SlideShare a Scribd company logo

SectionxIS Security Policiesmmddyy-Effectivemmddyy-.docx

Download as DOCX, PDF
K
kenjordan97598

Section x IS Security Policies mm/dd/yy -Effective mm/dd/yy -Revised Policy x.xx Physical Access Information Services -Author Introduction Technical support staff, security administrators, system administrators, and others may have Information Resource physical facility access requirements as part of their function. The granting, controlling, and monitoring of the physical access to Information Resources facilities is extremely important to an overall security program. Purpose The purpose of the [AGENCY] Physical Access Policy is to establish the rules for the granting, control, monitoring, and removal of physical access to Information Resource facilities. Audience The [AGENCY] Physical Access Policy applies to all individuals within the [AGENCY] enterprise that are responsible for the installation and support of Information Resources, individuals charged with Information Resources Security, and data owners. Definitions Information Resources (IR): any and all computer printouts, online display devices, magnetic storage media, and all computer-related activities involving any device capable of receiving email, browsing Web sites, or otherwise capable of receiving, storing, managing, or transmitting electronic data including, but not limited to, mainframes, servers, personal computers, notebook computers, hand-held computers, personal digital assistant (PDA), pagers, distributed processing systems, network attached and computer controlled medical and laboratory equipment (i.e. embedded technology), telecommunication resources, network environments, telephones, fax machines, printers and service bureaus. Additionally, it is the procedures, equipment, facilities, software, and data that are designed, built, operated, and maintained to create, collect, record, process, store, retrieve, display, and transmit information. Information Services (IS): The name of the agency department responsible for computers, networking and data management. Physical Access Policy · All physical security systems must comply with applicable all applicable regulations such as, but not limited to, building codes and fire prevention codes. · Physical access to all Information Resources restricted facilities must be documented and managed. · All IR facilities must be physically protected in proportion to the criticality or importance of their function at [AGENCY]. · Access to Information Resources facilities must be granted only to [AGENCY] support personnel, and contractors, whose job responsibilities require access to that facility. · The process for granting card and/or key access to Information Resources facilities must include the approval of the person responsible for the facility. · Each individual that is granted access rights to an Information Resources facility must receive emergency procedures training for the facility and must sign the appropriate access and non-disclosure agreements. · Requests for access must come from the applicable [AGENCY] .

Education
1 of 7
Section x IS Security Policies mm/dd/yy -Effective mm/dd/yy -Revised Policy x.xx Physical Access Information Services -Author Introduction Technical support staff, security administrators, system administrators, and others may have Information Resource physical facility access requirements as part of their function. The granting, controlling, and monitoring of the physical access to Information Resources facilities is extremely important to an overall security program. Purpose The purpose of the [AGENCY] Physical Access Policy is to establish the rules for the granting, control, monitoring, and removal of physical access to Information Resource facilities. Audience The [AGENCY] Physical Access Policy applies to all individuals within the [AGENCY] enterprise that are responsible for the installation and support of Information Resources, individuals charged with Information Resources Security, and data owners. Definitions Information Resources (IR): any and all computer printouts,
online display devices, magnetic storage media, and all computer-related activities involving any device capable of receiving email, browsing Web sites, or otherwise capable of receiving, storing, managing, or transmitting electronic data including, but not limited to, mainframes, servers, personal computers, notebook computers, hand-held computers, personal digital assistant (PDA), pagers, distributed processing systems, network attached and computer controlled medical and laboratory equipment (i.e. embedded technology), telecommunication resources, network environments, telephones, fax machines, printers and service bureaus. Additionally, it is the procedures, equipment, facilities, software, and data that are designed, built, operated, and maintained to create, collect, record, process, store, retrieve, display, and transmit information. Information Services (IS): The name of the agency department responsible for computers, networking and data management. Physical Access Policy · All physical security systems must comply with applicable all applicable regulations such as, but not limited to, building codes and fire prevention codes. · Physical access to all Information Resources restricted facilities must be documented and managed. · All IR facilities must be physically protected in proportion to the criticality or importance of their function at [AGENCY]. · Access to Information Resources facilities must be granted only to [AGENCY] support personnel, and contractors, whose job responsibilities require access to that facility. · The process for granting card and/or key access to Information Resources facilities must include the approval of the person responsible for the facility. · Each individual that is granted access rights to an Information Resources facility must receive emergency procedures training for the facility and must sign the appropriate access and non-
disclosure agreements. · Requests for access must come from the applicable [AGENCY] data/system owner. · Access cards and/or keys must not be shared or loaned to others. · Access cards and/or keys that are no longer required must be returned to the person responsible for the Information Resources facility. Cards must not be reallocated to another individual bypassing the return process. · Lost or stolen access cards and/or keys must be reported to the person responsible for the Information Resources facility. · Cards and/or keys must not have identifying information other than a return mail address. · All Information Resources facilities that allow access to visitors will track visitor access with a sign in/out log. · A service charge may be assessed for access cards and/or keys that are lost, stolen or are not returned. · Card access records and visitor logs for Information Resources facilities must be kept for routine review based upon the criticality of the Information Resources being protected. · The person responsible for the Information Resources facility must remove the card and/or key access rights of individuals that change roles within [AGENCY] or are separated from their relationship with [AGENCY] Physical Access Policy, continued · Visitors must be escorted in card access controlled areas of Information Resources facilities. · The person responsible for the Information Resources facility must review access records and visitor logs for the facility on a periodic basis and investigate any unusual access. · The person responsible for the Information Resources facility must review card and/or key access rights for the facility on a periodic basis and remove access for individuals that no longer require access.
· Signage for restricted access rooms and locations must be practical, yet minimal discernible evidence of the importance of the location should be displayed. Disciplinary Actions Violation of this policy may result in disciplinary action which may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of [AGENCY] Information Resources access privileges, civil, and criminal prosecution. Supporting InformationThis Security Policy is supported by the following Security Policy Standards Reference # Policy Standard detail 1 IR Security controls must not be bypassed or disabled. 2 Security awareness of personnel must be continually emphasized, reinforced, updated and validated. 3 All personnel are responsible for managing their use of IR and are accountable for their actions relating to IR security. Personnel are also equally responsible for reporting any suspected or confirmed violations of this policy to the appropriate management.
4 Passwords, Personal Identification Numbers (PIN), Security Tokens (i.e. Smartcard), and other computer systems security procedures and devices shall be protected by the individual user from use by, or disclosure to, any other individual or organization. All security violations shall be reported to the custodian or owner department management. Supporting Information, continuedThis Security Policy is supported by the following Security Policy Standards Reference # Policy Standard detail 5 Access to, change to, and use of IR must be strictly secured. Information access authority for each user must be reviewed on a regular basis, as well as each job status change such as: a transfer, promotion, demotion, or termination of service. 8 Allcomputer software programs, applications, source code, object code, documentation and data shall be guarded and protected as if it were state property. 9 On termination of the relationship with the agency users must surrender all property and IR managed by the agency. All security policies for IR apply to and remain in force in the event of a terminated relationship until such surrender is made. Further, this policy survives the terminated relationship. 16
Custodian departments must provide adequate access controls in order to monitor systems to protect data and programs from misuse in accordance with the needs defined by owner departments. Access must be properly documented, authorized and controlled. 19 IR computer systems and/or associated equipment used for agency business that is conducted and managed outside of agency control must meet contractual requirements and be subject to monitoring. References Copyright Act of 1976 Foreign Corrupt Practices Act of 1977 Computer Fraud and Abuse Act of 1986 Computer Security Act of 1987 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) The State of Texas Information Act Texas Government Code, Section 441 Texas Administrative Code, Chapter 202 IRM Act, 2054.075(b) The State of Texas Penal Code, Chapters 33 and 33A DIR Practices for Protecting Information Resources Assets DIR Standards Review and Recommendations Publications physical_access_policy Page 2 of 4 Revised 6/7/02
SectionxIS Security Policiesmmddyy-Effectivemmddyy-.docx

Recommended

IT Network Security Policy
IT Network Security PolicyIT Network Security Policy
IT Network Security Policy
ssuser06c4a6
 
Group 10 - PDPA II.pptx
Group 10 - PDPA II.pptxGroup 10 - PDPA II.pptx
Group 10 - PDPA II.pptx
Suthaesh Ramash
 
08 pdf show-239
08 pdf show-23908 pdf show-239
08 pdf show-239
#TheFraudTube
 
Medical facility network design
Medical facility network designMedical facility network design
Medical facility network design
nephtalie
 
R.a 1
R.a 1R.a 1
R.a 1
jenito21
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessment
jenito21
 
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docx
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docxABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docx
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docx
SALU18
 
Cyber_Security_Policy
Cyber_Security_PolicyCyber_Security_Policy
Cyber_Security_Policy
Mrinal Dutta
 

Recommended

IT Network Security Policy
IT Network Security PolicyIT Network Security Policy
IT Network Security Policy
ssuser06c4a6
 
Group 10 - PDPA II.pptx
Group 10 - PDPA II.pptxGroup 10 - PDPA II.pptx
Group 10 - PDPA II.pptx
Suthaesh Ramash
 
08 pdf show-239
08 pdf show-23908 pdf show-239
08 pdf show-239
#TheFraudTube
 
Medical facility network design
Medical facility network designMedical facility network design
Medical facility network design
nephtalie
 
R.a 1
R.a 1R.a 1
R.a 1
jenito21
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessment
jenito21
 
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docx
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docxABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docx
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docx
SALU18
 
Cyber_Security_Policy
Cyber_Security_PolicyCyber_Security_Policy
Cyber_Security_Policy
Mrinal Dutta
 
A Complete Guide to Managing the Legal and Ethical Environment of Surveillanc...
A Complete Guide to Managing the Legal and Ethical Environment of Surveillanc...A Complete Guide to Managing the Legal and Ethical Environment of Surveillanc...
A Complete Guide to Managing the Legal and Ethical Environment of Surveillanc...
rajsriinfotek1
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overview
Roy Biakpara, MSc.,CISA,CISSP,CISM,ISO27KLA
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
VISTA InfoSec
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template
Demand Metric
 
Cyber_Management_Issues.pdf
Cyber_Management_Issues.pdfCyber_Management_Issues.pdf
Cyber_Management_Issues.pdf
AliAhmed675993
 
Security review using SABSA
Security review using SABSASecurity review using SABSA
Security review using SABSA
Maganathin Veeraragaloo
 
Shivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagementShivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagement
shivanishuks
 
Capstone Finished Presentation.doc
Capstone Finished Presentation.docCapstone Finished Presentation.doc
Capstone Finished Presentation.doc
Kapricia Morris
 
Presentation2 (2)
Presentation2 (2)Presentation2 (2)
Presentation2 (2)
ITNet
 
Consensus Policy Resource CommunityRemote Access Polic
Consensus Policy Resource CommunityRemote Access PolicConsensus Policy Resource CommunityRemote Access Polic
Consensus Policy Resource CommunityRemote Access Polic
AlleneMcclendon878
 
Consensus policy resource community remote access polic
Consensus policy resource community remote access policConsensus policy resource community remote access polic
Consensus policy resource community remote access polic
ARIV4
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power point
bradleyl2
 
Security policy
Security policySecurity policy
Security policy
Chaitanya Mutyala
 
Capstone Finished
Capstone FinishedCapstone Finished
Capstone Finished
Kapricia Morris
 
Absolute Software Governance-Risk-Compliance
Absolute Software Governance-Risk-ComplianceAbsolute Software Governance-Risk-Compliance
Absolute Software Governance-Risk-Compliance
Sébastien Roques
 
Absolute grc-
Absolute grc-Absolute grc-
Absolute grc-
Sébastien Roques
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare Application
CitiusTech
 
Malta Gaming Memo - Acumum Legal & Advisory
Malta Gaming Memo - Acumum Legal & AdvisoryMalta Gaming Memo - Acumum Legal & Advisory
Malta Gaming Memo - Acumum Legal & Advisory
Acumum - Legal & Advisory
 
Access control policy
Access control policyAccess control policy
Access control policy
Bsmah Fahad
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 
You are the Nursing Director for the medical-surgical area of a .docx
You are the Nursing Director for the medical-surgical area of a .docxYou are the Nursing Director for the medical-surgical area of a .docx
You are the Nursing Director for the medical-surgical area of a .docx
kenjordan97598
 
You are the newly appointed director of the Agile County Airport.docx
You are the newly appointed director of the Agile County Airport.docxYou are the newly appointed director of the Agile County Airport.docx
You are the newly appointed director of the Agile County Airport.docx
kenjordan97598
 

More Related Content

Similar to SectionxIS Security Policiesmmddyy-Effectivemmddyy-.docx

What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
VISTA InfoSec
 
Capstone Finished Presentation.doc
Capstone Finished Presentation.docCapstone Finished Presentation.doc
Capstone Finished Presentation.doc
Kapricia Morris
 
Consensus Policy Resource CommunityRemote Access Polic
Consensus Policy Resource CommunityRemote Access PolicConsensus Policy Resource CommunityRemote Access Polic
Consensus Policy Resource CommunityRemote Access Polic
AlleneMcclendon878
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 

Similar to SectionxIS Security Policiesmmddyy-Effectivemmddyy-.docx (20)

A Complete Guide to Managing the Legal and Ethical Environment of Surveillanc...
A Complete Guide to Managing the Legal and Ethical Environment of Surveillanc...A Complete Guide to Managing the Legal and Ethical Environment of Surveillanc...
A Complete Guide to Managing the Legal and Ethical Environment of Surveillanc...
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overview
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template
 
Cyber_Management_Issues.pdf
Cyber_Management_Issues.pdfCyber_Management_Issues.pdf
Cyber_Management_Issues.pdf
 
Security review using SABSA
Security review using SABSASecurity review using SABSA
Security review using SABSA
 
Shivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagementShivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagement
 
Capstone Finished Presentation.doc
Capstone Finished Presentation.docCapstone Finished Presentation.doc
Capstone Finished Presentation.doc
 
Presentation2 (2)
Presentation2 (2)Presentation2 (2)
Presentation2 (2)
 
Consensus Policy Resource CommunityRemote Access Polic
Consensus Policy Resource CommunityRemote Access PolicConsensus Policy Resource CommunityRemote Access Polic
Consensus Policy Resource CommunityRemote Access Polic
 
Consensus policy resource community remote access polic
Consensus policy resource community remote access policConsensus policy resource community remote access polic
Consensus policy resource community remote access polic
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power point
 
Security policy
Security policySecurity policy
Security policy
 
Capstone Finished
Capstone FinishedCapstone Finished
Capstone Finished
 
Absolute Software Governance-Risk-Compliance
Absolute Software Governance-Risk-ComplianceAbsolute Software Governance-Risk-Compliance
Absolute Software Governance-Risk-Compliance
 
Absolute grc-
Absolute grc-Absolute grc-
Absolute grc-
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare Application
 
Malta Gaming Memo - Acumum Legal & Advisory
Malta Gaming Memo - Acumum Legal & AdvisoryMalta Gaming Memo - Acumum Legal & Advisory
Malta Gaming Memo - Acumum Legal & Advisory
 
Access control policy
Access control policyAccess control policy
Access control policy
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
 

More from kenjordan97598

You are the newly appointed director of the Agile County Airport.docx
You are the newly appointed director of the Agile County Airport.docxYou are the newly appointed director of the Agile County Airport.docx
You are the newly appointed director of the Agile County Airport.docx
kenjordan97598
 
You are the new Security Manager for a small bank in Iowa. They are .docx
You are the new Security Manager for a small bank in Iowa. They are .docxYou are the new Security Manager for a small bank in Iowa. They are .docx
You are the new Security Manager for a small bank in Iowa. They are .docx
kenjordan97598
 
You are working in a rural Family Planning Health clinic and a 16 y.docx
You are working in a rural Family Planning Health clinic and a 16 y.docxYou are working in a rural Family Planning Health clinic and a 16 y.docx
You are working in a rural Family Planning Health clinic and a 16 y.docx
kenjordan97598
 
You are working for the Chief of Staff (CoS) for a newly elected Gov.docx
You are working for the Chief of Staff (CoS) for a newly elected Gov.docxYou are working for the Chief of Staff (CoS) for a newly elected Gov.docx
You are working for the Chief of Staff (CoS) for a newly elected Gov.docx
kenjordan97598
 
You are working at Johnson and Cohen law firm and have recently .docx
You are working at Johnson and Cohen law firm and have recently .docxYou are working at Johnson and Cohen law firm and have recently .docx
You are working at Johnson and Cohen law firm and have recently .docx
kenjordan97598
 
You are working as HelpDesk Support for an organization where your u.docx
You are working as HelpDesk Support for an organization where your u.docxYou are working as HelpDesk Support for an organization where your u.docx
You are working as HelpDesk Support for an organization where your u.docx
kenjordan97598
 
You are working as an APRN in your local primary care office. Th.docx
You are working as an APRN in your local primary care office. Th.docxYou are working as an APRN in your local primary care office. Th.docx
You are working as an APRN in your local primary care office. Th.docx
kenjordan97598
 
You are the new Public Information Officer (PIO) assigned by the.docx
You are the new Public Information Officer (PIO) assigned by the.docxYou are the new Public Information Officer (PIO) assigned by the.docx
You are the new Public Information Officer (PIO) assigned by the.docx
kenjordan97598
 
You are welcome to go to the San Diego Zoo any time you would li.docx
You are welcome to go to the San Diego Zoo any time you would li.docxYou are welcome to go to the San Diego Zoo any time you would li.docx
You are welcome to go to the San Diego Zoo any time you would li.docx
kenjordan97598
 
You are to write a 1050 to 1750 word literature review (in a.docx
You are to write a 1050 to 1750 word literature review (in a.docxYou are to write a 1050 to 1750 word literature review (in a.docx
You are to write a 1050 to 1750 word literature review (in a.docx
kenjordan97598
 
You are to use a topic for the question you chose.WORD REQUIRE.docx
You are to use a topic for the question you chose.WORD REQUIRE.docxYou are to use a topic for the question you chose.WORD REQUIRE.docx
You are to use a topic for the question you chose.WORD REQUIRE.docx
kenjordan97598
 

More from kenjordan97598 (20)

You are the Nursing Director for the medical-surgical area of a .docx
You are the Nursing Director for the medical-surgical area of a .docxYou are the Nursing Director for the medical-surgical area of a .docx
You are the Nursing Director for the medical-surgical area of a .docx
 
You are the newly appointed director of the Agile County Airport.docx
You are the newly appointed director of the Agile County Airport.docxYou are the newly appointed director of the Agile County Airport.docx
You are the newly appointed director of the Agile County Airport.docx
 
You are working on an address book database with a table called Cont.docx
You are working on an address book database with a table called Cont.docxYou are working on an address book database with a table called Cont.docx
You are working on an address book database with a table called Cont.docx
 
You are the new Security Manager for a small bank in Iowa. They are .docx
You are the new Security Manager for a small bank in Iowa. They are .docxYou are the new Security Manager for a small bank in Iowa. They are .docx
You are the new Security Manager for a small bank in Iowa. They are .docx
 
You are working in a rural Family Planning Health clinic and a 16 y.docx
You are working in a rural Family Planning Health clinic and a 16 y.docxYou are working in a rural Family Planning Health clinic and a 16 y.docx
You are working in a rural Family Planning Health clinic and a 16 y.docx
 
You are working in a family practice when your newly diagnosed T.docx
You are working in a family practice when your newly diagnosed T.docxYou are working in a family practice when your newly diagnosed T.docx
You are working in a family practice when your newly diagnosed T.docx
 
You are working for the Chief of Staff (CoS) for a newly elected Gov.docx
You are working for the Chief of Staff (CoS) for a newly elected Gov.docxYou are working for the Chief of Staff (CoS) for a newly elected Gov.docx
You are working for the Chief of Staff (CoS) for a newly elected Gov.docx
 
You are working at Johnson and Cohen law firm and have recently .docx
You are working at Johnson and Cohen law firm and have recently .docxYou are working at Johnson and Cohen law firm and have recently .docx
You are working at Johnson and Cohen law firm and have recently .docx
 
You are working for a community counseling agency, and you are taske.docx
You are working for a community counseling agency, and you are taske.docxYou are working for a community counseling agency, and you are taske.docx
You are working for a community counseling agency, and you are taske.docx
 
You are working as the software tester for a big enterprise comp.docx
You are working as the software tester for a big enterprise comp.docxYou are working as the software tester for a big enterprise comp.docx
You are working as the software tester for a big enterprise comp.docx
 
You are working as HelpDesk Support for an organization where your u.docx
You are working as HelpDesk Support for an organization where your u.docxYou are working as HelpDesk Support for an organization where your u.docx
You are working as HelpDesk Support for an organization where your u.docx
 
You are working as an APRN in your local primary care office. Th.docx
You are working as an APRN in your local primary care office. Th.docxYou are working as an APRN in your local primary care office. Th.docx
You are working as an APRN in your local primary care office. Th.docx
 
You are the new Public Information Officer (PIO) assigned by the.docx
You are the new Public Information Officer (PIO) assigned by the.docxYou are the new Public Information Officer (PIO) assigned by the.docx
You are the new Public Information Officer (PIO) assigned by the.docx
 
You are welcome to go to the San Diego Zoo any time you would li.docx
You are welcome to go to the San Diego Zoo any time you would li.docxYou are welcome to go to the San Diego Zoo any time you would li.docx
You are welcome to go to the San Diego Zoo any time you would li.docx
 
You are visiting one of your organization’s plants in a poor nation..docx
You are visiting one of your organization’s plants in a poor nation..docxYou are visiting one of your organization’s plants in a poor nation..docx
You are visiting one of your organization’s plants in a poor nation..docx
 
You are to write a four-page (typed, double-spaced) essay addressing.docx
You are to write a four-page (typed, double-spaced) essay addressing.docxYou are to write a four-page (typed, double-spaced) essay addressing.docx
You are to write a four-page (typed, double-spaced) essay addressing.docx
 
You are to write a 7-page Biographical Research Paper of St Franci.docx
You are to write a 7-page Biographical Research Paper of St Franci.docxYou are to write a 7-page Biographical Research Paper of St Franci.docx
You are to write a 7-page Biographical Research Paper of St Franci.docx
 
You are to write a 1050 to 1750 word literature review (in a.docx
You are to write a 1050 to 1750 word literature review (in a.docxYou are to write a 1050 to 1750 word literature review (in a.docx
You are to write a 1050 to 1750 word literature review (in a.docx
 
You are to take the uploaded assignment and edit it. The title shoul.docx
You are to take the uploaded assignment and edit it. The title shoul.docxYou are to take the uploaded assignment and edit it. The title shoul.docx
You are to take the uploaded assignment and edit it. The title shoul.docx
 
You are to use a topic for the question you chose.WORD REQUIRE.docx
You are to use a topic for the question you chose.WORD REQUIRE.docxYou are to use a topic for the question you chose.WORD REQUIRE.docx
You are to use a topic for the question you chose.WORD REQUIRE.docx
 

Recently uploaded

Recently uploaded (20)

Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
dusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningdusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learning
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsTatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf arts
 
AIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.pptAIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.ppt
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 

SectionxIS Security Policiesmmddyy-Effectivemmddyy-.docx

  • 1. Section x IS Security Policies mm/dd/yy -Effective mm/dd/yy -Revised Policy x.xx Physical Access Information Services -Author Introduction Technical support staff, security administrators, system administrators, and others may have Information Resource physical facility access requirements as part of their function. The granting, controlling, and monitoring of the physical access to Information Resources facilities is extremely important to an overall security program. Purpose The purpose of the [AGENCY] Physical Access Policy is to establish the rules for the granting, control, monitoring, and removal of physical access to Information Resource facilities. Audience The [AGENCY] Physical Access Policy applies to all individuals within the [AGENCY] enterprise that are responsible for the installation and support of Information Resources, individuals charged with Information Resources Security, and data owners. Definitions Information Resources (IR): any and all computer printouts,
  • 2. online display devices, magnetic storage media, and all computer-related activities involving any device capable of receiving email, browsing Web sites, or otherwise capable of receiving, storing, managing, or transmitting electronic data including, but not limited to, mainframes, servers, personal computers, notebook computers, hand-held computers, personal digital assistant (PDA), pagers, distributed processing systems, network attached and computer controlled medical and laboratory equipment (i.e. embedded technology), telecommunication resources, network environments, telephones, fax machines, printers and service bureaus. Additionally, it is the procedures, equipment, facilities, software, and data that are designed, built, operated, and maintained to create, collect, record, process, store, retrieve, display, and transmit information. Information Services (IS): The name of the agency department responsible for computers, networking and data management. Physical Access Policy · All physical security systems must comply with applicable all applicable regulations such as, but not limited to, building codes and fire prevention codes. · Physical access to all Information Resources restricted facilities must be documented and managed. · All IR facilities must be physically protected in proportion to the criticality or importance of their function at [AGENCY]. · Access to Information Resources facilities must be granted only to [AGENCY] support personnel, and contractors, whose job responsibilities require access to that facility. · The process for granting card and/or key access to Information Resources facilities must include the approval of the person responsible for the facility. · Each individual that is granted access rights to an Information Resources facility must receive emergency procedures training for the facility and must sign the appropriate access and non-
  • 3. disclosure agreements. · Requests for access must come from the applicable [AGENCY] data/system owner. · Access cards and/or keys must not be shared or loaned to others. · Access cards and/or keys that are no longer required must be returned to the person responsible for the Information Resources facility. Cards must not be reallocated to another individual bypassing the return process. · Lost or stolen access cards and/or keys must be reported to the person responsible for the Information Resources facility. · Cards and/or keys must not have identifying information other than a return mail address. · All Information Resources facilities that allow access to visitors will track visitor access with a sign in/out log. · A service charge may be assessed for access cards and/or keys that are lost, stolen or are not returned. · Card access records and visitor logs for Information Resources facilities must be kept for routine review based upon the criticality of the Information Resources being protected. · The person responsible for the Information Resources facility must remove the card and/or key access rights of individuals that change roles within [AGENCY] or are separated from their relationship with [AGENCY] Physical Access Policy, continued · Visitors must be escorted in card access controlled areas of Information Resources facilities. · The person responsible for the Information Resources facility must review access records and visitor logs for the facility on a periodic basis and investigate any unusual access. · The person responsible for the Information Resources facility must review card and/or key access rights for the facility on a periodic basis and remove access for individuals that no longer require access.
  • 4. · Signage for restricted access rooms and locations must be practical, yet minimal discernible evidence of the importance of the location should be displayed. Disciplinary Actions Violation of this policy may result in disciplinary action which may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of [AGENCY] Information Resources access privileges, civil, and criminal prosecution. Supporting InformationThis Security Policy is supported by the following Security Policy Standards Reference # Policy Standard detail 1 IR Security controls must not be bypassed or disabled. 2 Security awareness of personnel must be continually emphasized, reinforced, updated and validated. 3 All personnel are responsible for managing their use of IR and are accountable for their actions relating to IR security. Personnel are also equally responsible for reporting any suspected or confirmed violations of this policy to the appropriate management.
  • 5. 4 Passwords, Personal Identification Numbers (PIN), Security Tokens (i.e. Smartcard), and other computer systems security procedures and devices shall be protected by the individual user from use by, or disclosure to, any other individual or organization. All security violations shall be reported to the custodian or owner department management. Supporting Information, continuedThis Security Policy is supported by the following Security Policy Standards Reference # Policy Standard detail 5 Access to, change to, and use of IR must be strictly secured. Information access authority for each user must be reviewed on a regular basis, as well as each job status change such as: a transfer, promotion, demotion, or termination of service. 8 Allcomputer software programs, applications, source code, object code, documentation and data shall be guarded and protected as if it were state property. 9 On termination of the relationship with the agency users must surrender all property and IR managed by the agency. All security policies for IR apply to and remain in force in the event of a terminated relationship until such surrender is made. Further, this policy survives the terminated relationship. 16
  • 6. Custodian departments must provide adequate access controls in order to monitor systems to protect data and programs from misuse in accordance with the needs defined by owner departments. Access must be properly documented, authorized and controlled. 19 IR computer systems and/or associated equipment used for agency business that is conducted and managed outside of agency control must meet contractual requirements and be subject to monitoring. References Copyright Act of 1976 Foreign Corrupt Practices Act of 1977 Computer Fraud and Abuse Act of 1986 Computer Security Act of 1987 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) The State of Texas Information Act Texas Government Code, Section 441 Texas Administrative Code, Chapter 202 IRM Act, 2054.075(b) The State of Texas Penal Code, Chapters 33 and 33A DIR Practices for Protecting Information Resources Assets DIR Standards Review and Recommendations Publications physical_access_policy Page 2 of 4 Revised 6/7/02