M E M O R A N D U M
TO : ALL STAFF
FROM : MR. (NAME) – CHAIRMAN
DATE : APRIL 20, 2007
SUBJECT : NETWORK SECURITY
=============================================================
All employees are hereby informed that under no circumstances should you use your personal e mail id’s to communicate on business issues. All e-mails should be done on your company email id. This security memorandum requires that good management practices be followed to implement IT security protections based on company risk assessment. The following is a list of requirements for all information systems maintained.
Physical Security
All network servers and network paraphernalia shall be in a locked room or secured in a locked area.
Network specialist shall be aware of the position of the closest fire alarm.
The temperature and humidity in network server room should be monitored.
No other personnel except to out IT specialist is allowed to enter the server room.
No drinking and food is allowed around computer system.
Sensitive information should be kept confidential.
When dealing with confidential information, ensure that no one is watching over your shoulder. This safety measure should also be taken when typing in passwords.
Data Communications Security
All computers with internet access should have a firewall.
Individuals shall use only encrypted means of access information across the Internet. Employees shall not pass sensitive company information.
Dial-in access to the company network shall be rigorously controlled. A list of all modems linked to the company network shall be kept. No modems shall be linked to the company network without prior consent of the Company’s Security Engineer. The list of modems shall also identify which modems are granted dial-in access. All dial-in and dial-out shall be accomplished using the company network modem server when available in order to ensure that all network access is logged.
System Access Security
Access to all company systems shall include, both local and remote logon to server or workstation.
Access to all company network servers, including but not limited to; domain controllers, phone system servers, voice mail servers, email servers, file servers, web servers, ftp servers, terminal servers, print servers and any general purpose server or workstation, and network hardware shall require a username and password, with the following exceptions:
Company web servers may allow anonymous access to information that is for public use.
Authentication
The identity of each individual who accesses college information, must be verified before access is given to the information. This identification process is normally performed using the user ID/password process. The user ID determines who the user is claiming to be. The submission of a correct password is taken to mean that the person is actually who the user ID claims them to be.
Use of shared user ID’s shall be limited to workstations allowing only single function use (such as workstations secured so that they can only be used to browse the web).
All users shall be forced to change their passwords every 30 days.
Company Systems shall be set to lock out further logon attempts for at least 5 minutes after 5 failed attempts have occurred.
Also note that no employee is permitted to use a laptop in office unless it is linked to the network as permitted by the company’s network engineer. All requests for any IT related functions on computers should channeled through our company IT specialist who will proceed only on approval of our office manager.
Failure to follow these instructions will result in severe disciplinary action being taken against you.
Your fullest co-operation is requested in this regard.
MR. ____(NAME)______
CHAIRMAN
Credit:ivythesis.typepad.com
0 comments:
Post a Comment
Click to see the code!
To insert emoticon you must added at least one space before the code.