SlideShare a Scribd company logo

Consensus Policy Resource CommunityRemote Access Polic

Download as DOCX, PDF
A
AlleneMcclendon878

Consensus Policy Resource Community Remote Access Policy1. Overview Remote access to our corporate network is essential to maintain our Team’s productivity, but in many cases this remote access originates from networks that may already be compromised or are at a significantly lower security posture than our corporate network. While these remote networks are beyond the control of Hypergolic Reactions, LLC policy, we must mitigate these external risks the best of our ability.2. Purpose The purpose of this policy is to define rules and requirements for connecting to <Company Name>'s network from any host. These rules and requirements are designed to minimize the potential exposure to <Company Name> from damages which may result from unauthorized use of <Company Name> resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, damage to critical <Company Name> internal systems, and fines or other financial liabilities incurred as a result of those losses. 3. Scope This policy applies to all <Company Name> employees, contractors, vendors and agents with a <Company Name>-owned or personally-owned computer or workstation used to connect to the <Company Name> network. This policy applies to remote access connections used to do work on behalf of <Company Name>, including reading or sending email and viewing intranet web resources. This policy covers any and all technical implementations of remote access used to connect to <Company Name> networks. 4. Policy It is the responsibility of <Company Name> employees, contractors, vendors and agents with remote access privileges to <Company Name>'s corporate network to ensure that their remote access connection is given the same consideration as the user's on-site connection to <Company Name>. General access to the Internet for recreational use through the <Company Name> network is strictly limited to <Company Name> employees, contractors, vendors and agents (hereafter referred to as “Authorized Users”). When accessing the <Company Name> network from a personal computer, Authorized Users are responsible for preventing access to any <Company Name> computer resources or data by non-Authorized Users. Performance of illegal activities through the <Company Name> network by any user (Authorized or otherwise) is prohibited. The Authorized User bears responsibility for and consequences of misuse of the Authorized User’s access. For further information and definitions, see the Acceptable Use Policy. Authorized Users will not use <Company Name> networks to access the Internet for outside business interests. For additional information regarding <Company Name>'s remote access connection options, including how to obtain a remote access login, free anti-virus software, troubleshooting, etc., go to the Remote Access Services website (company url). 4.1 Requirements 4.1.1 Secure remote access must be strictly controlled with encryption (i.e., Virt ...

Education
1 of 11
Consensus Policy Resource Community Remote Access Policy1. Overview Remote access to our corporate network is essential to maintain our Team’s productivity, but in many cases this remote access originates from networks that may already be compromised or are at a significantly lower security posture than our corporate network. While these remote networks are beyond the control of Hypergolic Reactions, LLC policy, we must mitigate these external risks the best of our ability.2. Purpose The purpose of this policy is to define rules and requirements for connecting to <Company Name>'s network from any host. These rules and requirements are designed to minimize the potential exposure to <Company Name> from damages which may result from unauthorized use of <Company Name> resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, damage to critical <Company Name> internal systems, and fines or other financial liabilities incurred as a result of those losses. 3. Scope This policy applies to all <Company Name> employees, contractors, vendors and agents with a <Company Name>- owned or personally-owned computer or workstation used to connect to the <Company Name> network. This policy applies to remote access connections used to do work on behalf of <Company Name>, including reading or sending email and viewing intranet web resources. This policy covers any and all technical implementations of remote access used to connect to <Company Name> networks. 4. Policy
It is the responsibility of <Company Name> employees, contractors, vendors and agents with remote access privileges to <Company Name>'s corporate network to ensure that their remote access connection is given the same consideration as the user's on-site connection to <Company Name>. General access to the Internet for recreational use through the <Company Name> network is strictly limited to <Company Name> employees, contractors, vendors and agents (hereafter referred to as “Authorized Users”). When accessing the <Company Name> network from a personal computer, Authorized Users are responsible for preventing access to any <Company Name> computer resources or data by non- Authorized Users. Performance of illegal activities through the <Company Name> network by any user (Authorized or otherwise) is prohibited. The Authorized User bears responsibility for and consequences of misuse of the Authorized User’s access. For further information and definitions, see the Acceptable Use Policy. Authorized Users will not use <Company Name> networks to access the Internet for outside business interests. For additional information regarding <Company Name>'s remote access connection options, including how to obtain a remote access login, free anti-virus software, troubleshooting, etc., go to the Remote Access Services website (company url). 4.1 Requirements 4.1.1 Secure remote access must be strictly controlled with encryption (i.e., Virtual Private Networks (VPNs)) and strong pass-phrases. For further information see the Acceptable Encryption Policy and the Password Policy. 4.1.2 Authorized Users shall protect their login and password, even from family members. 4.1.3 While using a <Company Name>-owned computer to
remotely connect to <Company Name>'s corporate network, Authorized Users shall ensure the remote host is not connected to any other network at the same time, with the exception of personal networks that are under their complete control or under the complete control of an Authorized User or Third Party. 4.1.4 Use of external resources to conduct <Company Name> business must be approved in advance by InfoSec and the appropriate business unit manager. 4.1.5 All hosts that are connected to <Company Name> internal networks via remote access technologies must use the most up- to-date anti-virus software (place url to corporate software site here), this includes personal computers. Third party connections must comply with requirements as stated in the Third Party Agreement. 4.1.6 Personal equipment used to connect to <Company Name>'s networks must meet the requirements of <Company Name>-owned equipment for remote access as stated in the Hardware and Software Configuration Standards for Remote Access to <Company Name> Networks. 5. Policy Compliance 5.1 Compliance Measurement The Infosec Team will verify compliance to this policy through various methods, including but not limited to, periodic walk- thrus, video monitoring, business tool reports, internal and external audits, and inspection, and will provide feedback to the policy owner and appropriate business unit manager. 5.2 Exceptions Any exception to the policy must be approved by Remote Access Services and the Infosec Team in advance. 5.3 Non- Compliance An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. 6 Related Standards, Policies and Processes Please review the following policies for details of protecting information when accessing the corporate network via remote access methods, and acceptable use of <Company Name>’s
network: · Acceptable Encryption Policy · Acceptable Use Policy · Password Policy · Third Party Agreement · Hardware and Software Configuration Standards for Remote Access to <Company Name> Networks 7 Revision HistoryDate of ChangeResponsibleSummary of ChangeJune 2014SANS Policy TeamUpdated and converted to new format.April 2015Christopher Jarko Added an Overview; created a group term for company employees, contractors, etc. (“Authorized Users”); strengthened the policy by explicitly limiting use of company resources to Authorized Users only; combined Requirements when possible, or eliminated Requirements better suited for a Standard (and added a reference to that Standard); consolidated list of related references to end of Policy. SANS Institute 2014 – All Rights Reserved Page 3 Consensus Policy Resource Community Employee Internet Use Monitoring and FilteringPolicy Free Use Disclaimer:This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is no prior approval required. If you would like to contribute a new policy or updated version of this policy, please send email to [email protected].
Last Update Status: Retired1. Overview See Purpose.2. Purpose The purpose of this policy is to define standards for systems that monitor and limit web use from any host within <Company Name>'s network. These standards are designed to ensure employees use the Internet in a safe and responsible manner, and ensure that employee web use can be monitored or researched during an incident. 3. Scope This policy applies to all <Company Name> employees, contractors, vendors and agents with a <Company Name>- owned or personally-owned computer or workstation connected to the <Company Name> network. This policy applies to all end user initiated communications between <Company Name>’s network and the Internet, including web browsing, instant messaging, file transfer, file sharing, and other standard and proprietary protocols. Server to Server communications, such as SMTP traffic, backups, automated data transfers or database communications are excluded from this policy. 4. Policy 4.1 Web Site Monitoring The Information Technology Department shall monitor Internet use from all computers and devices connected to the corporate network. For all traffic the monitoring system must record the source IP Address, the date, the time, the protocol, and the destination site or server. Where possible, the system should record the User ID of the person or account initiating the traffic. Internet Use records must be preserved for 180 days. 4.2 Access to Web Site Monitoring Reports General trending and activity reports will be made avail able to any employee as needed upon request to the Information Technology Department. Computer Security Incident Response Team (CSIRT) members may access all reports and data if
necessary to respond to a security incident. Internet Use reports that identify specific users, sites, teams, or devices will only be made available to associates outside the CSIRT upon written or email request to Information Systems from a Human Resources Representative. 3.3 Internet Use Filtering System The Information Technology Department shall block access to Internet websites and protocols that are deemed inappropriate for <Company Name>’s corporate environment. The following protocols and categories of websites should be blocked: · Adult/Sexually Explicit Material · Advertisements & Pop-Ups · Chat and Instant Messaging · Gambling · Hacking · Illegal Drugs · Intimate Apparel and Swimwear · Peer to Peer File Sharing · Personals and Dating · Social Network Services · SPAM, Phishing and Fraud · Spyware · Tasteless and Offensive Content · Violence, Intolerance and Hate · Web Based Email 3.4 Internet Use Filtering Rule Changes The Information Technology Department shall periodically review and recommend changes to web and protocol filtering rules. Human Resources shall review these recommendations and decide if any changes are to be made. Changes to web and protocol filtering rules will be recorded in the Internet Use Monitoring and Filtering Policy. 3.5 Internet Use Filtering Exceptions
If a site is mis-categorized, employees may request the site be un-blocked by submitting a ticket to the Information Technology help desk. An IT employee will review the request and un-block the site if it is mis-categorized. Employees may access blocked sites with permission if appropriate and necessary for business purposes. If an employee needs access to a site that is blocked and appropriately categorized, they must submit a request to their Human Resources representative. HR will present all approved exception requests to Information Technology in writing or by email. Information Technology will unblock that site or category for that associate only. Information Technology will track approved exceptions and report on them upon request. 5. Policy Compliance 5.1 Compliance Measurement The Infosec team will verify compliance to this policy through various methods, including but not limited to, periodic walk- thrus, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner. 5.2 Exceptions Any exception to the policy must be approved by the Infosec team in advance. 5.3 Non-Compliance An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. 6 Related Standards, Policies and Processes None. 7 Definitions and Terms The following definition and terms can be found in the SANS Glossary located at: https://www.sans.org/security-resources/glossary-of-terms/ · Peer to Peer File Sharing · Social Networking Services · SPAM · Phishing · Hacking8 Revision HistoryDate of
ChangeResponsibleSummary of ChangeJuly 2014SANS Policy TeamConverted to new format and retired SANS Institute 2014 – All Rights Reserved Page 1 Consensus Policy Resource Community Security Response Plan Policy Free Use Disclaimer:This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is no prior approval required. If you would like to contribute a new policy or updated version of this policy, please send email to [email protected]. Last Update Status:Updated June 20141 Overview A Security Response Plan (SRP) provides the impetus for security and business teams to integrate their efforts from the perspective of awareness and communication, as well as coordinated response in times of crisis (security vulnerability identified or exploited). Specifically, an SRP defines a product description, contact information, escalation paths, expected service level agreements (SLA), severity and impact classification, and mitigation/remediation timelines. By requiring business units to incorporate an SRP as part of their business continuity operations and as new products or services are developed and prepared for release to consumers, ensures that when an incident occurs, swift mitigation and remediation ensues. 2 Purpose The purpose of this policy is to establish the requirement that all business units supported by the Infosec team develop and maintain a security response plan. This ensures that security
incident management team has all the necessary information to formulate a successful response should a specific security incident occur. 3 Scope This policy applies any established and defined business unity or entity within the <Company Name>.Policy The development, implementation, and execution of a Security Response Plan (SRP) are the primary responsibility of the specific business unit for whom the SRP is being developed in cooperation with the Infosec Team. Business units are expected to properly facilitate the SRP for applicable to the service or products they are held accountable. The business unit security coordinator or champion is further expected to work with the <organizational information security unit> in the development and maintenance of a Security Response Plan. 4.1 Service or Product Description The product description in an SRP must clearly define the service or application to be deployed with additional attention to data flows, logical diagrams, architecture considered highly useful. 4.2 Contact Information The SRP must include contact information for dedicated team members to be available during non-business hours should an incident occur and escalation be required. This may be a 24/7 requirement depending on the defined business value of the service or product, coupled with the impact to customer. The SRP document must include all phone numbers and email addresses for the dedicated team member(s). 4.3 Triage The SRP must define triage steps to be coordinated with the security incident management team in a cooperative manner with the intended goal of swift security vulnerability mitigation. This step typically includes validating the reported vulnerability
or compromise. 4.4 Identified Mitigations and Testing The SRP must include a defined process for identifying and testing mitigations prior to deployment. These details should include both short-term mitigations as well as the remediation process. 4.5 Mitigation and Remediation Timelines The SRP must include levels of response to identified vulnerabilities that define the expected timelines for repair based on severity and impact to consumer, brand, and company. These response guidelines should be carefully mapped to level of severity determined for the reported vulnerability. 5 Policy Compliance 5.1 Compliance Measurement Each business unit must be able to demonstrate they have a written SRP in place, and that it is under version control and is available via the web. The policy should be reviewed annually. 5.2 Exceptions Any exception to this policy must be approved by the Infosec Team in advance and have a written record. 5.3 Non-Compliance Any business unit found to have violated (no SRP developed prior to service or product deployment) this policy may be subject to delays in service or product release until such a time as the SRP is developed and approved. Responsible parties may be subject to disciplinary action, up to and including termination of employment, should a security incident occur in the absence of an SRP6 Related Standards, Policies and Processes None. 7 Definitions and Terms None.8 Revision HistoryDate of ChangeResponsibleSummary of ChangeJune 2014SANS Policy TeamUpdated and converted to
new format. SANS Institute 2014 – All Rights Reserved Page 3

Recommended

POLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓN
POLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓNPOLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓN
POLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓNLuis Antonio Bustillos López
 
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxSample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxtodd331
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template Demand Metric
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security PoliciesAamir Sohail
 
Rules of Behavior
Rules of BehaviorRules of Behavior
Rules of BehaviorGovCloud Network
 
Medical facility network design
Medical facility network designMedical facility network design
Medical facility network designnephtalie
 
Cyber Defense Team's Security Policy
Cyber Defense Team's Security PolicyCyber Defense Team's Security Policy
Cyber Defense Team's Security PolicyKunal Sharma
 
Risk Management of Email and Internet Use in the Workplace by John.docx
Risk Management of Email and Internet Use in the Workplace by John.docxRisk Management of Email and Internet Use in the Workplace by John.docx
Risk Management of Email and Internet Use in the Workplace by John.docxhealdkathaleen
 

Recommended

POLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓN
POLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓNPOLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓN
POLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓNLuis Antonio Bustillos López
 
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxSample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxtodd331
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template Demand Metric
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security PoliciesAamir Sohail
 
Rules of Behavior
Rules of BehaviorRules of Behavior
Rules of BehaviorGovCloud Network
 
Medical facility network design
Medical facility network designMedical facility network design
Medical facility network designnephtalie
 
Cyber Defense Team's Security Policy
Cyber Defense Team's Security PolicyCyber Defense Team's Security Policy
Cyber Defense Team's Security PolicyKunal Sharma
 
Risk Management of Email and Internet Use in the Workplace by John.docx
Risk Management of Email and Internet Use in the Workplace by John.docxRisk Management of Email and Internet Use in the Workplace by John.docx
Risk Management of Email and Internet Use in the Workplace by John.docxhealdkathaleen
 
A)  Richman Investments requires the enforcement of strict ingre.docx
A)  Richman Investments requires the enforcement of strict ingre.docxA)  Richman Investments requires the enforcement of strict ingre.docx
A)  Richman Investments requires the enforcement of strict ingre.docxronak56
 
IT Policy
IT PolicyIT Policy
IT PolicySensewareInfomedia
 
Acceptable Use Policy
Acceptable Use PolicyAcceptable Use Policy
Acceptable Use PolicyChase Hubbard
 
Internet usage policy(1)
Internet usage policy(1)Internet usage policy(1)
Internet usage policy(1)scobycakau
 
Week - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxWeek - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxmelbruce90096
 
IT Network Security Policy
IT Network Security PolicyIT Network Security Policy
IT Network Security Policyssuser06c4a6
 
CSIA 413 Cybersecurity Policy, Plans, and Programs.docx
CSIA 413 Cybersecurity Policy, Plans, and Programs.docxCSIA 413 Cybersecurity Policy, Plans, and Programs.docx
CSIA 413 Cybersecurity Policy, Plans, and Programs.docxmydrynan
 
Discussion Post an article review (minimum of 200 words) relat
Discussion Post an article review (minimum of 200 words) relatDiscussion Post an article review (minimum of 200 words) relat
Discussion Post an article review (minimum of 200 words) relatLyndonPelletier761
 
Sec440: Server Malware Protection Policy
Sec440: Server Malware Protection PolicySec440: Server Malware Protection Policy
Sec440: Server Malware Protection PolicyThomas Christopher Ty
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 
Capstone Finished
Capstone FinishedCapstone Finished
Capstone FinishedKapricia Morris
 
Access control policy
Access control policyAccess control policy
Access control policyBsmah Fahad
 
Advanced Solutions For Website Compliance
Advanced Solutions For Website ComplianceAdvanced Solutions For Website Compliance
Advanced Solutions For Website ComplianceADA Site Compliance
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016Karla Sasser, CPA CITP, CIA, CGMA
 
08 pdf show-239
08 pdf show-23908 pdf show-239
08 pdf show-239#TheFraudTube
 
Developing a VPN Policy and EnforcingVPN Best PracticesEnt.docx
Developing a VPN Policy and EnforcingVPN Best PracticesEnt.docxDeveloping a VPN Policy and EnforcingVPN Best PracticesEnt.docx
Developing a VPN Policy and EnforcingVPN Best PracticesEnt.docxlynettearnold46882
 
Internet Policy Final Project (Group 6)
Internet Policy Final Project (Group 6)Internet Policy Final Project (Group 6)
Internet Policy Final Project (Group 6)Matthew Charles
 
Running head THE NETWORK INFASTRUCTURE OF JETS INC1THE NETWORK.docx
Running head THE NETWORK INFASTRUCTURE OF JETS INC1THE NETWORK.docxRunning head THE NETWORK INFASTRUCTURE OF JETS INC1THE NETWORK.docx
Running head THE NETWORK INFASTRUCTURE OF JETS INC1THE NETWORK.docxjeanettehully
 
BYOD
BYODBYOD
BYODR. Curtis Roth
 
IS4799 Final Project (1)
IS4799 Final Project (1)IS4799 Final Project (1)
IS4799 Final Project (1)Mark Milburn
 
Explain in your own words why it is important to read a statistical .docx
Explain in your own words why it is important to read a statistical .docxExplain in your own words why it is important to read a statistical .docx
Explain in your own words why it is important to read a statistical .docxAlleneMcclendon878
 
Explain how Matthew editedchanged Marks Gospel for each of the fol.docx
Explain how Matthew editedchanged Marks Gospel for each of the fol.docxExplain how Matthew editedchanged Marks Gospel for each of the fol.docx
Explain how Matthew editedchanged Marks Gospel for each of the fol.docxAlleneMcclendon878
 

More Related Content

Similar to Consensus Policy Resource CommunityRemote Access Polic

A)  Richman Investments requires the enforcement of strict ingre.docx
A)  Richman Investments requires the enforcement of strict ingre.docxA)  Richman Investments requires the enforcement of strict ingre.docx
A)  Richman Investments requires the enforcement of strict ingre.docxronak56
 
Acceptable Use Policy
Acceptable Use PolicyAcceptable Use Policy
Acceptable Use PolicyChase Hubbard
 
Internet usage policy(1)
Internet usage policy(1)Internet usage policy(1)
Internet usage policy(1)scobycakau
 
Week - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxWeek - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxmelbruce90096
 
IT Network Security Policy
IT Network Security PolicyIT Network Security Policy
IT Network Security Policyssuser06c4a6
 
CSIA 413 Cybersecurity Policy, Plans, and Programs.docx
CSIA 413 Cybersecurity Policy, Plans, and Programs.docxCSIA 413 Cybersecurity Policy, Plans, and Programs.docx
CSIA 413 Cybersecurity Policy, Plans, and Programs.docxmydrynan
 
Discussion Post an article review (minimum of 200 words) relat
Discussion Post an article review (minimum of 200 words) relatDiscussion Post an article review (minimum of 200 words) relat
Discussion Post an article review (minimum of 200 words) relatLyndonPelletier761
 
Sec440: Server Malware Protection Policy
Sec440: Server Malware Protection PolicySec440: Server Malware Protection Policy
Sec440: Server Malware Protection PolicyThomas Christopher Ty
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 
Access control policy
Access control policyAccess control policy
Access control policyBsmah Fahad
 
Advanced Solutions For Website Compliance
Advanced Solutions For Website ComplianceAdvanced Solutions For Website Compliance
Advanced Solutions For Website ComplianceADA Site Compliance
 
Developing a VPN Policy and EnforcingVPN Best PracticesEnt.docx
Developing a VPN Policy and EnforcingVPN Best PracticesEnt.docxDeveloping a VPN Policy and EnforcingVPN Best PracticesEnt.docx
Developing a VPN Policy and EnforcingVPN Best PracticesEnt.docxlynettearnold46882
 
Internet Policy Final Project (Group 6)
Internet Policy Final Project (Group 6)Internet Policy Final Project (Group 6)
Internet Policy Final Project (Group 6)Matthew Charles
 
Running head THE NETWORK INFASTRUCTURE OF JETS INC1THE NETWORK.docx
Running head THE NETWORK INFASTRUCTURE OF JETS INC1THE NETWORK.docxRunning head THE NETWORK INFASTRUCTURE OF JETS INC1THE NETWORK.docx
Running head THE NETWORK INFASTRUCTURE OF JETS INC1THE NETWORK.docxjeanettehully
 
IS4799 Final Project (1)
IS4799 Final Project (1)IS4799 Final Project (1)
IS4799 Final Project (1)Mark Milburn
 

Similar to Consensus Policy Resource CommunityRemote Access Polic (20)

A)  Richman Investments requires the enforcement of strict ingre.docx
A)  Richman Investments requires the enforcement of strict ingre.docxA)  Richman Investments requires the enforcement of strict ingre.docx
A)  Richman Investments requires the enforcement of strict ingre.docx
 
IT Policy
IT PolicyIT Policy
IT Policy
 
Acceptable Use Policy
Acceptable Use PolicyAcceptable Use Policy
Acceptable Use Policy
 
Internet usage policy(1)
Internet usage policy(1)Internet usage policy(1)
Internet usage policy(1)
 
Week - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxWeek - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docx
 
IT Network Security Policy
IT Network Security PolicyIT Network Security Policy
IT Network Security Policy
 
CSIA 413 Cybersecurity Policy, Plans, and Programs.docx
CSIA 413 Cybersecurity Policy, Plans, and Programs.docxCSIA 413 Cybersecurity Policy, Plans, and Programs.docx
CSIA 413 Cybersecurity Policy, Plans, and Programs.docx
 
Discussion Post an article review (minimum of 200 words) relat
Discussion Post an article review (minimum of 200 words) relatDiscussion Post an article review (minimum of 200 words) relat
Discussion Post an article review (minimum of 200 words) relat
 
Sec440: Server Malware Protection Policy
Sec440: Server Malware Protection PolicySec440: Server Malware Protection Policy
Sec440: Server Malware Protection Policy
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
 
Capstone Finished
Capstone FinishedCapstone Finished
Capstone Finished
 
Access control policy
Access control policyAccess control policy
Access control policy
 
Advanced Solutions For Website Compliance
Advanced Solutions For Website ComplianceAdvanced Solutions For Website Compliance
Advanced Solutions For Website Compliance
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
 
08 pdf show-239
08 pdf show-23908 pdf show-239
08 pdf show-239
 
Developing a VPN Policy and EnforcingVPN Best PracticesEnt.docx
Developing a VPN Policy and EnforcingVPN Best PracticesEnt.docxDeveloping a VPN Policy and EnforcingVPN Best PracticesEnt.docx
Developing a VPN Policy and EnforcingVPN Best PracticesEnt.docx
 
Internet Policy Final Project (Group 6)
Internet Policy Final Project (Group 6)Internet Policy Final Project (Group 6)
Internet Policy Final Project (Group 6)
 
Running head THE NETWORK INFASTRUCTURE OF JETS INC1THE NETWORK.docx
Running head THE NETWORK INFASTRUCTURE OF JETS INC1THE NETWORK.docxRunning head THE NETWORK INFASTRUCTURE OF JETS INC1THE NETWORK.docx
Running head THE NETWORK INFASTRUCTURE OF JETS INC1THE NETWORK.docx
 
BYOD
BYODBYOD
BYOD
 
IS4799 Final Project (1)
IS4799 Final Project (1)IS4799 Final Project (1)
IS4799 Final Project (1)
 

More from AlleneMcclendon878

Explain in your own words why it is important to read a statistical .docx
Explain in your own words why it is important to read a statistical .docxExplain in your own words why it is important to read a statistical .docx
Explain in your own words why it is important to read a statistical .docxAlleneMcclendon878
 
Explain how Matthew editedchanged Marks Gospel for each of the fol.docx
Explain how Matthew editedchanged Marks Gospel for each of the fol.docxExplain how Matthew editedchanged Marks Gospel for each of the fol.docx
Explain how Matthew editedchanged Marks Gospel for each of the fol.docxAlleneMcclendon878
 
Explain the degree to which media portrayal of crime relates to publ.docx
Explain the degree to which media portrayal of crime relates to publ.docxExplain the degree to which media portrayal of crime relates to publ.docx
Explain the degree to which media portrayal of crime relates to publ.docxAlleneMcclendon878
 
Explain the difference between genotype and phenotype. Give an examp.docx
Explain the difference between genotype and phenotype. Give an examp.docxExplain the difference between genotype and phenotype. Give an examp.docx
Explain the difference between genotype and phenotype. Give an examp.docxAlleneMcclendon878
 
Explain the history behind the Black Soldier of the Civil War In t.docx
Explain the history behind the Black Soldier of the Civil War In t.docxExplain the history behind the Black Soldier of the Civil War In t.docx
Explain the history behind the Black Soldier of the Civil War In t.docxAlleneMcclendon878
 
Explain the fundamental reasons why brands do not exist in isolation.docx
Explain the fundamental reasons why brands do not exist in isolation.docxExplain the fundamental reasons why brands do not exist in isolation.docx
Explain the fundamental reasons why brands do not exist in isolation.docxAlleneMcclendon878
 
Explain the difference between hypothetical and categorical imperati.docx
Explain the difference between hypothetical and categorical imperati.docxExplain the difference between hypothetical and categorical imperati.docx
Explain the difference between hypothetical and categorical imperati.docxAlleneMcclendon878
 
Explain in 100 words provide exampleThe capital budgeting decisi.docx
Explain in 100 words provide exampleThe capital budgeting decisi.docxExplain in 100 words provide exampleThe capital budgeting decisi.docx
Explain in 100 words provide exampleThe capital budgeting decisi.docxAlleneMcclendon878
 
Explain how Supreme Court decisions influenced the evolution of the .docx
Explain how Supreme Court decisions influenced the evolution of the .docxExplain how Supreme Court decisions influenced the evolution of the .docx
Explain how Supreme Court decisions influenced the evolution of the .docxAlleneMcclendon878
 
Explain how an offender is classified according to risk when he or s.docx
Explain how an offender is classified according to risk when he or s.docxExplain how an offender is classified according to risk when he or s.docx
Explain how an offender is classified according to risk when he or s.docxAlleneMcclendon878
 
Explain a lesson plan. Describe the different types of information.docx
Explain a lesson plan. Describe the different types of information.docxExplain a lesson plan. Describe the different types of information.docx
Explain a lesson plan. Describe the different types of information.docxAlleneMcclendon878
 
explain the different roles of basic and applied researchdescribe .docx
explain the different roles of basic and applied researchdescribe .docxexplain the different roles of basic and applied researchdescribe .docx
explain the different roles of basic and applied researchdescribe .docxAlleneMcclendon878
 
Explain the basics of inspirational and emotion-provoking communicat.docx
Explain the basics of inspirational and emotion-provoking communicat.docxExplain the basics of inspirational and emotion-provoking communicat.docx
Explain the basics of inspirational and emotion-provoking communicat.docxAlleneMcclendon878
 
Explain how leaders develop through self-awareness and self-discipli.docx
Explain how leaders develop through self-awareness and self-discipli.docxExplain how leaders develop through self-awareness and self-discipli.docx
Explain how leaders develop through self-awareness and self-discipli.docxAlleneMcclendon878
 
Explain five ways that you can maintain professionalism in the meeti.docx
Explain five ways that you can maintain professionalism in the meeti.docxExplain five ways that you can maintain professionalism in the meeti.docx
Explain five ways that you can maintain professionalism in the meeti.docxAlleneMcclendon878
 
Explain security awareness and its importance.Your response should.docx
Explain security awareness and its importance.Your response should.docxExplain security awareness and its importance.Your response should.docx
Explain security awareness and its importance.Your response should.docxAlleneMcclendon878
 
Experimental Design AssignmentYou were given an Aedesaegyp.docx
Experimental Design AssignmentYou were given an Aedesaegyp.docxExperimental Design AssignmentYou were given an Aedesaegyp.docx
Experimental Design AssignmentYou were given an Aedesaegyp.docxAlleneMcclendon878
 
Expand your website plan.Select at least three interactive fea.docx
Expand your website plan.Select at least three interactive fea.docxExpand your website plan.Select at least three interactive fea.docx
Expand your website plan.Select at least three interactive fea.docxAlleneMcclendon878
 
Exercise 7 Use el pronombre y la forma correcta del verbo._.docx
Exercise 7 Use el pronombre y la forma correcta del verbo._.docxExercise 7 Use el pronombre y la forma correcta del verbo._.docx
Exercise 7 Use el pronombre y la forma correcta del verbo._.docxAlleneMcclendon878
 
Exercise 21-8 (Part Level Submission)The following facts pertain.docx
Exercise 21-8 (Part Level Submission)The following facts pertain.docxExercise 21-8 (Part Level Submission)The following facts pertain.docx
Exercise 21-8 (Part Level Submission)The following facts pertain.docxAlleneMcclendon878
 

More from AlleneMcclendon878 (20)

Explain in your own words why it is important to read a statistical .docx
Explain in your own words why it is important to read a statistical .docxExplain in your own words why it is important to read a statistical .docx
Explain in your own words why it is important to read a statistical .docx
 
Explain how Matthew editedchanged Marks Gospel for each of the fol.docx
Explain how Matthew editedchanged Marks Gospel for each of the fol.docxExplain how Matthew editedchanged Marks Gospel for each of the fol.docx
Explain how Matthew editedchanged Marks Gospel for each of the fol.docx
 
Explain the degree to which media portrayal of crime relates to publ.docx
Explain the degree to which media portrayal of crime relates to publ.docxExplain the degree to which media portrayal of crime relates to publ.docx
Explain the degree to which media portrayal of crime relates to publ.docx
 
Explain the difference between genotype and phenotype. Give an examp.docx
Explain the difference between genotype and phenotype. Give an examp.docxExplain the difference between genotype and phenotype. Give an examp.docx
Explain the difference between genotype and phenotype. Give an examp.docx
 
Explain the history behind the Black Soldier of the Civil War In t.docx
Explain the history behind the Black Soldier of the Civil War In t.docxExplain the history behind the Black Soldier of the Civil War In t.docx
Explain the history behind the Black Soldier of the Civil War In t.docx
 
Explain the fundamental reasons why brands do not exist in isolation.docx
Explain the fundamental reasons why brands do not exist in isolation.docxExplain the fundamental reasons why brands do not exist in isolation.docx
Explain the fundamental reasons why brands do not exist in isolation.docx
 
Explain the difference between hypothetical and categorical imperati.docx
Explain the difference between hypothetical and categorical imperati.docxExplain the difference between hypothetical and categorical imperati.docx
Explain the difference between hypothetical and categorical imperati.docx
 
Explain in 100 words provide exampleThe capital budgeting decisi.docx
Explain in 100 words provide exampleThe capital budgeting decisi.docxExplain in 100 words provide exampleThe capital budgeting decisi.docx
Explain in 100 words provide exampleThe capital budgeting decisi.docx
 
Explain how Supreme Court decisions influenced the evolution of the .docx
Explain how Supreme Court decisions influenced the evolution of the .docxExplain how Supreme Court decisions influenced the evolution of the .docx
Explain how Supreme Court decisions influenced the evolution of the .docx
 
Explain how an offender is classified according to risk when he or s.docx
Explain how an offender is classified according to risk when he or s.docxExplain how an offender is classified according to risk when he or s.docx
Explain how an offender is classified according to risk when he or s.docx
 
Explain a lesson plan. Describe the different types of information.docx
Explain a lesson plan. Describe the different types of information.docxExplain a lesson plan. Describe the different types of information.docx
Explain a lesson plan. Describe the different types of information.docx
 
explain the different roles of basic and applied researchdescribe .docx
explain the different roles of basic and applied researchdescribe .docxexplain the different roles of basic and applied researchdescribe .docx
explain the different roles of basic and applied researchdescribe .docx
 
Explain the basics of inspirational and emotion-provoking communicat.docx
Explain the basics of inspirational and emotion-provoking communicat.docxExplain the basics of inspirational and emotion-provoking communicat.docx
Explain the basics of inspirational and emotion-provoking communicat.docx
 
Explain how leaders develop through self-awareness and self-discipli.docx
Explain how leaders develop through self-awareness and self-discipli.docxExplain how leaders develop through self-awareness and self-discipli.docx
Explain how leaders develop through self-awareness and self-discipli.docx
 
Explain five ways that you can maintain professionalism in the meeti.docx
Explain five ways that you can maintain professionalism in the meeti.docxExplain five ways that you can maintain professionalism in the meeti.docx
Explain five ways that you can maintain professionalism in the meeti.docx
 
Explain security awareness and its importance.Your response should.docx
Explain security awareness and its importance.Your response should.docxExplain security awareness and its importance.Your response should.docx
Explain security awareness and its importance.Your response should.docx
 
Experimental Design AssignmentYou were given an Aedesaegyp.docx
Experimental Design AssignmentYou were given an Aedesaegyp.docxExperimental Design AssignmentYou were given an Aedesaegyp.docx
Experimental Design AssignmentYou were given an Aedesaegyp.docx
 
Expand your website plan.Select at least three interactive fea.docx
Expand your website plan.Select at least three interactive fea.docxExpand your website plan.Select at least three interactive fea.docx
Expand your website plan.Select at least three interactive fea.docx
 
Exercise 7 Use el pronombre y la forma correcta del verbo._.docx
Exercise 7 Use el pronombre y la forma correcta del verbo._.docxExercise 7 Use el pronombre y la forma correcta del verbo._.docx
Exercise 7 Use el pronombre y la forma correcta del verbo._.docx
 
Exercise 21-8 (Part Level Submission)The following facts pertain.docx
Exercise 21-8 (Part Level Submission)The following facts pertain.docxExercise 21-8 (Part Level Submission)The following facts pertain.docx
Exercise 21-8 (Part Level Submission)The following facts pertain.docx
 

Recently uploaded

Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.arsicmarija21
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 

Recently uploaded (20)

Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 

Consensus Policy Resource CommunityRemote Access Polic

  • 1. Consensus Policy Resource Community Remote Access Policy1. Overview Remote access to our corporate network is essential to maintain our Team’s productivity, but in many cases this remote access originates from networks that may already be compromised or are at a significantly lower security posture than our corporate network. While these remote networks are beyond the control of Hypergolic Reactions, LLC policy, we must mitigate these external risks the best of our ability.2. Purpose The purpose of this policy is to define rules and requirements for connecting to <Company Name>'s network from any host. These rules and requirements are designed to minimize the potential exposure to <Company Name> from damages which may result from unauthorized use of <Company Name> resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, damage to critical <Company Name> internal systems, and fines or other financial liabilities incurred as a result of those losses. 3. Scope This policy applies to all <Company Name> employees, contractors, vendors and agents with a <Company Name>- owned or personally-owned computer or workstation used to connect to the <Company Name> network. This policy applies to remote access connections used to do work on behalf of <Company Name>, including reading or sending email and viewing intranet web resources. This policy covers any and all technical implementations of remote access used to connect to <Company Name> networks. 4. Policy
  • 2. It is the responsibility of <Company Name> employees, contractors, vendors and agents with remote access privileges to <Company Name>'s corporate network to ensure that their remote access connection is given the same consideration as the user's on-site connection to <Company Name>. General access to the Internet for recreational use through the <Company Name> network is strictly limited to <Company Name> employees, contractors, vendors and agents (hereafter referred to as “Authorized Users”). When accessing the <Company Name> network from a personal computer, Authorized Users are responsible for preventing access to any <Company Name> computer resources or data by non- Authorized Users. Performance of illegal activities through the <Company Name> network by any user (Authorized or otherwise) is prohibited. The Authorized User bears responsibility for and consequences of misuse of the Authorized User’s access. For further information and definitions, see the Acceptable Use Policy. Authorized Users will not use <Company Name> networks to access the Internet for outside business interests. For additional information regarding <Company Name>'s remote access connection options, including how to obtain a remote access login, free anti-virus software, troubleshooting, etc., go to the Remote Access Services website (company url). 4.1 Requirements 4.1.1 Secure remote access must be strictly controlled with encryption (i.e., Virtual Private Networks (VPNs)) and strong pass-phrases. For further information see the Acceptable Encryption Policy and the Password Policy. 4.1.2 Authorized Users shall protect their login and password, even from family members. 4.1.3 While using a <Company Name>-owned computer to
  • 3. remotely connect to <Company Name>'s corporate network, Authorized Users shall ensure the remote host is not connected to any other network at the same time, with the exception of personal networks that are under their complete control or under the complete control of an Authorized User or Third Party. 4.1.4 Use of external resources to conduct <Company Name> business must be approved in advance by InfoSec and the appropriate business unit manager. 4.1.5 All hosts that are connected to <Company Name> internal networks via remote access technologies must use the most up- to-date anti-virus software (place url to corporate software site here), this includes personal computers. Third party connections must comply with requirements as stated in the Third Party Agreement. 4.1.6 Personal equipment used to connect to <Company Name>'s networks must meet the requirements of <Company Name>-owned equipment for remote access as stated in the Hardware and Software Configuration Standards for Remote Access to <Company Name> Networks. 5. Policy Compliance 5.1 Compliance Measurement The Infosec Team will verify compliance to this policy through various methods, including but not limited to, periodic walk- thrus, video monitoring, business tool reports, internal and external audits, and inspection, and will provide feedback to the policy owner and appropriate business unit manager. 5.2 Exceptions Any exception to the policy must be approved by Remote Access Services and the Infosec Team in advance. 5.3 Non- Compliance An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. 6 Related Standards, Policies and Processes Please review the following policies for details of protecting information when accessing the corporate network via remote access methods, and acceptable use of <Company Name>’s
  • 4. network: · Acceptable Encryption Policy · Acceptable Use Policy · Password Policy · Third Party Agreement · Hardware and Software Configuration Standards for Remote Access to <Company Name> Networks 7 Revision HistoryDate of ChangeResponsibleSummary of ChangeJune 2014SANS Policy TeamUpdated and converted to new format.April 2015Christopher Jarko Added an Overview; created a group term for company employees, contractors, etc. (“Authorized Users”); strengthened the policy by explicitly limiting use of company resources to Authorized Users only; combined Requirements when possible, or eliminated Requirements better suited for a Standard (and added a reference to that Standard); consolidated list of related references to end of Policy. SANS Institute 2014 – All Rights Reserved Page 3 Consensus Policy Resource Community Employee Internet Use Monitoring and FilteringPolicy Free Use Disclaimer:This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is no prior approval required. If you would like to contribute a new policy or updated version of this policy, please send email to [email protected].
  • 5. Last Update Status: Retired1. Overview See Purpose.2. Purpose The purpose of this policy is to define standards for systems that monitor and limit web use from any host within <Company Name>'s network. These standards are designed to ensure employees use the Internet in a safe and responsible manner, and ensure that employee web use can be monitored or researched during an incident. 3. Scope This policy applies to all <Company Name> employees, contractors, vendors and agents with a <Company Name>- owned or personally-owned computer or workstation connected to the <Company Name> network. This policy applies to all end user initiated communications between <Company Name>’s network and the Internet, including web browsing, instant messaging, file transfer, file sharing, and other standard and proprietary protocols. Server to Server communications, such as SMTP traffic, backups, automated data transfers or database communications are excluded from this policy. 4. Policy 4.1 Web Site Monitoring The Information Technology Department shall monitor Internet use from all computers and devices connected to the corporate network. For all traffic the monitoring system must record the source IP Address, the date, the time, the protocol, and the destination site or server. Where possible, the system should record the User ID of the person or account initiating the traffic. Internet Use records must be preserved for 180 days. 4.2 Access to Web Site Monitoring Reports General trending and activity reports will be made avail able to any employee as needed upon request to the Information Technology Department. Computer Security Incident Response Team (CSIRT) members may access all reports and data if
  • 6. necessary to respond to a security incident. Internet Use reports that identify specific users, sites, teams, or devices will only be made available to associates outside the CSIRT upon written or email request to Information Systems from a Human Resources Representative. 3.3 Internet Use Filtering System The Information Technology Department shall block access to Internet websites and protocols that are deemed inappropriate for <Company Name>’s corporate environment. The following protocols and categories of websites should be blocked: · Adult/Sexually Explicit Material · Advertisements & Pop-Ups · Chat and Instant Messaging · Gambling · Hacking · Illegal Drugs · Intimate Apparel and Swimwear · Peer to Peer File Sharing · Personals and Dating · Social Network Services · SPAM, Phishing and Fraud · Spyware · Tasteless and Offensive Content · Violence, Intolerance and Hate · Web Based Email 3.4 Internet Use Filtering Rule Changes The Information Technology Department shall periodically review and recommend changes to web and protocol filtering rules. Human Resources shall review these recommendations and decide if any changes are to be made. Changes to web and protocol filtering rules will be recorded in the Internet Use Monitoring and Filtering Policy. 3.5 Internet Use Filtering Exceptions
  • 7. If a site is mis-categorized, employees may request the site be un-blocked by submitting a ticket to the Information Technology help desk. An IT employee will review the request and un-block the site if it is mis-categorized. Employees may access blocked sites with permission if appropriate and necessary for business purposes. If an employee needs access to a site that is blocked and appropriately categorized, they must submit a request to their Human Resources representative. HR will present all approved exception requests to Information Technology in writing or by email. Information Technology will unblock that site or category for that associate only. Information Technology will track approved exceptions and report on them upon request. 5. Policy Compliance 5.1 Compliance Measurement The Infosec team will verify compliance to this policy through various methods, including but not limited to, periodic walk- thrus, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner. 5.2 Exceptions Any exception to the policy must be approved by the Infosec team in advance. 5.3 Non-Compliance An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. 6 Related Standards, Policies and Processes None. 7 Definitions and Terms The following definition and terms can be found in the SANS Glossary located at: https://www.sans.org/security-resources/glossary-of-terms/ · Peer to Peer File Sharing · Social Networking Services · SPAM · Phishing · Hacking8 Revision HistoryDate of
  • 8. ChangeResponsibleSummary of ChangeJuly 2014SANS Policy TeamConverted to new format and retired SANS Institute 2014 – All Rights Reserved Page 1 Consensus Policy Resource Community Security Response Plan Policy Free Use Disclaimer:This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is no prior approval required. If you would like to contribute a new policy or updated version of this policy, please send email to [email protected]. Last Update Status:Updated June 20141 Overview A Security Response Plan (SRP) provides the impetus for security and business teams to integrate their efforts from the perspective of awareness and communication, as well as coordinated response in times of crisis (security vulnerability identified or exploited). Specifically, an SRP defines a product description, contact information, escalation paths, expected service level agreements (SLA), severity and impact classification, and mitigation/remediation timelines. By requiring business units to incorporate an SRP as part of their business continuity operations and as new products or services are developed and prepared for release to consumers, ensures that when an incident occurs, swift mitigation and remediation ensues. 2 Purpose The purpose of this policy is to establish the requirement that all business units supported by the Infosec team develop and maintain a security response plan. This ensures that security
  • 9. incident management team has all the necessary information to formulate a successful response should a specific security incident occur. 3 Scope This policy applies any established and defined business unity or entity within the <Company Name>.Policy The development, implementation, and execution of a Security Response Plan (SRP) are the primary responsibility of the specific business unit for whom the SRP is being developed in cooperation with the Infosec Team. Business units are expected to properly facilitate the SRP for applicable to the service or products they are held accountable. The business unit security coordinator or champion is further expected to work with the <organizational information security unit> in the development and maintenance of a Security Response Plan. 4.1 Service or Product Description The product description in an SRP must clearly define the service or application to be deployed with additional attention to data flows, logical diagrams, architecture considered highly useful. 4.2 Contact Information The SRP must include contact information for dedicated team members to be available during non-business hours should an incident occur and escalation be required. This may be a 24/7 requirement depending on the defined business value of the service or product, coupled with the impact to customer. The SRP document must include all phone numbers and email addresses for the dedicated team member(s). 4.3 Triage The SRP must define triage steps to be coordinated with the security incident management team in a cooperative manner with the intended goal of swift security vulnerability mitigation. This step typically includes validating the reported vulnerability
  • 10. or compromise. 4.4 Identified Mitigations and Testing The SRP must include a defined process for identifying and testing mitigations prior to deployment. These details should include both short-term mitigations as well as the remediation process. 4.5 Mitigation and Remediation Timelines The SRP must include levels of response to identified vulnerabilities that define the expected timelines for repair based on severity and impact to consumer, brand, and company. These response guidelines should be carefully mapped to level of severity determined for the reported vulnerability. 5 Policy Compliance 5.1 Compliance Measurement Each business unit must be able to demonstrate they have a written SRP in place, and that it is under version control and is available via the web. The policy should be reviewed annually. 5.2 Exceptions Any exception to this policy must be approved by the Infosec Team in advance and have a written record. 5.3 Non-Compliance Any business unit found to have violated (no SRP developed prior to service or product deployment) this policy may be subject to delays in service or product release until such a time as the SRP is developed and approved. Responsible parties may be subject to disciplinary action, up to and including termination of employment, should a security incident occur in the absence of an SRP6 Related Standards, Policies and Processes None. 7 Definitions and Terms None.8 Revision HistoryDate of ChangeResponsibleSummary of ChangeJune 2014SANS Policy TeamUpdated and converted to
  • 11. new format. SANS Institute 2014 – All Rights Reserved Page 3