Retrieved from https://studentshare.org/information-technology/1605419-creating-the-report
https://studentshare.org/information-technology/1605419-creating-the-report.
Full Paper Policy Development Network Access Scope This policy is applicable to all other departments that are internally connected, the organization, remote branches, employees and third parties i.e. vendors who have access to the organization’s information security and forensic laboratory. The scope of this policy will also cover all the legacy and future equipment that will be configured and tuned as per the reference documentations. If any other laboratories exist in the organization will be exempted from the scope of this policy and will be treated as per the specific policy if available.
PolicyOwnership ResponsibilitiesAssociated managers are liable for aligning security policies of the laboratory in compliance with the organization security policies. The following policies are vital: Password policy of networking devices and hosts, wireless network security policy, Anti-Virus security policy and physical security policy.The network support staff or administration must monitor and maintain a firewall between the network that connects the production functions, processes and operations from the laboratory network or network appliance / equipment / device (Frye, 2007).
The network support staff or administration must be entitled to have full rights for interrupting network connections of the laboratory that may impose impact or security risk on processes, functions and operation on the production network (Frye, 2007).Universal Configuration NecessitiesThe network traffic between the organization and the other networks will be transmitted via a firewall monitored and maintained by the support staff. However, in case of a wireless network transmission, connection to other networks of the organization will be prohibited.
In order to configure or modify any configuration settings on the firewall must be reviewed and approved by the information security personnel.Right to audit for all inbound and outbound activities of the organization is applicable to the information security personnel anytime. For ensuring physical access, every employee or student must identify themselves via physical security controls before entering in the organization is mandatory.Encryption must be applicable to stored password files, VPN connections and connections to the third party service providers where applicable.
Enforcement(Business,) If any violation of this policy is found, the matter maybe subjected to disciplinary action including termination of employment.Revision HistoryVersion 1.02 Policy Development Operating System ControlPolicyOwnership ResponsibilitiesAssociated managers are liable for ensuring adequate control for operating system and compliance with the organizational policies. The network support staff or administration must monitor and maintain the operating system controlThe network support staff or administration must be entitled to have full rights for modifying controls only if changes are mandatory and will impact business processes.3.2.
Universal Configuration NecessitiesIn order to configure or modify any control of operating system must be reviewed and approved by the associated information system owner.Right to audit for all inbound and outbound activities of the organization is applicable to the information security personnel anytime. 3.3. EnforcementIf any violation of this policy is found, the matter maybe subjected to disciplinary action including termination of employment.4. Revision HistoryVersion 1.03 Policy Development Database Server ControlPolicyOwnership ResponsibilitiesAssociated managers are liable for ensuring adequate control for database and compliance with the organizational policies.
The network support staff or database administration must monitor and maintain the database on periodic basis.The network support staff or database administration must be entitled to have full rights for modifying controls only if changes are mandatory and will impact business processes.3.4. Universal Configuration NecessitiesIn order to configure or modify any data residing in the database server must be reviewed and approved by the associated database owner.Right to audit for all inbound and outbound activities of the organization is applicable to the information security personnel anytime. 3.5.
EnforcementIf any violation of this policy is found, the matter maybe subjected to disciplinary action including termination of employment.5. Revision HistoryVersion 1.0ReferencesFrye, D. (2007). Network security policies and procedures . New York: Springer Science+Business Media. Business, &. L. R.Essential safety policies Business & Legal Reports, Inc.
Read More