SlideShare a Scribd company logo

SectionxIS Security Policiesmmddyy-Effectivemmddyy-.docx

Download as DOCX, PDF
K
kenjordan97598

Section x IS Security Policies mm/dd/yy -Effective mm/dd/yy -Revised Policy x.xx Physical Access Information Services -Author Introduction Technical support staff, security administrators, system administrators, and others may have Information Resource physical facility access requirements as part of their function. The granting, controlling, and monitoring of the physical access to Information Resources facilities is extremely important to an overall security program. Purpose The purpose of the [AGENCY] Physical Access Policy is to establish the rules for the granting, control, monitoring, and removal of physical access to Information Resource facilities. Audience The [AGENCY] Physical Access Policy applies to all individuals within the [AGENCY] enterprise that are responsible for the installation and support of Information Resources, individuals charged with Information Resources Security, and data owners. Definitions Information Resources (IR): any and all computer printouts, online display devices, magnetic storage media, and all computer-related activities involving any device capable of receiving email, browsing Web sites, or otherwise capable of receiving, storing, managing, or transmitting electronic data including, but not limited to, mainframes, servers, personal computers, notebook computers, hand-held computers, personal digital assistant (PDA), pagers, distributed processing systems, network attached and computer controlled medical and laboratory equipment (i.e. embedded technology), telecommunication resources, network environments, telephones, fax machines, printers and service bureaus. Additionally, it is the procedures, equipment, facilities, software, and data that are designed, built, operated, and maintained to create, collect, record, process, store, retrieve, display, and transmit information. Information Services (IS): The name of the agency department responsible for computers, networking and data management. Physical Access Policy · All physical security systems must comply with applicable all applicable regulations such as, but not limited to, building codes and fire prevention codes. · Physical access to all Information Resources restricted facilities must be documented and managed. · All IR facilities must be physically protected in proportion to the criticality or importance of their function at [AGENCY]. · Access to Information Resources facilities must be granted only to [AGENCY] support personnel, and contractors, whose job responsibilities require access to that facility. · The process for granting card and/or key access to Information Resources facilities must include the approval of the person responsible for the facility. · Each individual that is granted access rights to an Information Resources facility must receive emergency procedures training for the facility and must sign the appropriate access and non-disclosure agreements. · Requests for access must come from the applicable [AGENCY] .

1 of 7
Section x IS Security Policies mm/dd/yy -Effective mm/dd/yy -Revised Policy x.xx Physical Access Information Services -Author Introduction Technical support staff, security administrators, system administrators, and others may have Information Resource physical facility access requirements as part of their function. The granting, controlling, and monitoring of the physical access to Information Resources facilities is extremely important to an overall security program. Purpose The purpose of the [AGENCY] Physical Access Policy is to establish the rules for the granting, control, monitoring, and removal of physical access to Information Resource facilities. Audience The [AGENCY] Physical Access Policy applies to all individuals within the [AGENCY] enterprise that are responsible for the installation and support of Information Resources, individuals charged with Information Resources Security, and data owners. Definitions Information Resources (IR): any and all computer printouts,
online display devices, magnetic storage media, and all computer-related activities involving any device capable of receiving email, browsing Web sites, or otherwise capable of receiving, storing, managing, or transmitting electronic data including, but not limited to, mainframes, servers, personal computers, notebook computers, hand-held computers, personal digital assistant (PDA), pagers, distributed processing systems, network attached and computer controlled medical and laboratory equipment (i.e. embedded technology), telecommunication resources, network environments, telephones, fax machines, printers and service bureaus. Additionally, it is the procedures, equipment, facilities, software, and data that are designed, built, operated, and maintained to create, collect, record, process, store, retrieve, display, and transmit information. Information Services (IS): The name of the agency department responsible for computers, networking and data management. Physical Access Policy · All physical security systems must comply with applicable all applicable regulations such as, but not limited to, building codes and fire prevention codes. · Physical access to all Information Resources restricted facilities must be documented and managed. · All IR facilities must be physically protected in proportion to the criticality or importance of their function at [AGENCY]. · Access to Information Resources facilities must be granted only to [AGENCY] support personnel, and contractors, whose job responsibilities require access to that facility. · The process for granting card and/or key access to Information Resources facilities must include the approval of the person responsible for the facility. · Each individual that is granted access rights to an Information Resources facility must receive emergency procedures training for the facility and must sign the appropriate access and non-
disclosure agreements. · Requests for access must come from the applicable [AGENCY] data/system owner. · Access cards and/or keys must not be shared or loaned to others. · Access cards and/or keys that are no longer required must be returned to the person responsible for the Information Resources facility. Cards must not be reallocated to another individual bypassing the return process. · Lost or stolen access cards and/or keys must be reported to the person responsible for the Information Resources facility. · Cards and/or keys must not have identifying information other than a return mail address. · All Information Resources facilities that allow access to visitors will track visitor access with a sign in/out log. · A service charge may be assessed for access cards and/or keys that are lost, stolen or are not returned. · Card access records and visitor logs for Information Resources facilities must be kept for routine review based upon the criticality of the Information Resources being protected. · The person responsible for the Information Resources facility must remove the card and/or key access rights of individuals that change roles within [AGENCY] or are separated from their relationship with [AGENCY] Physical Access Policy, continued · Visitors must be escorted in card access controlled areas of Information Resources facilities. · The person responsible for the Information Resources facility must review access records and visitor logs for the facility on a periodic basis and investigate any unusual access. · The person responsible for the Information Resources facility must review card and/or key access rights for the facility on a periodic basis and remove access for individuals that no longer require access.
· Signage for restricted access rooms and locations must be practical, yet minimal discernible evidence of the importance of the location should be displayed. Disciplinary Actions Violation of this policy may result in disciplinary action which may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of [AGENCY] Information Resources access privileges, civil, and criminal prosecution. Supporting InformationThis Security Policy is supported by the following Security Policy Standards Reference # Policy Standard detail 1 IR Security controls must not be bypassed or disabled. 2 Security awareness of personnel must be continually emphasized, reinforced, updated and validated. 3 All personnel are responsible for managing their use of IR and are accountable for their actions relating to IR security. Personnel are also equally responsible for reporting any suspected or confirmed violations of this policy to the appropriate management.
4 Passwords, Personal Identification Numbers (PIN), Security Tokens (i.e. Smartcard), and other computer systems security procedures and devices shall be protected by the individual user from use by, or disclosure to, any other individual or organization. All security violations shall be reported to the custodian or owner department management. Supporting Information, continuedThis Security Policy is supported by the following Security Policy Standards Reference # Policy Standard detail 5 Access to, change to, and use of IR must be strictly secured. Information access authority for each user must be reviewed on a regular basis, as well as each job status change such as: a transfer, promotion, demotion, or termination of service. 8 Allcomputer software programs, applications, source code, object code, documentation and data shall be guarded and protected as if it were state property. 9 On termination of the relationship with the agency users must surrender all property and IR managed by the agency. All security policies for IR apply to and remain in force in the event of a terminated relationship until such surrender is made. Further, this policy survives the terminated relationship. 16
Custodian departments must provide adequate access controls in order to monitor systems to protect data and programs from misuse in accordance with the needs defined by owner departments. Access must be properly documented, authorized and controlled. 19 IR computer systems and/or associated equipment used for agency business that is conducted and managed outside of agency control must meet contractual requirements and be subject to monitoring. References Copyright Act of 1976 Foreign Corrupt Practices Act of 1977 Computer Fraud and Abuse Act of 1986 Computer Security Act of 1987 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) The State of Texas Information Act Texas Government Code, Section 441 Texas Administrative Code, Chapter 202 IRM Act, 2054.075(b) The State of Texas Penal Code, Chapters 33 and 33A DIR Practices for Protecting Information Resources Assets DIR Standards Review and Recommendations Publications physical_access_policy Page 2 of 4 Revised 6/7/02
SectionxIS Security Policiesmmddyy-Effectivemmddyy-.docx

Recommended

IT Network Security Policy
IT Network Security PolicyIT Network Security Policy
IT Network Security Policy
ssuser06c4a6
 
Group 10 - PDPA II.pptx
Group 10 - PDPA II.pptxGroup 10 - PDPA II.pptx
Group 10 - PDPA II.pptx
Suthaesh Ramash
 
08 pdf show-239
08 pdf show-23908 pdf show-239
08 pdf show-239
#TheFraudTube
 
Medical facility network design
Medical facility network designMedical facility network design
Medical facility network design
nephtalie
 
R.a 1
R.a 1R.a 1
R.a 1
jenito21
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessment
jenito21
 
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docx
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docxABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docx
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docx
SALU18
 
Cyber_Security_Policy
Cyber_Security_PolicyCyber_Security_Policy
Cyber_Security_Policy
Mrinal Dutta
 

Recommended

IT Network Security Policy
IT Network Security PolicyIT Network Security Policy
IT Network Security Policy
ssuser06c4a6
 
Group 10 - PDPA II.pptx
Group 10 - PDPA II.pptxGroup 10 - PDPA II.pptx
Group 10 - PDPA II.pptx
Suthaesh Ramash
 
08 pdf show-239
08 pdf show-23908 pdf show-239
08 pdf show-239
#TheFraudTube
 
Medical facility network design
Medical facility network designMedical facility network design
Medical facility network design
nephtalie
 
R.a 1
R.a 1R.a 1
R.a 1
jenito21
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessment
jenito21
 
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docx
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docxABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docx
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docx
SALU18
 
Cyber_Security_Policy
Cyber_Security_PolicyCyber_Security_Policy
Cyber_Security_Policy
Mrinal Dutta
 
A Complete Guide to Managing the Legal and Ethical Environment of Surveillanc...
A Complete Guide to Managing the Legal and Ethical Environment of Surveillanc...A Complete Guide to Managing the Legal and Ethical Environment of Surveillanc...
A Complete Guide to Managing the Legal and Ethical Environment of Surveillanc...
rajsriinfotek1
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overview
Roy Biakpara, MSc.,CISA,CISSP,CISM,ISO27KLA
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
VISTA InfoSec
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template
Demand Metric
 
Cyber_Management_Issues.pdf
Cyber_Management_Issues.pdfCyber_Management_Issues.pdf
Cyber_Management_Issues.pdf
AliAhmed675993
 
Security review using SABSA
Security review using SABSASecurity review using SABSA
Security review using SABSA
Maganathin Veeraragaloo
 
Shivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagementShivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagement
shivanishuks
 
Capstone Finished Presentation.doc
Capstone Finished Presentation.docCapstone Finished Presentation.doc
Capstone Finished Presentation.doc
Kapricia Morris
 
Presentation2 (2)
Presentation2 (2)Presentation2 (2)
Presentation2 (2)
ITNet
 
Consensus Policy Resource CommunityRemote Access Polic
Consensus Policy Resource CommunityRemote Access PolicConsensus Policy Resource CommunityRemote Access Polic
Consensus Policy Resource CommunityRemote Access Polic
AlleneMcclendon878
 
Consensus policy resource community remote access polic
Consensus policy resource community remote access policConsensus policy resource community remote access polic
Consensus policy resource community remote access polic
ARIV4
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power point
bradleyl2
 
Security policy
Security policySecurity policy
Security policy
Chaitanya Mutyala
 
Capstone Finished
Capstone FinishedCapstone Finished
Capstone Finished
Kapricia Morris
 
Absolute Software Governance-Risk-Compliance
Absolute Software Governance-Risk-ComplianceAbsolute Software Governance-Risk-Compliance
Absolute Software Governance-Risk-Compliance
Sébastien Roques
 
Absolute grc-
Absolute grc-Absolute grc-
Absolute grc-
Sébastien Roques
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare Application
CitiusTech
 
Malta Gaming Memo - Acumum Legal & Advisory
Malta Gaming Memo - Acumum Legal & AdvisoryMalta Gaming Memo - Acumum Legal & Advisory
Malta Gaming Memo - Acumum Legal & Advisory
Acumum - Legal & Advisory
 
Access control policy
Access control policyAccess control policy
Access control policy
Bsmah Fahad
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 
You are the Nursing Director for the medical-surgical area of a .docx
You are the Nursing Director for the medical-surgical area of a .docxYou are the Nursing Director for the medical-surgical area of a .docx
You are the Nursing Director for the medical-surgical area of a .docx
kenjordan97598
 
You are the newly appointed director of the Agile County Airport.docx
You are the newly appointed director of the Agile County Airport.docxYou are the newly appointed director of the Agile County Airport.docx
You are the newly appointed director of the Agile County Airport.docx
kenjordan97598
 

More Related Content

Similar to SectionxIS Security Policiesmmddyy-Effectivemmddyy-.docx

A Complete Guide to Managing the Legal and Ethical Environment of Surveillanc...
A Complete Guide to Managing the Legal and Ethical Environment of Surveillanc...A Complete Guide to Managing the Legal and Ethical Environment of Surveillanc...
A Complete Guide to Managing the Legal and Ethical Environment of Surveillanc...
rajsriinfotek1
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overview
Roy Biakpara, MSc.,CISA,CISSP,CISM,ISO27KLA
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
VISTA InfoSec
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template
Demand Metric
 
Cyber_Management_Issues.pdf
Cyber_Management_Issues.pdfCyber_Management_Issues.pdf
Cyber_Management_Issues.pdf
AliAhmed675993
 
Security review using SABSA
Security review using SABSASecurity review using SABSA
Security review using SABSA
Maganathin Veeraragaloo
 
Shivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagementShivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagement
shivanishuks
 
Capstone Finished Presentation.doc
Capstone Finished Presentation.docCapstone Finished Presentation.doc
Capstone Finished Presentation.doc
Kapricia Morris
 
Presentation2 (2)
Presentation2 (2)Presentation2 (2)
Presentation2 (2)
ITNet
 
Consensus Policy Resource CommunityRemote Access Polic
Consensus Policy Resource CommunityRemote Access PolicConsensus Policy Resource CommunityRemote Access Polic
Consensus Policy Resource CommunityRemote Access Polic
AlleneMcclendon878
 
Consensus policy resource community remote access polic
Consensus policy resource community remote access policConsensus policy resource community remote access polic
Consensus policy resource community remote access polic
ARIV4
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power point
bradleyl2
 
Security policy
Security policySecurity policy
Security policy
Chaitanya Mutyala
 
Capstone Finished
Capstone FinishedCapstone Finished
Capstone Finished
Kapricia Morris
 
Absolute Software Governance-Risk-Compliance
Absolute Software Governance-Risk-ComplianceAbsolute Software Governance-Risk-Compliance
Absolute Software Governance-Risk-Compliance
Sébastien Roques
 
Absolute grc-
Absolute grc-Absolute grc-
Absolute grc-
Sébastien Roques
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare Application
CitiusTech
 
Malta Gaming Memo - Acumum Legal & Advisory
Malta Gaming Memo - Acumum Legal & AdvisoryMalta Gaming Memo - Acumum Legal & Advisory
Malta Gaming Memo - Acumum Legal & Advisory
Acumum - Legal & Advisory
 
Access control policy
Access control policyAccess control policy
Access control policy
Bsmah Fahad
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 

Similar to SectionxIS Security Policiesmmddyy-Effectivemmddyy-.docx (20)

A Complete Guide to Managing the Legal and Ethical Environment of Surveillanc...
A Complete Guide to Managing the Legal and Ethical Environment of Surveillanc...A Complete Guide to Managing the Legal and Ethical Environment of Surveillanc...
A Complete Guide to Managing the Legal and Ethical Environment of Surveillanc...
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overview
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template
 
Cyber_Management_Issues.pdf
Cyber_Management_Issues.pdfCyber_Management_Issues.pdf
Cyber_Management_Issues.pdf
 
Security review using SABSA
Security review using SABSASecurity review using SABSA
Security review using SABSA
 
Shivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagementShivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagement
 
Capstone Finished Presentation.doc
Capstone Finished Presentation.docCapstone Finished Presentation.doc
Capstone Finished Presentation.doc
 
Presentation2 (2)
Presentation2 (2)Presentation2 (2)
Presentation2 (2)
 
Consensus Policy Resource CommunityRemote Access Polic
Consensus Policy Resource CommunityRemote Access PolicConsensus Policy Resource CommunityRemote Access Polic
Consensus Policy Resource CommunityRemote Access Polic
 
Consensus policy resource community remote access polic
Consensus policy resource community remote access policConsensus policy resource community remote access polic
Consensus policy resource community remote access polic
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power point
 
Security policy
Security policySecurity policy
Security policy
 
Capstone Finished
Capstone FinishedCapstone Finished
Capstone Finished
 
Absolute Software Governance-Risk-Compliance
Absolute Software Governance-Risk-ComplianceAbsolute Software Governance-Risk-Compliance
Absolute Software Governance-Risk-Compliance
 
Absolute grc-
Absolute grc-Absolute grc-
Absolute grc-
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare Application
 
Malta Gaming Memo - Acumum Legal & Advisory
Malta Gaming Memo - Acumum Legal & AdvisoryMalta Gaming Memo - Acumum Legal & Advisory
Malta Gaming Memo - Acumum Legal & Advisory
 
Access control policy
Access control policyAccess control policy
Access control policy
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
 

More from kenjordan97598

You are the Nursing Director for the medical-surgical area of a .docx
You are the Nursing Director for the medical-surgical area of a .docxYou are the Nursing Director for the medical-surgical area of a .docx
You are the Nursing Director for the medical-surgical area of a .docx
kenjordan97598
 
You are the newly appointed director of the Agile County Airport.docx
You are the newly appointed director of the Agile County Airport.docxYou are the newly appointed director of the Agile County Airport.docx
You are the newly appointed director of the Agile County Airport.docx
kenjordan97598
 
You are working on an address book database with a table called Cont.docx
You are working on an address book database with a table called Cont.docxYou are working on an address book database with a table called Cont.docx
You are working on an address book database with a table called Cont.docx
kenjordan97598
 
You are the new Security Manager for a small bank in Iowa. They are .docx
You are the new Security Manager for a small bank in Iowa. They are .docxYou are the new Security Manager for a small bank in Iowa. They are .docx
You are the new Security Manager for a small bank in Iowa. They are .docx
kenjordan97598
 
You are working in a rural Family Planning Health clinic and a 16 y.docx
You are working in a rural Family Planning Health clinic and a 16 y.docxYou are working in a rural Family Planning Health clinic and a 16 y.docx
You are working in a rural Family Planning Health clinic and a 16 y.docx
kenjordan97598
 
You are working in a family practice when your newly diagnosed T.docx
You are working in a family practice when your newly diagnosed T.docxYou are working in a family practice when your newly diagnosed T.docx
You are working in a family practice when your newly diagnosed T.docx
kenjordan97598
 
You are working for the Chief of Staff (CoS) for a newly elected Gov.docx
You are working for the Chief of Staff (CoS) for a newly elected Gov.docxYou are working for the Chief of Staff (CoS) for a newly elected Gov.docx
You are working for the Chief of Staff (CoS) for a newly elected Gov.docx
kenjordan97598
 
You are working at Johnson and Cohen law firm and have recently .docx
You are working at Johnson and Cohen law firm and have recently .docxYou are working at Johnson and Cohen law firm and have recently .docx
You are working at Johnson and Cohen law firm and have recently .docx
kenjordan97598
 
You are working for a community counseling agency, and you are taske.docx
You are working for a community counseling agency, and you are taske.docxYou are working for a community counseling agency, and you are taske.docx
You are working for a community counseling agency, and you are taske.docx
kenjordan97598
 
You are working as the software tester for a big enterprise comp.docx
You are working as the software tester for a big enterprise comp.docxYou are working as the software tester for a big enterprise comp.docx
You are working as the software tester for a big enterprise comp.docx
kenjordan97598
 
You are working as HelpDesk Support for an organization where your u.docx
You are working as HelpDesk Support for an organization where your u.docxYou are working as HelpDesk Support for an organization where your u.docx
You are working as HelpDesk Support for an organization where your u.docx
kenjordan97598
 
You are working as an APRN in your local primary care office. Th.docx
You are working as an APRN in your local primary care office. Th.docxYou are working as an APRN in your local primary care office. Th.docx
You are working as an APRN in your local primary care office. Th.docx
kenjordan97598
 
You are the new Public Information Officer (PIO) assigned by the.docx
You are the new Public Information Officer (PIO) assigned by the.docxYou are the new Public Information Officer (PIO) assigned by the.docx
You are the new Public Information Officer (PIO) assigned by the.docx
kenjordan97598
 
You are welcome to go to the San Diego Zoo any time you would li.docx
You are welcome to go to the San Diego Zoo any time you would li.docxYou are welcome to go to the San Diego Zoo any time you would li.docx
You are welcome to go to the San Diego Zoo any time you would li.docx
kenjordan97598
 
You are visiting one of your organization’s plants in a poor nation..docx
You are visiting one of your organization’s plants in a poor nation..docxYou are visiting one of your organization’s plants in a poor nation..docx
You are visiting one of your organization’s plants in a poor nation..docx
kenjordan97598
 
You are to write a four-page (typed, double-spaced) essay addressing.docx
You are to write a four-page (typed, double-spaced) essay addressing.docxYou are to write a four-page (typed, double-spaced) essay addressing.docx
You are to write a four-page (typed, double-spaced) essay addressing.docx
kenjordan97598
 
You are to write a 7-page Biographical Research Paper of St Franci.docx
You are to write a 7-page Biographical Research Paper of St Franci.docxYou are to write a 7-page Biographical Research Paper of St Franci.docx
You are to write a 7-page Biographical Research Paper of St Franci.docx
kenjordan97598
 
You are to write a 1050 to 1750 word literature review (in a.docx
You are to write a 1050 to 1750 word literature review (in a.docxYou are to write a 1050 to 1750 word literature review (in a.docx
You are to write a 1050 to 1750 word literature review (in a.docx
kenjordan97598
 
You are to take the uploaded assignment and edit it. The title shoul.docx
You are to take the uploaded assignment and edit it. The title shoul.docxYou are to take the uploaded assignment and edit it. The title shoul.docx
You are to take the uploaded assignment and edit it. The title shoul.docx
kenjordan97598
 
You are to use a topic for the question you chose.WORD REQUIRE.docx
You are to use a topic for the question you chose.WORD REQUIRE.docxYou are to use a topic for the question you chose.WORD REQUIRE.docx
You are to use a topic for the question you chose.WORD REQUIRE.docx
kenjordan97598
 

More from kenjordan97598 (20)

You are the Nursing Director for the medical-surgical area of a .docx
You are the Nursing Director for the medical-surgical area of a .docxYou are the Nursing Director for the medical-surgical area of a .docx
You are the Nursing Director for the medical-surgical area of a .docx
 
You are the newly appointed director of the Agile County Airport.docx
You are the newly appointed director of the Agile County Airport.docxYou are the newly appointed director of the Agile County Airport.docx
You are the newly appointed director of the Agile County Airport.docx
 
You are working on an address book database with a table called Cont.docx
You are working on an address book database with a table called Cont.docxYou are working on an address book database with a table called Cont.docx
You are working on an address book database with a table called Cont.docx
 
You are the new Security Manager for a small bank in Iowa. They are .docx
You are the new Security Manager for a small bank in Iowa. They are .docxYou are the new Security Manager for a small bank in Iowa. They are .docx
You are the new Security Manager for a small bank in Iowa. They are .docx
 
You are working in a rural Family Planning Health clinic and a 16 y.docx
You are working in a rural Family Planning Health clinic and a 16 y.docxYou are working in a rural Family Planning Health clinic and a 16 y.docx
You are working in a rural Family Planning Health clinic and a 16 y.docx
 
You are working in a family practice when your newly diagnosed T.docx
You are working in a family practice when your newly diagnosed T.docxYou are working in a family practice when your newly diagnosed T.docx
You are working in a family practice when your newly diagnosed T.docx
 
You are working for the Chief of Staff (CoS) for a newly elected Gov.docx
You are working for the Chief of Staff (CoS) for a newly elected Gov.docxYou are working for the Chief of Staff (CoS) for a newly elected Gov.docx
You are working for the Chief of Staff (CoS) for a newly elected Gov.docx
 
You are working at Johnson and Cohen law firm and have recently .docx
You are working at Johnson and Cohen law firm and have recently .docxYou are working at Johnson and Cohen law firm and have recently .docx
You are working at Johnson and Cohen law firm and have recently .docx
 
You are working for a community counseling agency, and you are taske.docx
You are working for a community counseling agency, and you are taske.docxYou are working for a community counseling agency, and you are taske.docx
You are working for a community counseling agency, and you are taske.docx
 
You are working as the software tester for a big enterprise comp.docx
You are working as the software tester for a big enterprise comp.docxYou are working as the software tester for a big enterprise comp.docx
You are working as the software tester for a big enterprise comp.docx
 
You are working as HelpDesk Support for an organization where your u.docx
You are working as HelpDesk Support for an organization where your u.docxYou are working as HelpDesk Support for an organization where your u.docx
You are working as HelpDesk Support for an organization where your u.docx
 
You are working as an APRN in your local primary care office. Th.docx
You are working as an APRN in your local primary care office. Th.docxYou are working as an APRN in your local primary care office. Th.docx
You are working as an APRN in your local primary care office. Th.docx
 
You are the new Public Information Officer (PIO) assigned by the.docx
You are the new Public Information Officer (PIO) assigned by the.docxYou are the new Public Information Officer (PIO) assigned by the.docx
You are the new Public Information Officer (PIO) assigned by the.docx
 
You are welcome to go to the San Diego Zoo any time you would li.docx
You are welcome to go to the San Diego Zoo any time you would li.docxYou are welcome to go to the San Diego Zoo any time you would li.docx
You are welcome to go to the San Diego Zoo any time you would li.docx
 
You are visiting one of your organization’s plants in a poor nation..docx
You are visiting one of your organization’s plants in a poor nation..docxYou are visiting one of your organization’s plants in a poor nation..docx
You are visiting one of your organization’s plants in a poor nation..docx
 
You are to write a four-page (typed, double-spaced) essay addressing.docx
You are to write a four-page (typed, double-spaced) essay addressing.docxYou are to write a four-page (typed, double-spaced) essay addressing.docx
You are to write a four-page (typed, double-spaced) essay addressing.docx
 
You are to write a 7-page Biographical Research Paper of St Franci.docx
You are to write a 7-page Biographical Research Paper of St Franci.docxYou are to write a 7-page Biographical Research Paper of St Franci.docx
You are to write a 7-page Biographical Research Paper of St Franci.docx
 
You are to write a 1050 to 1750 word literature review (in a.docx
You are to write a 1050 to 1750 word literature review (in a.docxYou are to write a 1050 to 1750 word literature review (in a.docx
You are to write a 1050 to 1750 word literature review (in a.docx
 
You are to take the uploaded assignment and edit it. The title shoul.docx
You are to take the uploaded assignment and edit it. The title shoul.docxYou are to take the uploaded assignment and edit it. The title shoul.docx
You are to take the uploaded assignment and edit it. The title shoul.docx
 
You are to use a topic for the question you chose.WORD REQUIRE.docx
You are to use a topic for the question you chose.WORD REQUIRE.docxYou are to use a topic for the question you chose.WORD REQUIRE.docx
You are to use a topic for the question you chose.WORD REQUIRE.docx
 

Recently uploaded

Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Excellence Foundation for South Sudan
 
How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17
Celine George
 
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
National Information Standards Organization (NISO)
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
amberjdewit93
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
Jean Carlos Nunes Paixão
 
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
RAHUL
 
Walmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdfWalmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdf
TechSoup
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
Priyankaranawat4
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
Celine George
 
BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
Katrina Pritchard
 
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
PECB
 
Liberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdfLiberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdf
WaniBasim
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .
Colégio Santa Teresinha
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Fajar Baskoro
 
Cognitive Development Adolescence Psychology
Cognitive Development Adolescence PsychologyCognitive Development Adolescence Psychology
Cognitive Development Adolescence Psychology
paigestewart1632
 
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
IreneSebastianRueco1
 
clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
Priyankaranawat4
 
DRUGS AND ITS classification slide share
DRUGS AND ITS classification slide shareDRUGS AND ITS classification slide share
DRUGS AND ITS classification slide share
taiba qazi
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
Dr. Mulla Adam Ali
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
Academy of Science of South Africa
 

Recently uploaded (20)

Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
 
How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17
 
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
 
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
 
Walmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdfWalmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdf
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
 
BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
 
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
 
Liberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdfLiberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdf
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
 
Cognitive Development Adolescence Psychology
Cognitive Development Adolescence PsychologyCognitive Development Adolescence Psychology
Cognitive Development Adolescence Psychology
 
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
 
clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
 
DRUGS AND ITS classification slide share
DRUGS AND ITS classification slide shareDRUGS AND ITS classification slide share
DRUGS AND ITS classification slide share
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
 

SectionxIS Security Policiesmmddyy-Effectivemmddyy-.docx

  • 1. Section x IS Security Policies mm/dd/yy -Effective mm/dd/yy -Revised Policy x.xx Physical Access Information Services -Author Introduction Technical support staff, security administrators, system administrators, and others may have Information Resource physical facility access requirements as part of their function. The granting, controlling, and monitoring of the physical access to Information Resources facilities is extremely important to an overall security program. Purpose The purpose of the [AGENCY] Physical Access Policy is to establish the rules for the granting, control, monitoring, and removal of physical access to Information Resource facilities. Audience The [AGENCY] Physical Access Policy applies to all individuals within the [AGENCY] enterprise that are responsible for the installation and support of Information Resources, individuals charged with Information Resources Security, and data owners. Definitions Information Resources (IR): any and all computer printouts,
  • 2. online display devices, magnetic storage media, and all computer-related activities involving any device capable of receiving email, browsing Web sites, or otherwise capable of receiving, storing, managing, or transmitting electronic data including, but not limited to, mainframes, servers, personal computers, notebook computers, hand-held computers, personal digital assistant (PDA), pagers, distributed processing systems, network attached and computer controlled medical and laboratory equipment (i.e. embedded technology), telecommunication resources, network environments, telephones, fax machines, printers and service bureaus. Additionally, it is the procedures, equipment, facilities, software, and data that are designed, built, operated, and maintained to create, collect, record, process, store, retrieve, display, and transmit information. Information Services (IS): The name of the agency department responsible for computers, networking and data management. Physical Access Policy · All physical security systems must comply with applicable all applicable regulations such as, but not limited to, building codes and fire prevention codes. · Physical access to all Information Resources restricted facilities must be documented and managed. · All IR facilities must be physically protected in proportion to the criticality or importance of their function at [AGENCY]. · Access to Information Resources facilities must be granted only to [AGENCY] support personnel, and contractors, whose job responsibilities require access to that facility. · The process for granting card and/or key access to Information Resources facilities must include the approval of the person responsible for the facility. · Each individual that is granted access rights to an Information Resources facility must receive emergency procedures training for the facility and must sign the appropriate access and non-
  • 3. disclosure agreements. · Requests for access must come from the applicable [AGENCY] data/system owner. · Access cards and/or keys must not be shared or loaned to others. · Access cards and/or keys that are no longer required must be returned to the person responsible for the Information Resources facility. Cards must not be reallocated to another individual bypassing the return process. · Lost or stolen access cards and/or keys must be reported to the person responsible for the Information Resources facility. · Cards and/or keys must not have identifying information other than a return mail address. · All Information Resources facilities that allow access to visitors will track visitor access with a sign in/out log. · A service charge may be assessed for access cards and/or keys that are lost, stolen or are not returned. · Card access records and visitor logs for Information Resources facilities must be kept for routine review based upon the criticality of the Information Resources being protected. · The person responsible for the Information Resources facility must remove the card and/or key access rights of individuals that change roles within [AGENCY] or are separated from their relationship with [AGENCY] Physical Access Policy, continued · Visitors must be escorted in card access controlled areas of Information Resources facilities. · The person responsible for the Information Resources facility must review access records and visitor logs for the facility on a periodic basis and investigate any unusual access. · The person responsible for the Information Resources facility must review card and/or key access rights for the facility on a periodic basis and remove access for individuals that no longer require access.
  • 4. · Signage for restricted access rooms and locations must be practical, yet minimal discernible evidence of the importance of the location should be displayed. Disciplinary Actions Violation of this policy may result in disciplinary action which may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of [AGENCY] Information Resources access privileges, civil, and criminal prosecution. Supporting InformationThis Security Policy is supported by the following Security Policy Standards Reference # Policy Standard detail 1 IR Security controls must not be bypassed or disabled. 2 Security awareness of personnel must be continually emphasized, reinforced, updated and validated. 3 All personnel are responsible for managing their use of IR and are accountable for their actions relating to IR security. Personnel are also equally responsible for reporting any suspected or confirmed violations of this policy to the appropriate management.
  • 5. 4 Passwords, Personal Identification Numbers (PIN), Security Tokens (i.e. Smartcard), and other computer systems security procedures and devices shall be protected by the individual user from use by, or disclosure to, any other individual or organization. All security violations shall be reported to the custodian or owner department management. Supporting Information, continuedThis Security Policy is supported by the following Security Policy Standards Reference # Policy Standard detail 5 Access to, change to, and use of IR must be strictly secured. Information access authority for each user must be reviewed on a regular basis, as well as each job status change such as: a transfer, promotion, demotion, or termination of service. 8 Allcomputer software programs, applications, source code, object code, documentation and data shall be guarded and protected as if it were state property. 9 On termination of the relationship with the agency users must surrender all property and IR managed by the agency. All security policies for IR apply to and remain in force in the event of a terminated relationship until such surrender is made. Further, this policy survives the terminated relationship. 16
  • 6. Custodian departments must provide adequate access controls in order to monitor systems to protect data and programs from misuse in accordance with the needs defined by owner departments. Access must be properly documented, authorized and controlled. 19 IR computer systems and/or associated equipment used for agency business that is conducted and managed outside of agency control must meet contractual requirements and be subject to monitoring. References Copyright Act of 1976 Foreign Corrupt Practices Act of 1977 Computer Fraud and Abuse Act of 1986 Computer Security Act of 1987 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) The State of Texas Information Act Texas Government Code, Section 441 Texas Administrative Code, Chapter 202 IRM Act, 2054.075(b) The State of Texas Penal Code, Chapters 33 and 33A DIR Practices for Protecting Information Resources Assets DIR Standards Review and Recommendations Publications physical_access_policy Page 2 of 4 Revised 6/7/02