Policy. London School of Economics & Political Science. Network Connection IMT. Jethro Perkins. Information Security Manager. Version 1.

Similar documents
Policy. LSE Password Policy. Jethro Perkins. Information Security Manager. Version 1.1. Date 15/10/15. Library reference ISM-PY-002

CONNECTING TO THE COLLEGE NETWORK. Connecting to the College Network

Policy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.

Policy. London School of Economics & Political Science. Patch Management. Jethro Perkins IMT. Information Security Manager.

Information Security Controls Policy

UCL Policy on Electronic Mail ( )

Network Security Policy

Cyber Security Program

RMU-IT-SEC-01 Acceptable Use Policy

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Data Protection Policy

Corporate Information Security Policy

University of Sunderland Business Assurance PCI Security Policy

Information Security Policy

Standard for Security of Information Technology Resources

The University of British Columbia Board of Governors

STUDENT ACCEPTABLE USE OF IT SYSTEMS POLICY

Checklist: Credit Union Information Security and Privacy Policies

The Common Controls Framework BY ADOBE

Information Technology Branch Organization of Cyber Security Technical Standard

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017

Information Services IT Security Policies L. Network Management

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY September 20, 2017

PURPOSE: To establish policies and procedures for the use of University-owned and -operated information technology resources.

BISHOP GROSSETESTE UNIVERSITY. Document Administration. This policy applies to staff, students, and relevant data subjects

Responsible Officer Approved by

INFORMATION TECHNOLOGY SECURITY POLICY

Data protection policy

Acceptable Usage Policy (Student)

ISSP Network Security Plan

Payment Card Industry - Data Security Standard (PCI-DSS) v3.2 Systems Security Standard

ACCEPTABLE USE ISO INFORMATION SECURITY POLICY. Author: Owner: Organisation: Document No: Version No: 1.0 Date: 10 th January 2010

Data protection. 3 April 2018

Access Control Policy

Enviro Technology Services Ltd Data Protection Policy

INFORMATION RESOURCE SECURITY CONFIGURATION AND MANAGEMENT

ISC10D026. Report Control Information

Grid Security Policy

SECURITY & PRIVACY DOCUMENTATION

Information backup - diagnostic review Abertawe Bro Morgannwg University Health Board. Issued: September 2013 Document reference: 495A2013

Application for connection to YJS CUG and Hub (v6.0)

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

ADIENT VENDOR SECURITY STANDARD

The purpose of this guidance is: To provide a comprehensive understanding to complying with the universities Acceptable Use Policy.

I. PURPOSE III. PROCEDURE

Acceptable Use Policy

TIA. Privacy Policy and Cookie Policy 5/25/18

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

PUPIL ICT ACCEPTABLE USE POLICY

April Appendix 3. IA System Security. Sida 1 (8)

NIC- Computer Emergency Response Team (CERT) Information Security Incident Management Policy

Subject: University Information Technology Resource Security Policy: OUTDATED

Juniper Vendor Security Requirements

NEN The Education Network

Oracle Data Cloud ( ODC ) Inbound Security Policies

PS Mailing Services Ltd Data Protection Policy May 2018

Information Security Incident Response Plan

INFORMATION ASSET MANAGEMENT POLICY

RAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures

EA-ISP-009 Use of Computers Policy

Lakeshore Technical College Official Policy

Information Security Incident Response Plan

General Data Protection Regulation

Institute of Technology, Sligo. Information Security Policy. Version 0.2

Q&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR )

Data Processing Agreement

UKIP needs to gather and use certain information about individuals.

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

Guest Wireless Policy

HPE DATA PRIVACY AND SECURITY

We reserve the right to modify this Privacy Policy at any time without prior notice.

Information Technology Procedure IT 3.4 IT Configuration Management

ISO27001 Preparing your business with Snare

St Bernard s Primary School Data Protection Policy

TELEPHONE AND MOBILE USE POLICY

PROCEDURE COMPREHENSIVE HEALTH SERVICES, INC

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

IT Service Level Agreement

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Cardiff University Security & Portering Services (SECTY) CCTV Code of Practice

Credit Card Data Compromise: Incident Response Plan

University of Liverpool

UWTSD Group Data Protection Policy

Level Access Information Security Policy

STUDENT ICT ACCEPTABLE USE POLICY

Information Security Policy

External Supplier Control Obligations. Cyber Security

I O S P R I V A C Y P O L I C Y

UWC International Data Protection Policy

INFORMATION SECURITY PRINCIPLES OF THE UNIVERSITY OF JYVÄSKYLÄ

Electronic Records Management System (ERMS)

Information Security Controls Policy

INNOVENT LEASING LIMITED. Privacy Notice

locuz.com SOC Services

POLICY 8200 NETWORK SECURITY

GDPR Draft: Data Access Control and Password Policy

A Homeopath Registered Homeopath

The General Data Protection Regulation

University of Liverpool

Transcription:

London School of Economics & Political Science IMT Policy Network Connection Jethro Perkins Information Security Manager Version 1.1 Date 18/03/2015 Library reference ISM-PY-126 For latest version and information about, see lse.ac.uk/policies and search by title.

Document control Distribution list Name Title Department Information Security Advisory Board Information Technology Committee External document references Title Version Date Author Information Security Policy 3.1 08/07/13 Jethro Perkins Version history Date Version Comments 22/01/15 0.1 Initial draft 26/01/15 0.2 Incorporating changes from Chris Roberts, Jia Fu and Ed Spick 26/01/15 09/03/15 18/03/15 0.3 1 1.1 Release to ISAB Comprising changes requested by ISAB Incorporating changes requested by ITC Review control Reviewer Section Comments Actions agreed ISAB ISAB 2 3.2 Give network team the responsibility of explicitly approving or rejecting any attempted change to the network distribution layer Update this section to reflect the fact that it will Changed as requested Changed as requested not only be IMT plugging devices into the network backbone, but IMT Network Team do need to provide their explicit permission ITC 3.6 Update sections 3.6 and 3.7 to provide better wording and remove legalese language Sections changed as requested Page 2 of 7

Table of contents 1 Introduction... 4 1.1 Purpose... 4 1.2 Scope... 4 2 Responsibilities... 5 3 Policy... 6 3.1 Network addresses... 6 3.2 Physical connections to LSE network... 6 3.3 Control of LSE network infrastructure and bandwidth... 6 3.4 Third Party Equipment... 6 3.5 Systems threatening the stability, integrity and stability of the network... 6 3.6 Failure to comply... 7 3.7 Penetration tests... 7 3.8 Incident Handling... 7 3.9 Review and Development... 7 Page 3 of 7

1 Introduction Most core activities at LSE rely heavily upon its IT network, including: teaching, research, administration, HR and Finance functions, building management, access control and CCTV. It is, as a consequence, essential that the stability, integrity and security of the network are safeguarded for use by all members of LSE s community. 1.1 Purpose This policy will assist in ensuring the availability of an effective, highly available network. It provides formal responsibilities for taking measures against devices that threaten the stability, integrity and security of LSE's network. It will facilitate the rapid tracking down and resolution of problems related to LSE network connected devices by Information Management and Technology. 1.2 Scope All devices connected to LSE s IT network Page 4 of 7

2 Responsibilities Director of Information Management and Technology Responsibility for authorising the investigation or disconnection of any system or device threatening the stability, integrity or security of the network. IMT Information Security Manager Operational responsibility as delegated by the Director of IMT for requesting the investigation or disconnection of any system or device threatening the stability, integrity or security of the network. IMT Information Security Team Organising penetration tests and vulnerability scanning. Receiving, assessing and acting upon (where appropriate) reports from Janet CSIRT,other incident response teams or law enforcement agencies. IMT Networks Disabling and re-enabling devices or equipment network access as appropriate. Blocking and unblocking inbound and outbound network traffic as appropriate. Throttling available network bandwidth to systems, services, applications, devices and network segments. Investigating as required any system or device as directed by the Information Security Manager, or as governed by any applicable procedures or other policies. Explicit approval of distribution layer connections performed by other individuals, teams or organisations. IMT Systems and IMT Support Teams Investigating as required any system or device as directed by the Information Security Manager or as governed by any applicable procedures or other policies. System and device owners Maintaining system integrity, updating Operating Systems and applications with security and other critical patches, ensuring appropriate access to systems using 'least privilege' and 'need to know' principles, reporting any issues to IMT. All LSE network users All users of the network must be aware that they are bound by the LSE Information Security Policy, the Conditions of Use of IT Facilities at LSE and the JANET Acceptable Use Policy. Page 5 of 7

3 Policy 3.1 Network addresses All network addresses, including IP addresses and DNS Names, will be allocated and administered by IMT. Any allocated IP addresses and DNS Names may be removed under the instruction of the Information Security Manager. 3.2 Physical connections to LSE network Physical connections to the LSE network edge switches or backbone may be made only by IMT or otherwise with the explicit permission of the IMT Network team. No extensions or modifications to the physical infrastructure of the LSE network, including wireless, may otherwise be made. This includes the addition of: network switches hubs wireless access points router devices cabling other than connecting a patch cable to a provided network wall socket. 3.3 Control of LSE network infrastructure and bandwidth All network infrastructure equipment or network wiring at LSE will be managed and controlled by IMT. IMT may, on behalf of the School, restrict excessive use of network bandwidth by any system or service. 3.4 Third Party Equipment Third parties may be permitted to connect devices to the Network to provide services to LSE and its users following due consultation with IMT in order to assess the consequences for the School s Network and its security. 3.5 Systems threatening the stability, integrity and security of the network In the event where LSE IMT has discovered or otherwise been informed that a system on the LSE network is threatening the stability, integrity or security of the network, or has otherwise been compromised, hacked, is sending out malicious traffic or is the source of SPAM or other issues that affect the stability, integrity or security of the LSE network, IMT has the right to: gain access to and inspect the configuration of devices or equipment take remedial actions as necessary remove from the network any devices or equipment that it believes could be the source of the problem, or otherwise block inbound and outbound traffic, as appropriate. disable as necessary any part of the network in order to remove the source of the problem Whilst every effort will be made to contact the system owner, Head of Department and/or other appropriate persons, this may not always be possible. All services will be reconnected at the first opportunity after the problem has been remediated. Page 6 of 7

3.6 Failure to comply In all cases, a failure to comply that threatens the stability, integrity or security of the network or has caused a breach of such will be dealt with by: 1. Stopping the damage 2. Stopping the risk 3. Remediating the cause 3.7 Penetration tests To proactively protect the security and operation of the network and the systems thereon, IMT may carry out both manual and automated systematic vulnerability scans and penetration tests on computer systems connected to the School network. Best efforts will be undertaken to minimize any disruption, and any unavoidable or unrecoverable damage will be investigated. 3.8 Incident Handling If a member of the School (staff or student) is aware of an information security incident then they must report it to the Information Management and Technology Service Desk at IT.Servicedesk@lse.ac.uk or telephone 020 7107 5000. If necessary, members of the School can also use LSE s Whistle Blowing (Public Interest Disclosure) policy (see http://www2.lse.ac.uk/intranet/staff/brightideas/haveyoursay/whistleblowing/home.aspx.) 3.9 Review and Development This policy, and any subsidiaries, shall be reviewed by the Information Security Advisory Board (ISAB) and updated regularly to ensure that they remain appropriate in the light of any relevant changes to the law, organisational policies or contractual obligations. Additional regulations may be created to cover specific areas. ISAB comprises representatives from all relevant parts of the organisation. It shall oversee the creation of information security and subsidiary policies. The Information Security Manager will determine the appropriate levels of security measures applied to all new information systems Page 7 of 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback