of Globex Corporation All internal and external vendors including contractors and managed service providers All telecommunication and information technology devices which interface with the network All software applications connected to the network001.3 Policy StatementSecurity controls must be in place to protect Globex Corporations IT network in order to protect information technology systems. Access to Globex Corporations IT network must be controlled and managed to help ensure the confidentiality, integrity, and availability of Globex Corporations information assets. The control owners and their responsibilities are: The CISO is responsible for the development and maintenance of the IT network security policy The IT network administrators are responsible for network patching activities, firewall maintenance, and server updates 001.4 EnforcementThe following are responsible for the enforcement of the IT network security policy: Globex IT network administrators are responsible for monitoring, investigating, and reporting violations to management Management in concert with human resources and the legal group will determine the appropriate consequences for network security policy noncompliance associated with employees and internal vendors The CEO and CIO will determine the ramifications for external vendors in noncompliance with the IT network security policyFailure to comply with the IT network security policy may include employment termination and/or legal proceedings. 001.5 Revision HistoryNovember 16, 2013 Initial document001.6 DefinitionIT Network Administrator: Sets up the network infrastructure of the company, secures network safety, maintain and monitor network flows.Section VII ReferenceInformation Technology Network Security Guideline

GDL-001 Information Technology Network Security Guidelines1. All devices that connected to the company network must be equipped with firewalls and antivirus software.2. All device firewalls should follow the standard firewall configuration set by the network administrator.3. Network monitoring is in place to prevent irregular activities and intrusion attempts. 4. All devices will have periodic (once per month) security scans to detect any existent vulnerabilities.5. Any incident found on devices are to be reported to the network administrator. The administrator will then report management. 6. Company owned devices are for work-related activities only.7. Inappropriate use of the network is prohibited. Inappropriate use includes unreasonable use of network resources, intercepting or modification of network data.8. Downloaded software must be authorized before use.

POL-002 Data Access Policy002.1 Justification Unauthorized and superfluous access to Globex Corporations proprietary and customer data exposes Globex Corporation to the risk of unauthorized disclosure of sensitive data. The unauthorized disclosure of sensitive data poses the risk of legal action, financial cost, and damage to Globexs reputation from negative media attention. The data access policy is an administrative control to mitigate the risk of unauthorized disclosure and inappropriate use of sensitive data in Globex Corporations possession.002.2 ScopeCompliance with the Globex Data Access Policy is applicable to the following: All full/part-time, intern, and seasonal employees of Globex Corporation All internal and external vendors including contractors and managed service providers All telecommunication and information technology devices used to access Globex proprietary and customer data All software and databases which store data and are utilized to perform Globex business002.3 Policy StatementProtection of Globex Corporation data is imperative for the continuation of company business. It is the responsibility of all persons employed by and doing business with Globex Corporation to maintain the confidentiality, integrity, and confidentiality of sensitive data. To prevent improper accessibility to Globex data the following administrative and technical controls are implemented: The CISO is responsible for developing and maintaining the data access policy Management is responsible for approving requests for data access based on the least privilege principle Human resources will vet all potential employees and confirm signature acknowledgement of non-disclosure agreements Information security administrators will implement firewalls into the network to prohibit dissemination of data outside of the company Information security group will establish encryption protocols to hinder the usage of sensitive data hacked or leaked from the company 002.4 EnforcementThe following are responsible for the enforcement of the network security policy: Globex information security administrators are responsible for monitoring, investigating, and reporting violations to management Globex management is responsible for performing yearly audits to review user access rights and quarterly audits for users with access to highly sensitive data Management in concert with human resources and the legal group will determine the appropriate consequences for data access policy noncompliance associated with employeesFailure to comply with the network security policy may include employment termination and/or legal proceedings.002.5 Revision HistoryNovember 18, 2013 Initial document002.6 DefinitionNot Applicable 002.7 ReferenceData Access GuidelineGDL-002 Data Access Guidelines1. The policys aim is to secure the confidentiality of company data. It is not designed to hinder business activities.2. Every login username name is unique. Password is required to have at least eight characters with mixture of numbers, letters, and special symbols.3. Personal login information must be stored secretly and not within working area.4. A request access form needs to be filed prior to granting access.5. Contact data administrator for any problem encountered within data problem.6. Report any suspicious data activity. 7. Data filed must be labeled with related sensitivity level data and with appropriate security measures8. User data access rights must be reviewed periodically and changed if suitable. 9. User is prohibited to view data beyond their access level10. User access rights must be removed after employment termination.

POL-003: Asset Management Policy

003.1 Justification

This policy is designed to support the implementation of internal inventory control procedures, asset management processes, general tracking of companys computer assets, and to save the cost of purchasing new items.

003.2 Scope

This policy is applicable to: all property as defined in this policy owned or controlled by the asset management department all employees of the company all vendors who the department has delegated property asset management responsibilities

003.3 Policy Statement

To properly maintain assets, employees should utilize assets with care, consideration, and only in the manner for which they are intended to be used. Assets should be used in support of companys business, and should not be used for a personal business or commercial enterprise.

003.4 Enforcement

The asset management department is responsible for enforcing this policy. If an asset is lost or stolen and is under the name of an employee, that employee is responsible to replace or cover up the costs of that equipment.

003.5 Revision History November 19, 2013 Initial Document

003.6 DefinitionCost: The original cost reflected in dollars and cents to include the total of the following: + purchase price + trade-in value + installation costs + freight charges - cash, commercial or volume discounts = original cost

003.7Asset Management Guideline

GDL-003 Asset Management Guidelines1. Make a register of current assets, their original cost, annual devaluation, maintenance costs, and expected disposal costs.2. Determine which assets need to be secured.3. Develop separate plans for each step of the asset management cycle.4. Create budgets for each department's asset management plan.

1


Library Policy Manual

Presentation to the Library of Birmingham team

LONDON PUBLIC LIBRARY POLICY · 2018-07-03 · LONDON PUBLIC LIBRARY POLICY Title: Monetary Charges Policy Policy Board Operational Linkage Policy Policy No.: F-R-01 Effective Date:

Team Library - Enterprise Architect

Library Presentation for Naac Team : cutm

Diversity Policy Comparison by Team C

SIX NATIONS PUBLIC LIBRARY POLICY MANUALsnpl.ca/wp-content/uploads/2012/03/1.-Prepages.pdf2012/03/01  · SIX NATIONS PUBLIC LIBRARY POLICY MANUAL Six Nations Public Library: Policy

Policy Library...33 years, healthcare professionals have benefited from our policy manager, policy library, regulatory alerts, e-learning and contract management solutions. Call us

POLICY LIBRARY Goods and Services*

Policy, Partnerships and Performance Team

Team Policy Debate Orientation

WHEELER POLICY DEBATE TEAM HANDBOOK

Distance Education Library Services Policy Manual

Collection Development Policy in College Library

Complex Spine Multidisciplinary Team Operational Policy

Collection Development Policy - imageserv11.team-logic.com...open and equal access to information for all the people that the Library serves. The Library actively seeks to serve and

Trauma team policy orientation

Mike Kennedy Compliance Auditor Policy Team

Federal Office of Rural Health Policy Policy Research Team Overview

Cornell Law Library Collection Development Policy · Cornell Law Library Collection Development Policy ... Collection Review ... the Law Library is the sole repository of a complete

Collection Development Policy - KSU | Library Systemlibrary.kennesaw.edu/docs/KSU Library System Collection Development...KSU LIBRARY SYSTEM COLLECTION DEVELOPMENT POLICY 2 Guimaraes

Personnel Policy - GENEVA PUBLIC LIBRARY - HomeGeneva Public Library Personnel Policy - 2020 2 The Library maintains a Sexual Harassment Policy as part of our commitment to maintaining

Chapter 5 Information Policy as Library Policy: Intellectual Freedom

Promoting and Firing Policy Team B2

FACE Library Policy · 5.2.1 FACE Registry Configuration Management ... Standard (FACE Technical ... (FACE™) Consortium: Library Policy 6 2. FACE Library Overview The FACE Library

Emergency Response Team Operations Policy

Library Policy Documents for Effective Library Operations

LIBRARY POLICY MANUAL - the Hunterdon County Library

Brewer Public Library Policy · 2013. 12. 15. · Brewer Public Library Policy Table of Contents ... For your child’s safety, parents are responsible ... A library friends group

AoC Policy Team

Policy Development Process Work Team...Policy Development Process Work Team Final Report & Recommendations Date: 31 May 2011 Policy Development Process Work Team Final Report & Recommendations

Enterprise Library 3.0 Policy Injection Applicatoin Block

GOVT2991 Political Analysis Library Research Skills Arts Library Services Team | University Library Karen Chilcott | Faculty Liaison Librarian

FINNISH LIBRARY NETWORK Division for Cultural Policy

Public Policy and the Library