PHYSICAL AND ENVIRONMENTAL SECURITY
|
|
- Ronald Andrews
- 5 years ago
- Views:
Transcription
1 PHYSICAL AND ENVIRONMENTAL SECURITY 1.0 STANDARD FOR PHYSICAL AND ENVIRONMENTAL SECURITY - EQUIPMENT 1.1 PURPOSE The purpose of this standard is to establish baseline controls to prevent loss, damage, theft or compromise of assets and interruption to the university s operations. 1.2 SCOPE All system and equipment owners, as well as users of that equipment, should ensure that measures are in place to protect equipment from loss, damage, theft or compromise. Furthermore, it is important for all ECSU staff, faculty, students, associates, affiliates, contractors, volunteers or visitors using ECSU facilities, services or IT systems to understand the need to ensure the protection of any university equipment. 1.3 CONTROL OBJECTIVE To prevent loss, damage, theft or compromise of assets and interruption to the organization s operations. 1.4 STANDARD Steps to protect equipment and to prevent loss, damage, theft or compromise of assets should include: Equipment placement and protection Equipment should be positioned and protected in a manner to reduce the risk of environmental threats and hazards as well as opportunities for unauthorized access. Supporting utilities Equipment should be protected from power failures and from the impact of potential disruptions caused by failures in supporting utilities such as telecommunications, water, gas, sewage, and HVAC. 1
2 Cabling security Power and network/telecommunications cabling should be protected from interception, interference, or damage. Equipment maintenance Equipment should be maintained by authorized personnel and in accordance with recommended service intervals to ensure availability and integrity. Removal of equipment or assets Equipment, information, or software should not be taken off-site without prior management authorization. Security of equipment and assets off-premises Security should be applied to off-site equipment and assets with consideration for the additional risks that are likely presented with working outside the campus. Secure disposal or re-use of equipment All equipment containing storage media should be verified to ensure that any sensitive data and licensed software has been removed or securely overwritten before it is disposed or re-purposed. Unattended user equipment All users should ensure that unattended equipment has appropriate protection by terminating sessions, logging off from applications when no longer needed, initiating a screen lock, and securing computers or mobile devices with a pattern, PIN, or password when not in use. Clear desk and clear screen policy In addition to equipment screen locks, all work areas should be further secured by clearing those spaces of all papers and removable devices containing sensitive information. These papers and devices should be stored in appropriately secured locations. 1.5 RELATED RESOURCES Guideline for Hardware and Media Disposal ISO/IEC 27002:
3 Direct your questions about this standard to DIT Information Security Office at 1.6 REVISION HISTORY Approved by DIT Security Committee
4 2.0 STANDARD FOR PHYSICAL AND ENVIRONMENTAL SECURITY SECURE AREAS 2.1 PURPOSE The purpose of this standard is to establish baseline controls to prevent unauthorized physical access, damage, or interference to the university s information and information processing facilities. 2.2 SCOPE Physical protections should be in place to prevent unauthorized access to any university information and information processing facilities. Furthermore, it is important for all ECSU staff, faculty, students, associates, affiliates, contractors, volunteers or visitors using ECSU facilities, services or IT systems to understand the need to ensure physical protections to any university information. 2.3 CONTROL OBJECTIVE To prevent unauthorized physical access, damage and interference to the organization s information and information processing facilities. 2.4 STANDARD Steps to prevent unauthorized access, damage or interference to the university s information or information processing facilities should include: Defined physical security perimeters Security perimeters should be used to protect areas containing sensitive or critical information or information processing and the boundaries should be appropriate to the sensitivity of the information contained within. Physical entry controls Secure areas should be protected by appropriate entry controls to ensure that only authorized personnel are allowed access. Physical security for offices, rooms, and facilities 4
5 Physical security for offices, rooms, and facilities should be designed and implemented. Protection against external and environmental threats Physical protection should be designed and implemented to protect against natural disasters, accidents, and malicious attacks. Working in secure areas Procedures for working in secure areas should be designed and implemented. Delivery and loading areas Delivery and loading areas should be isolated from information storage or processing facilities. 2.5 RELATED RESOURCES ISO/IEC 27002: 11.1 Direct your questions about this standard to DIT Information Security Office at 2.6 REVISION HISTORY Approved by DIT Security Committee
TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationPhysical and Environmental Security Policy Document Number: OIL-IS-POL-PES
Physical and Environmental Security Policy Document Number: OIL-IS-POL-PES Document Details Title Description Version 1.0 Author Classification Physical and Environmental Security Policy Physical and Environmental
More informationPhysical and Environmental Security Standards
Physical and Environmental Security Standards Table of Contents 1. SECURE AREAS... 2 1.1 PHYSICAL SECURITY PERIMETER... 2 1.2 PHYSICAL ENTRY CONTROLS... 3 1.3 SECURING OFFICES, ROOMS AND FACILITIES...
More informationFRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.
FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013 Visit us online at Flank.org to learn more. HITRUST CSF v9 Framework ISO 27001/27002:2013 Framework FLANK ISO 27001/27002:2013 Documentation from
More informationORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers
All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision
More informationSYSTEMKARAN ADVISER & INFORMATION CENTER. Information technology- security techniques information security management systems-requirement
SYSTEM KARAN ADVISER & INFORMATION CENTER Information technology- security techniques information security management systems-requirement ISO/IEC27001:2013 WWW.SYSTEMKARAN.ORG 1 www.systemkaran.org Foreword...
More informationAdvent IM Ltd ISO/IEC 27001:2013 vs
Advent IM Ltd ISO/IEC 27001:2013 vs 2005 www.advent-im.co.uk 0121 559 6699 bestpractice@advent-im.co.uk Key Findings ISO/IEC 27001:2013 vs. 2005 Controls 1) PDCA as a main driver is now gone with greater
More informationInformation Security Management
Information Security Management BS ISO/ IEC 17799:2005 (BS ISO/ IEC 27001:2005) BS 7799-1:2005, BS 7799-2:2005 SANS Audit Check List Author: Val Thiagarajan B.E., M.Comp, CCSE, MCSE, SFS, ITS 2319, IT
More informationPhysical Security Standard
Physical Security Standard Version: 1.6 Document ID: 3545 Copyright Notice Copyright 2018, ehealth Ontario All rights reserved No part of this document may be reproduced in any form, including photocopying
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 27011 Second edition 2016-12-01 Information technology Security techniques Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications
More informationInformation Services IT Security Policies L. Network Management
Information Services IT Security Policies L. Network Management Version 1.1 Last updated: 11th August 2010 Approved by Directorate: 2nd July 2009 Review date: 1st August 2011 Primary owner of security
More informationISSP Network Security Plan
ISSP-000 - Network Security Plan 1 CONTENTS 2 INTRODUCTION (Purpose and Intent)... 1 3 SCOPE... 2 4 STANDARD PROVISIONS... 2 5 STATEMENT OF PROCEDURES... 3 5.1 Network Control... 3 5.2 DHCP Services...
More informationUTAH VALLEY UNIVERSITY Policies and Procedures
Page 1 of 5 POLICY TITLE Section Subsection Responsible Office Private Sensitive Information Facilities, Operations, and Information Technology Information Technology Office of the Vice President of Information
More informationINFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK
INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK 1. INTRODUCTION The Board of Directors of the Bidvest Group Limited ( the Company ) acknowledges the need for an IT Governance Framework as recommended
More informationJacksonville State University Acceptable Use Policy 1. Overview 2. Purpose 3. Scope
Jacksonville State University Acceptable Use Policy 1. Overview Information Technology s (IT) intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to Jacksonville
More informationSubject: University Information Technology Resource Security Policy: OUTDATED
Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from
More informationISO/IEC TR TECHNICAL REPORT
TECHNICAL REPORT ISO/IEC TR 27019 First edition 2013-07-15 Information technology Security techniques Information security management guidelines based on ISO/IEC 27002 for process control systems specific
More informationAcceptable Use Policy
Acceptable Use Policy 1. Overview ONS IT s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to ONS established culture of openness, trust and integrity.
More informationAcceptable Use Policy
Acceptable Use Policy. August 2016 1. Overview Kalamazoo College provides and maintains information technology resources to support its academic programs and administrative operations. This Acceptable
More informationApex Information Security Policy
Apex Information Security Policy Table of Contents Sr.No Contents Page No 1. Objective 4 2. Policy 4 3. Scope 4 4. Approval Authority 5 5. Purpose 5 6. General Guidelines 7 7. Sub policies exist for 8
More informationII.C.4. Policy: Southeastern Technical College Computer Use
II.C.4. Policy: Southeastern Technical College Computer Use 1.0 Overview Due to the technological revolution in the workplace, businesses such as Southeastern Technical College (STC) have turned to computer
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management
INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security management Technologies de l'information Techniques de
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationISO/IEC Information technology Security techniques Code of practice for information security management
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationISO/IEC FDIS INTERNATIONAL STANDARD FINAL DRAFT. Information technology Security techniques Information security management systems Requirements
FINAL DRAFT INTERNATIONAL STANDARD ISO/IEC FDIS 27001 ISO/IEC JTC 1 Secretariat: DIN Voting begins on: 2005-06-30 Voting terminates on: 2005-08-30 Information technology Security techniques Information
More informationGuest Wireless Policy
Effective: April 1, 2016 Last Revised: November 27, 2017 Responsible University Office: Information Technology Services Responsible University Administrator: Chief Information Officer Policy Contact: Deb
More informationThis regulation outlines the policy and procedures for the implementation of wireless networking for the University Campus.
UAR NUMBER: 400.01 TITLE: Wireless Network Policy and Procedure INITIAL ADOPTION: 11/6/2003 REVISION DATES: PURPOSE: Set forth the policy for using wireless data technologies and assigns responsibilities
More informationISMS Essentials. Version 1.1
ISMS Essentials Version 1.1 This paper can serve as a guideline for the implementation of ISMS practices using BS7799 / ISO 27001 standards. To give an insight and help those who are implementing this
More informationMEETING ISO STANDARDS
WHITE PAPER MEETING ISO 27002 STANDARDS September 2018 SECURITY GUIDELINE COMPLIANCE Organizations have seen a rapid increase in malicious insider threats, sensitive data exfiltration, and other advanced
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Code of practice for information security management
INTERNATIONAL STANDARD ISO/IEC 17799 First edition 2000-12-01 Information technology Code of practice for information security management Technologies de l'information Code de pratique pour la gestion
More informationAcceptable Use Policy
Acceptable Use Policy 1. Overview The Information Technology (IT) department s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to Quincy College s established
More informationMedia Protection Program
Media Protection Program Version 1.0 November 2017 TABLE OF CONTENTS 1.1 SCOPE 2 1.2 PRINCIPLES 2 1.3 REVISIONS 3 2.1 OBJECTIVE 4 3.1 PROGRAM DETAILS 4 3.2 MEDIA STORAGE AND ACCESS 4 3.3 MEDIA TRANSPORT
More informationComputer Classroom Security Standard
Computer Classroom Security Standard Cal State Fullerton operates a heterogeneous network environment composed of centrally supported workstations, servers, and the network infrastructure. Along with administrative
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More informationState of Rhode Island Department of Administration Division of Information Technol
Division of Information Technol 1. Background Physical and environmental security controls protect information system facilities from physical and environmental threats. Physical access to facilities and
More informationAcceptable Use Policy
Acceptable Use Policy 1. Purpose The purpose of this policy is to outline the acceptable use of computer equipment at Robotech CAD Solutions. These rules are in place to protect the employee and Robotech
More informationPersonal Communication Devices and Voic Procedure
Personal Communication Devices and Voicemail Procedure Reference No. xx Revision No. 1 Relevant ISO Control No. 11.7.1 Issue Date: January 23, 2012 Revision Date: January 23, 2012 Approved by: Title: Ted
More informationU.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC)
U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC) Security Risk Assessment Tool Physical Safeguards Content Version Date:
More informationUniversity Network Policies
BACKGROUND Washington State University s network infrastructure and network services are vital to carry out the mission of the University. Policies are needed to ensure the continued integrity of these
More informationSubject: Wireless Networking Policy Effective Date: May 2005 Responsible Office: Department of Information Technology _ Responsible Officer:
Section Number Section Header: Subject: Wireless Networking Policy Effective Date: May 2005 Responsible Office: Department of Information Technology _ Responsible Officer: TABLE OF CONTENTS Introduction...1
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Colin Sloey Implementation Date: September 2010 Version Number:
More informationHIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationThe Cyber War on Small Business
The Cyber War on Small Business Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Meet Our Speaker Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Previously worked as Cyber
More informationComputing Policies / Procedures
(TIEHH) 1207 GILBERT DRIVE * LUBBOCK, TX 79416 * 806-885-4567 (tel) * 806-885-2132 (fax) Computing Policies / Procedures Contents PURPOSE... 2 REVIEW... 2 POLICY/PROCEDURE... 3 1. Acceptable Use Policy...
More informationOperations Security Plan Document Name: New Hampshire Lottery Operations Security Plan Date: January 2014
Operations Security Plan Prepared for the Document Name: New Hampshire Lottery Operations Security Plan Date: January 2014 Table of Contents Section 1...1 Introduction...1 Purpose...1 Objective...1 Section
More informationComputer Security Policy
Administration and Policy: Computer usage policy B 0.2/3 All systems Computer and Rules for users of the ECMWF computer systems May 1995 Table of Contents 1. The requirement for computer security... 1
More informationUniversity of Ulster Standard Cover Sheet
University of Ulster Standard Cover Sheet Document Title AUTHENTICATION STANDARD 2.0 Custodian Approving Committee ISD Heads ISD Committee Policy approved date 2011 10 13 Policy effective from date 2011
More informationDIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018
DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL June 14, 2018 A. Overriding Objective 1.1 This Directive establishes the rules and instructions for Bank Personnel with respect to Information
More informationSecurity Awareness, Training, And Education Plan
Security Awareness, Training, And Education Plan Version 2.0 December 2016 TABLE OF CONTENTS 1.1 SCOPE 2 1.2 PRINCIPLES 2 1.3 REVISIONS 3 2.1 OBJECTIVE 4 3.1 PLAN DETAILS 4 3.2 WORKFORCE DESIGNATION 4
More informationISC10D026. Report Control Information
ISC10D026 Report Control Information Title: General Information Security Date: 28 January 2011 Version: v3.08 Reference: ICT/GISP/DRAFT/3.08 Authors: Steve Mosley Quality Assurance: ISSC Revision Date
More informationOPTIMIZATION OF ACTIVITIES TO IMPROVE THE NUCLEAR MATERIAL AND FACILITIES SECURITY
OPTIMIZATION OF ACTIVITIES TO IMPROVE THE NUCLEAR MATERIAL AND FACILITIES SECURITY Vadim Prostakov Vienna 02.04.2009 OPTIMIZATION OF ACTIVITIES TO IMPROVE THE NUCLEAR MATERIAL AND FACILITIES SECURITY 1.
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationPOLICY 8200 NETWORK SECURITY
POLICY 8200 NETWORK SECURITY Policy Category: Information Technology Area of Administrative Responsibility: Information Technology Services Board of Trustees Approval Date: April 17, 2018 Effective Date:
More informationPassword Standard Version 2.0 October 2006
Password Standard Version 2.0 October 2006 TABLE OF CONTENTS 1.1 SCOPE 2 1.2 PRINCIPLES 2 1.3 REVISIONS 3 2.1 OBJECTIVE 4 3.1 POLICY 4 3.2 PROTECTION 4 3.3 LENGTH 4 3.4 SELECTIONS 4 3.5 EXPIRATION 5 3.6
More informationUlster University Standard Cover Sheet
Ulster University Standard Cover Sheet Document Title Portable Devices Security Standard 1.5 Custodian Approving Committee Deputy Director of Finance and Information Services (Information Services) Information
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationEffective: 12/31/17 Last Revised: 8/28/17. Responsible University Administrator: Vice Chancellor for Information Services & CIO
Effective: 12/31/17 Last Revised: 8/28/17 Responsible University Administrator: Vice Chancellor for Information Services & CIO Responsible University Office: Information Technology Services Policy Contact:
More informationREPORTING INFORMATION SECURITY INCIDENTS
INFORMATION SECURITY POLICY REPORTING INFORMATION SECURITY INCIDENTS ISO 27002 13.1.1 Author: Owner: Organisation: Document No: Chris Stone Ruskwig TruePersona Ltd SP-13.1.1 Version No: 1.0 Date: 1 st
More informationStandard: Data Center Security
Standard: Data Center Security Page 1 Executive Summary The university data centers provide for the reliable operation of SJSU s computing systems, computing infrastructure, and communication systems.
More informationCompany Policy Documents. Information Security Incident Management Policy
Information Security Incident Management Policy Information Security Incident Management Policy Propeller Studios Ltd is responsible for the security and integrity of all data it holds. Propeller Studios
More informationObjectives of the Security Policy Project for the University of Cyprus
Objectives of the Security Policy Project for the University of Cyprus 1. Introduction 1.1. Objective The University of Cyprus intends to upgrade its Internet/Intranet security architecture. The University
More informationHISPOL The United States House of Representatives Internet/ Intranet Security Policy. CATEGORY: Telecommunications Security
HISPOL 003.0 The United States House of Representatives Internet/ Intranet Security Policy CATEGORY: Telecommunications Security ISSUE DATE: February 4, 1998 REVISION DATE: August 23, 2000 The United States
More information2 University International Medical University
POLICY OWNER : Information Technology Services TITLE : Document Code : IMU/POL/ITS/09 Edition : 1 Approval Body : Management Approval : 03/05/17 Committee Date Effective Date : 03/05/17 Pages : 6 1.0 OBJECTIVE
More informationPolicy Document. PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy
Policy Title: Binder Association: Author: Review Date: Pomeroy Security Principles PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy Joseph Shreve September of each year or as required Purpose:...
More informationMobile Working Policy
Mobile Working Policy Date completed: Responsible Director: Approved by/ date: Ben Westmancott, Director of Compliance Author: Ealing CCG Governing Body 15 th January 2014 Ben Westmancott, Director of
More informationCampus StarID Support Function
Last updated on 1/25/2018 Contents Summary... 2 How to log in... 2 StarID Search... 3 View StarID account status and attributes... 4 Generate Verification Code... 4 Reset Password... 4 Who is considered
More informationOffice Name: Enterprise Risk Management Questions
Office Name: Business Impact Analysis Questions The identification of information, computing hardware and software, and associated personnel that require protection against unavailability, unauthorized
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 27011 First edition 2008-12-15 Information technology Security techniques Information security management guidelines for telecommunications organizations based on ISO/IEC
More informationLouisiana State University System
Louisiana State University System PM-36: Attachment 1 TABLE OF CONTENTS AND CHAPTERS 1-12 SECTION PAGE I. Chapter 1 -Securing Systems, Hardware, Software and Peripherals...6 A. Subunit 1 -Purchasing and
More informationEXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
EXCERPT NIST Special Publication 800-171 R1 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations An Excerpt Listing All: Security Requirement Families & Controls Security
More informationVirginia State University Policies Manual. Title: Change/Configuration Management Policy: 6810 A. Purpose
A. Purpose Virginia State University (VSU) management in an effort to preserve the integrity and stability of its systems and infrastructure has established a change management policy that will govern
More information7.16 INFORMATION TECHNOLOGY SECURITY
7.16 INFORMATION TECHNOLOGY SECURITY The superintendent shall be responsible for ensuring the district has the necessary components in place to meet the district s needs and the state s requirements for
More informationWireless Network Policy and Procedures Version 1.5 Dated November 27, 2002
Wireless Network Policy and Procedures Version 1.5 Dated November 27, 2002 Pace University reserves the right to amend or otherwise revise this document as may be necessary to reflect future changes made
More informationData Protection Policy
Data Protection Policy Status: Released Page 2 of 7 Introduction Our Data Protection policy indicates that we are dedicated to and responsible of processing the information of our employees, customers,
More information2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.
Diageo Third Party Hosting Standard 1. Purpose This document is for technical staff involved in the provision of externally hosted solutions for Diageo. This document defines the requirements that third
More informationCCBC is equipped with 3 computer rooms, one at each main campus location:
Policy: Computer Room Procedures Policy: Draft 12/14/2009 1.0 Purpose The purpose of this document is to establish procedures for the Community College of Baltimore County (CCBC) Information Technology
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 27011 Second edition 2016-12-01 Information technology Security techniques Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications
More informationSecuring Access to Network Devices
Securing Access to Network s Data Track Technology October, 2003 A corporate information security strategy will not be effective unless IT administrative services are protected through processes that safeguard
More informationUniversity of Alabama at Birmingham MINIMUM SECURITY FOR COMPUTING DEVICES RULE July 2017
University of Alabama at Birmingham MINIMUM SECURITY FOR COMPUTING DEVICES RULE July 2017 Related Policies, Procedures, and Resources UAB Acceptable Use Policy, UAB Protection and Security Policy, UAB
More informationOhio Supercomputer Center
Ohio Supercomputer Center Security Notifications No: Effective: OSC-10 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original Publication
More informationDATA CENTER OPERATIONS CALIFORNIA STATE UNIVERSITY, DOMINGUEZ HILLS. Audit Report June 15, 2012
DATA CENTER OPERATIONS CALIFORNIA STATE UNIVERSITY, DOMINGUEZ HILLS Audit Report 12-31 June 15, 2012 Henry Mendoza, Chair William Hauck Steven M. Glazer Glen O. Toney Members, Committee on Audit University
More informationWireless Security Access Policy and Agreement
Wireless Security Access Policy and Agreement Purpose The purpose of this policy is to define standards, procedures, and restrictions for connecting to Fort Valley State University s internal network(s)
More informationISO/IEC TR TECHNICAL REPORT. Information technology Security techniques Information security management guidelines for financial services
TECHNICAL REPORT ISO/IEC TR 27015 First edition 2012-12-01 Information technology Security techniques Information security management guidelines for financial services Technologies de l'information Techniques
More informationInformation Security Management System
Information Security Management System Based on ISO/IEC 17799 Houman Sadeghi Kaji Spread Spectrum Communication System PhD., Cisco Certified Network Professional Security Specialist BS7799 LA info@houmankaji.net
More informationSAS SOLUTIONS ONDEMAND
DECEMBER 4, 2013 Gary T. Ciampa SAS Solutions OnDemand Advanced Analytics Lab Birmingham Users Group, 2013 OVERVIEW SAS Solutions OnDemand Started in 2000 SAS Advanced Analytics Lab (AAL) Created in 2007
More informationThe University of British Columbia Board of Governors
The University of British Columbia Board of Governors Policy No.: 118 Approval Date: February 15, 2016 Responsible Executive: University Counsel Title: Safety and Security Cameras Background and Purposes:
More informationInformation Technology Standards
Information Technology Standards IT Standard Issued: 9/16/2009 Supersedes: New Standard Mobile Device Security Responsible Executive: HSC CIO Responsible Office: HSC IT Contact: For questions about this
More informationAcceptable Usage Policy (Student)
Acceptable Usage Policy (Student) Author Arthur Bogacki Date 18/10/2017 Version 1.1 (content sourced and consolidated from existing Email and Electronic Communication, and User Code of Practice policies.)
More informationOpportunity Lives Here
Opportunity Lives Here Southern Virginia Higher Education Center Policy Policy # 4107 Policy Title: INFORMATION TECHNOLOGY (IT) PHYSICAL ACCESS CONTROL POLICY Responsible Oversight Director: Chief Finance
More informationRed Flags Program. Purpose
Red Flags Program Purpose The purpose of this Red Flags Rules Program is to document the protocol adopted by the University of Memphis in compliance with the Red Flags Rules. Many offices at the University
More information1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010
Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes
More informationISO/IEC Information technology Security techniques Code of practice for information security controls
INTERNATIONAL STANDARD ISO/IEC 27002 Second edition 2013-10-01 Information technology Security techniques Code of practice for information security controls Technologies de l information Techniques de
More informationBS7799: from initial review to certification. Ing. Leonardo García Rojas CISSP, CISM
BS7799: from initial review to certification Ing. Leonardo García Rojas CISSP, CISM 1 What is Data, Information and Information Security? 2 Information is an asset which, like other important business
More informationCyber Security Policy. September12, 2009
Cyber Security Policy September12, 2009 Table of Contents Preface...4 Purpose...4 Scope...4 Policy...5 Organizational and Functional Responsibilities...5 Information Policy...6 Individual Accountability...6
More informationCorporate Policy. Revision Change Date Originator Description Rev Erick Edstrom Initial
Corporate Policy Information Systems Acceptable Use Document No: ISY-090-10 Effective Date: 2014-06-10 Page 1 of 5 Rev. No: 0 Issuing Policy: Information Systems Department Policy Originator: Erick Edstrom
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Code of practice for information security management
INTERNATIONAL STANDARD ISO/IEC 17799 First edition 2000-12-01 Information technology Code of practice for information security management Technologies de l'information Code de pratique pour la gestion
More information