SlideShare a Scribd company logo

IT Network Security Policy

S
ssuser06c4a6

Prepared by Sultan AL-Fassal

Education
1 of 17
Download to read offline
IT NETWORK SECURITY POLICY Executive Summary This policy defines the controls applied to the Trust’s IT network to help ensure the confidentiality, integrity and availability of information which flows over it, to ensure compliance with the Data Protection Act and the Information Governance Toolkit.
Definitions computer network – refers to physical (i.e. pc plugged into wall port) and wireless (wifi) networks, and all supporting infrastructure. Purpose The purpose of this Policy is to set out the process to be used to enable staff to use the network in a responsible and appropriate way, including: Understanding their responsibilities when accessing the network Understanding the possible implications and risk/possible damage to the organization's reputation of using the network inappropriately.
Scope This policy applies to all Networks used for:  The storage, sharing and transmission of official and non- official data and images  Printing or scanning non-official or official data or images  The provision of Internet systems for receiving, sending and storing non- official or official data or images  Ensure the protection of the network from unauthorised access, and protect information from unauthorised disclosure and accidental modification.  Ensure the accuracy and completeness of the organisation's IT assets
Information Security Manager Responsibility Information security managers are responsible for protecting their organization’s computers, networks and data against threats, such as security breaches, computer viruses or attacks by cyber-criminals. Risk Assessment The Information Security Manager, working in conjunction with the Network Manager, will be responsible for risk assessing, and reporting upon, the Trust’s network. Risk assessments will be conducted on the network annually, the scope of the risk assessment will change depending on which area of the network requires assessing.
Physical and Environmental Security  Network computer equipment will be housed in a controlled and secure environment. Critical or sensitive Network equipment will be housed in an environment that is monitored for temperature, humidity and power supply quality.  All public network facing firewalls will be accredited to Common Criteria EAL4 / Protection Profile compliant as a minimum.  All unused network ports will be unpatched to minimise the likelihood of unauthorized equipment being connected to the network.  Areas which are controlled with secure key-code locks will be periodically changed, following a compromise of code or when a member of staff leaves.  Critical or sensitive Network equipment will be protected from power supply failures.
 Critical or sensitive Network equipment will be protected by intruder alarms and/or CCTV and fire suppression systems.  Smoking, eating and drinking is forbidden in areas housing critical or sensitive Network equipment.  All visitors to secure Network areas must be authorised by a senior member of the IT department.  All visitors to secure Network areas must be made aware of Network security requirements.  All visitors to secure Network areas must be logged in and out. The log will contain name, organization, purpose of visit, date, and time in and out.  The Information Security Manager will ensure that all relevant staff are made aware of procedures for visitors and that visitors are escorted, when necessary.  The Information Security Manager / Network manager will receive, and action, Cyber Security ‘CareCERT’ recommendations where applicable
ACCESS TO SECURE NETWORK AREAS – TRUST STAFF The trust will ensure that Access to secure network areas is restricted to staff who require access to the area. Accesses to secure areas are regularly reviewed and ensure that the list is accurate and up to date.
Logical Access to Network – All Staff  All access to the network must be via a secure log-on procedure, designed to minimize the opportunity for unauthorized access.  Ensure a formal registration and de-registration procedure to access the network, with line manager authorization.  User access rights (as configured in Active Directory) will be removed or reviewed when a user leaves the organization or changes job upon notification from the HR department.
 Security privileges must be granted to those that require the access. This access is limited to trust Staff whose role requires them to have System Administrative access.  All users must have an individual user identification (username) and password.  Users are responsible for ensuring that their username and password is kept safe.  Generic/shared user identification and password will only be granted with a justifiable business requirement and must be only used for the purpose they have been created for. Approval can be sought from the IAO, Deputy Director of IM&T, or the Information Security Manager.  All users must conform to the Acceptable Use Policy.
Third Party Access To The Network THIRD PARTY ACCESS TO THE NETWORK WILL BASED ON A FORMAL CONTRACT THAT SATISFIES ALL NECESSARY, AND INFORMATION GOVERNANCE TOOLKIT SECURITY CONDITIONS ALL THIRD PARTY ACCESSES TO THE NETWORK WILL MANAGED AND LOGGED ON THE TRUST’S SERVICE DESK SYSTEM. Connections to External Networks All connections to external networks and systems conform to the wide Network Security policy, Code of Connection and supporting guidance
ACCESS VIA VPN (VIRTUAL PRIVATE NETWORK THE VPN TOKEN WILL ONLY BE ISSUED AFTER THE COMPLETION OF THE USER ACCEPTANCE FORM. COMPLETED FORMS ARE HELD BY THE IT DEPARTMENT. ACCESS WILL ONLY BE PROVIDED TO TRUST MANAGED DEVICES. ALL USERS MUST CONFORM TO THE ACCEPTABLE USE POLICY (AS IF CONNECTED TO THE LOCAL NETWORK APPROVED EMPLOYEES AND AUTHORIZED THIRD PARTIES (CUSTOMERS, VENDORS, ETC.) MAY UTILIZE THE BENEFITS OF VPNS, WHICH ARE A "USER MANAGED" SERVICE. THIS MEANS THAT THE USER IS RESPONSIBLE FOR SELECTING AN INTERNET SERVICE PROVIDER (ISP), COORDINATING INSTALLATION, INSTALLING ANY REQUIRED SOFTWARE
WIRELESS NETWORK ACCESS Access to the network wirelessly will also be in accordance with the requirement of this policy. There will also be additional access controls via certificate and radius servers
SOFTWARE INSTALLATION POLICY Not allowed to install unauthorized computer programs and software, excepted licensed by IT team including files downloaded and accessed on the Internet, can easily and quickly introduce serious, fast-spreading security vulnerabilities. Unauthorized software programs,
Data Backup and Restoration  The Network Manager is responsible for ensuring that:  Backup copies of Network configuration data are taken regularly.  Documented procedures for the backup process and storage of backup tapes are produced and communicated to all relevant staff.  Backup tapes are stored securely and copies stored off-site.  There are documented procedures for the safe and secure disposal of IT equipment including backup media and these procedures are communicated to all relevant staff.  The disposal of backup media follows and complies with the trust policy for decommissioning and disposal of old equipment.
REMOVABLE MEDIA ACCEPTABLE USE POLICY company Policy to prohibit the use of all removable media devices unless a valid business case for its use is provided. Prohibited Removable Media Devices Removable media devices that are prohibited without a valid business case include, but are not restricted, to the following: DVD’s Bluetooth Device Media Card e.g. SD/XD External Hard Drives USB Memory Sticks (also known as pen drives or flash drives) Embedded Microchips (including Smart Cards and Mobile Phone Memory Cards) MP3 Players Digital Cameras Backup Tapes Dictation Devices Floppy Disk Infrared device Tape Drive Webcam
Email/Communication Policy A company's email policy is a document that is used to formally outline how employees can use the business’ chosen electronic communication medium. I have seen this policy cover email, blogs, social media and chat technologies. The primary goal of this policy is to provide guidelines to employees on what is considered the acceptable and unacceptable use of any corporate communication technology. An example of an email policy is available

Recommended

A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015Jeffery Brown
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Physical Security
Physical SecurityPhysical Security
Physical SecurityKriscila Yumul
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMANAND MURALI
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
information security technology
information security technologyinformation security technology
information security technologygarimasagar
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Donald E. Hester
 

Recommended

A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015Jeffery Brown
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Physical Security
Physical SecurityPhysical Security
Physical SecurityKriscila Yumul
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMANAND MURALI
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
information security technology
information security technologyinformation security technology
information security technologygarimasagar
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Donald E. Hester
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...Zara Nawaz
 
Seurity policy
Seurity policySeurity policy
Seurity policyHari Sarda
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a SciencePankaj Rane
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small BusinessesWilkins Consulting, LLC
 
Cyber Risks Implementation on an IP MPLS Network
Cyber Risks Implementation on an IP MPLS NetworkCyber Risks Implementation on an IP MPLS Network
Cyber Risks Implementation on an IP MPLS NetworkGabriel E Ozique
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practiceparves kamal
 
Security and management
Security and managementSecurity and management
Security and managementArtiSolanki5
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101Jerod Brennen
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Introduction to information security field
Introduction to information security fieldIntroduction to information security field
Introduction to information security fieldAhmed Musaad
 
Information security[277]
Information security[277]Information security[277]
Information security[277]Timothy Warren
 
Secure physical infrastructure
Secure physical infrastructureSecure physical infrastructure
Secure physical infrastructurePallavi Agarwal
 
Shivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagementShivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagementshivanishuks
 
Security Incidents
Security IncidentsSecurity Incidents
Security Incidentsbelsis
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template Demand Metric
 
security of information systems
security of information systems security of information systems
security of information systems♥♛❁Sukla♥❀njoyng Breath♥
 
Policy and procedure of hospitals
Policy and procedure of hospitalsPolicy and procedure of hospitals
Policy and procedure of hospitalsMohammed Alabdali
 
Medical facility network design
Medical facility network designMedical facility network design
Medical facility network designnephtalie
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security PoliciesAamir Sohail
 
security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatanceKudzi Chikwatu
 

More Related Content

What's hot

Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...Zara Nawaz
 
Seurity policy
Seurity policySeurity policy
Seurity policyHari Sarda
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a SciencePankaj Rane
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small BusinessesWilkins Consulting, LLC
 
Cyber Risks Implementation on an IP MPLS Network
Cyber Risks Implementation on an IP MPLS NetworkCyber Risks Implementation on an IP MPLS Network
Cyber Risks Implementation on an IP MPLS NetworkGabriel E Ozique
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practiceparves kamal
 
Security and management
Security and managementSecurity and management
Security and managementArtiSolanki5
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101Jerod Brennen
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Introduction to information security field
Introduction to information security fieldIntroduction to information security field
Introduction to information security fieldAhmed Musaad
 
Information security[277]
Information security[277]Information security[277]
Information security[277]Timothy Warren
 
Secure physical infrastructure
Secure physical infrastructureSecure physical infrastructure
Secure physical infrastructurePallavi Agarwal
 
Shivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagementShivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagementshivanishuks
 
Security Incidents
Security IncidentsSecurity Incidents
Security Incidentsbelsis
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template Demand Metric
 

What's hot (18)

Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...
 
Seurity policy
Seurity policySeurity policy
Seurity policy
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses
 
Cyber Risks Implementation on an IP MPLS Network
Cyber Risks Implementation on an IP MPLS NetworkCyber Risks Implementation on an IP MPLS Network
Cyber Risks Implementation on an IP MPLS Network
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practice
 
Security and management
Security and managementSecurity and management
Security and management
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101
 
Information security management
Information security managementInformation security management
Information security management
 
Introduction to information security field
Introduction to information security fieldIntroduction to information security field
Introduction to information security field
 
Information security[277]
Information security[277]Information security[277]
Information security[277]
 
Secure physical infrastructure
Secure physical infrastructureSecure physical infrastructure
Secure physical infrastructure
 
Shivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagementShivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagement
 
Security Incidents
Security IncidentsSecurity Incidents
Security Incidents
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template
 
security of information systems
security of information systems security of information systems
security of information systems
 

Similar to IT Network Security Policy

Policy and procedure of hospitals
Policy and procedure of hospitalsPolicy and procedure of hospitals
Policy and procedure of hospitalsMohammed Alabdali
 
Medical facility network design
Medical facility network designMedical facility network design
Medical facility network designnephtalie
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security PoliciesAamir Sohail
 
security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatanceKudzi Chikwatu
 
VPN security standards - Tareq Hanaysha
VPN security standards - Tareq HanayshaVPN security standards - Tareq Hanaysha
VPN security standards - Tareq HanayshaHanaysha
 
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxSample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxtodd331
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
It security
It securityIt security
It securityavi2607
 
Week - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxWeek - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxmelbruce90096
 
Secure Financial Intelligence System
Secure Financial Intelligence SystemSecure Financial Intelligence System
Secure Financial Intelligence SystemJoseph Yosi Margalit
 
Security policy case study
Security policy case studySecurity policy case study
Security policy case studyashu6
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
SectionxIS Security Policiesmmddyy-Effectivemmddyy-.docx
SectionxIS Security Policiesmmddyy-Effectivemmddyy-.docxSectionxIS Security Policiesmmddyy-Effectivemmddyy-.docx
SectionxIS Security Policiesmmddyy-Effectivemmddyy-.docxkenjordan97598
 
Types of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docxTypes of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docxwillcoxjanay
 

Similar to IT Network Security Policy (20)

Policy and procedure of hospitals
Policy and procedure of hospitalsPolicy and procedure of hospitals
Policy and procedure of hospitals
 
Medical facility network design
Medical facility network designMedical facility network design
Medical facility network design
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security Policies
 
security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatance
 
VPN security standards - Tareq Hanaysha
VPN security standards - Tareq HanayshaVPN security standards - Tareq Hanaysha
VPN security standards - Tareq Hanaysha
 
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxSample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
 
Capstone Finished
Capstone FinishedCapstone Finished
Capstone Finished
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
 
It security
It securityIt security
It security
 
Unit v
Unit vUnit v
Unit v
 
Week - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxWeek - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docx
 
Secure Financial Intelligence System
Secure Financial Intelligence SystemSecure Financial Intelligence System
Secure Financial Intelligence System
 
Security policy case study
Security policy case studySecurity policy case study
Security policy case study
 
Data security
Data securityData security
Data security
 
08 pdf show-239
08 pdf show-23908 pdf show-239
08 pdf show-239
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
P3
P3P3
P3
 
SectionxIS Security Policiesmmddyy-Effectivemmddyy-.docx
SectionxIS Security Policiesmmddyy-Effectivemmddyy-.docxSectionxIS Security Policiesmmddyy-Effectivemmddyy-.docx
SectionxIS Security Policiesmmddyy-Effectivemmddyy-.docx
 
Types of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docxTypes of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docx
 

Recently uploaded

Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.arsicmarija21
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 

IT Network Security Policy

  • 1. IT NETWORK SECURITY POLICY Executive Summary This policy defines the controls applied to the Trust’s IT network to help ensure the confidentiality, integrity and availability of information which flows over it, to ensure compliance with the Data Protection Act and the Information Governance Toolkit.
  • 2. Definitions computer network – refers to physical (i.e. pc plugged into wall port) and wireless (wifi) networks, and all supporting infrastructure. Purpose The purpose of this Policy is to set out the process to be used to enable staff to use the network in a responsible and appropriate way, including: Understanding their responsibilities when accessing the network Understanding the possible implications and risk/possible damage to the organization's reputation of using the network inappropriately.
  • 3. Scope This policy applies to all Networks used for:  The storage, sharing and transmission of official and non- official data and images  Printing or scanning non-official or official data or images  The provision of Internet systems for receiving, sending and storing non- official or official data or images  Ensure the protection of the network from unauthorised access, and protect information from unauthorised disclosure and accidental modification.  Ensure the accuracy and completeness of the organisation's IT assets
  • 4. Information Security Manager Responsibility Information security managers are responsible for protecting their organization’s computers, networks and data against threats, such as security breaches, computer viruses or attacks by cyber-criminals. Risk Assessment The Information Security Manager, working in conjunction with the Network Manager, will be responsible for risk assessing, and reporting upon, the Trust’s network. Risk assessments will be conducted on the network annually, the scope of the risk assessment will change depending on which area of the network requires assessing.
  • 5. Physical and Environmental Security  Network computer equipment will be housed in a controlled and secure environment. Critical or sensitive Network equipment will be housed in an environment that is monitored for temperature, humidity and power supply quality.  All public network facing firewalls will be accredited to Common Criteria EAL4 / Protection Profile compliant as a minimum.  All unused network ports will be unpatched to minimise the likelihood of unauthorized equipment being connected to the network.  Areas which are controlled with secure key-code locks will be periodically changed, following a compromise of code or when a member of staff leaves.  Critical or sensitive Network equipment will be protected from power supply failures.
  • 6.  Critical or sensitive Network equipment will be protected by intruder alarms and/or CCTV and fire suppression systems.  Smoking, eating and drinking is forbidden in areas housing critical or sensitive Network equipment.  All visitors to secure Network areas must be authorised by a senior member of the IT department.  All visitors to secure Network areas must be made aware of Network security requirements.  All visitors to secure Network areas must be logged in and out. The log will contain name, organization, purpose of visit, date, and time in and out.  The Information Security Manager will ensure that all relevant staff are made aware of procedures for visitors and that visitors are escorted, when necessary.  The Information Security Manager / Network manager will receive, and action, Cyber Security ‘CareCERT’ recommendations where applicable
  • 7. ACCESS TO SECURE NETWORK AREAS – TRUST STAFF The trust will ensure that Access to secure network areas is restricted to staff who require access to the area. Accesses to secure areas are regularly reviewed and ensure that the list is accurate and up to date.
  • 8. Logical Access to Network – All Staff  All access to the network must be via a secure log-on procedure, designed to minimize the opportunity for unauthorized access.  Ensure a formal registration and de-registration procedure to access the network, with line manager authorization.  User access rights (as configured in Active Directory) will be removed or reviewed when a user leaves the organization or changes job upon notification from the HR department.
  • 9.  Security privileges must be granted to those that require the access. This access is limited to trust Staff whose role requires them to have System Administrative access.  All users must have an individual user identification (username) and password.  Users are responsible for ensuring that their username and password is kept safe.  Generic/shared user identification and password will only be granted with a justifiable business requirement and must be only used for the purpose they have been created for. Approval can be sought from the IAO, Deputy Director of IM&T, or the Information Security Manager.  All users must conform to the Acceptable Use Policy.
  • 10. Third Party Access To The Network THIRD PARTY ACCESS TO THE NETWORK WILL BASED ON A FORMAL CONTRACT THAT SATISFIES ALL NECESSARY, AND INFORMATION GOVERNANCE TOOLKIT SECURITY CONDITIONS ALL THIRD PARTY ACCESSES TO THE NETWORK WILL MANAGED AND LOGGED ON THE TRUST’S SERVICE DESK SYSTEM. Connections to External Networks All connections to external networks and systems conform to the wide Network Security policy, Code of Connection and supporting guidance
  • 11. ACCESS VIA VPN (VIRTUAL PRIVATE NETWORK THE VPN TOKEN WILL ONLY BE ISSUED AFTER THE COMPLETION OF THE USER ACCEPTANCE FORM. COMPLETED FORMS ARE HELD BY THE IT DEPARTMENT. ACCESS WILL ONLY BE PROVIDED TO TRUST MANAGED DEVICES. ALL USERS MUST CONFORM TO THE ACCEPTABLE USE POLICY (AS IF CONNECTED TO THE LOCAL NETWORK APPROVED EMPLOYEES AND AUTHORIZED THIRD PARTIES (CUSTOMERS, VENDORS, ETC.) MAY UTILIZE THE BENEFITS OF VPNS, WHICH ARE A "USER MANAGED" SERVICE. THIS MEANS THAT THE USER IS RESPONSIBLE FOR SELECTING AN INTERNET SERVICE PROVIDER (ISP), COORDINATING INSTALLATION, INSTALLING ANY REQUIRED SOFTWARE
  • 12. WIRELESS NETWORK ACCESS Access to the network wirelessly will also be in accordance with the requirement of this policy. There will also be additional access controls via certificate and radius servers
  • 13. SOFTWARE INSTALLATION POLICY Not allowed to install unauthorized computer programs and software, excepted licensed by IT team including files downloaded and accessed on the Internet, can easily and quickly introduce serious, fast-spreading security vulnerabilities. Unauthorized software programs,
  • 14. Data Backup and Restoration  The Network Manager is responsible for ensuring that:  Backup copies of Network configuration data are taken regularly.  Documented procedures for the backup process and storage of backup tapes are produced and communicated to all relevant staff.  Backup tapes are stored securely and copies stored off-site.  There are documented procedures for the safe and secure disposal of IT equipment including backup media and these procedures are communicated to all relevant staff.  The disposal of backup media follows and complies with the trust policy for decommissioning and disposal of old equipment.
  • 15. REMOVABLE MEDIA ACCEPTABLE USE POLICY company Policy to prohibit the use of all removable media devices unless a valid business case for its use is provided. Prohibited Removable Media Devices Removable media devices that are prohibited without a valid business case include, but are not restricted, to the following: DVD’s Bluetooth Device Media Card e.g. SD/XD External Hard Drives USB Memory Sticks (also known as pen drives or flash drives) Embedded Microchips (including Smart Cards and Mobile Phone Memory Cards) MP3 Players Digital Cameras Backup Tapes Dictation Devices Floppy Disk Infrared device Tape Drive Webcam
  • 16.
  • 17. Email/Communication Policy A company's email policy is a document that is used to formally outline how employees can use the business’ chosen electronic communication medium. I have seen this policy cover email, blogs, social media and chat technologies. The primary goal of this policy is to provide guidelines to employees on what is considered the acceptable and unacceptable use of any corporate communication technology. An example of an email policy is available