Digital Computing Asset Management

Similar documents
Information Security Policy

Guidelines for Use of IT Devices On Government Network

Ulster University Standard Cover Sheet

Data Handling Security Policy

STUDENT ACCEPTABLE USE OF IT SYSTEMS POLICY

Controls Electronic messaging Information involved in electronic messaging shall be appropriately protected.

Information Technology Standards

POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents

Name of Policy: Computer Use Policy

AUTHORITY FOR ELECTRICITY REGULATION

<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy

SECURITY POLICY FOR USER. 1.Purpose: The policy aims at providing secure and acceptable use of client systems.

Information Security Policy for Associates and Contractors

E-Security policy. Ormiston Academies Trust. James Miller OAT DPO. Approved by Exec, July Release date July Next release date July 2019

Enviro Technology Services Ltd Data Protection Policy

PCA Staff guide: Information Security Code of Practice (ISCoP)

Sample Security Risk Analysis ASP Meaningful Use Core Set Measure 15

Security Standards for Electric Market Participants

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Data protection policy

A practical guide to IT security

REPORTING INFORMATION SECURITY INCIDENTS

Physical and Environmental Security Standards

BHIG - Mobile Devices Policy Version 1.0

PUPIL ICT ACCEPTABLE USE POLICY

GM Information Security Controls

INFORMATION SECURITY POLICY

Identity Theft Prevention Policy

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

ISO27001 Preparing your business with Snare

SECURITY & PRIVACY DOCUMENTATION

Data Protection Policy

Date Approved: Board of Directors on 7 July 2016

Company Policy Documents. Information Security Incident Management Policy

Data Security Policy for Research Projects

ACCEPTABLE USE ISO INFORMATION SECURITY POLICY. Author: Owner: Organisation: Document No: Version No: 1.0 Date: 10 th January 2010

Mobile Working Policy

Employee Security Awareness Training

Checklist: Credit Union Information Security and Privacy Policies

Cyber security tips and self-assessment for business

Date of Next Review: May Cross References: Electronic Communication Systems- Acceptable Use policy (A.29) Highway Traffic Act

DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018

Data protection. 3 April 2018

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Lawrenceburg Community Schools Technology Laptop USE AGREEMENT

a. UTRGV owned, leased or managed computers that fall within the regular UTRGV Computer Security Standard

Standard for Security of Information Technology Resources

How to Build a Culture of Security

NEN The Education Network

IT Remote Working Policy

STUDENT ICT ACCEPTABLE USE POLICY

UKIP needs to gather and use certain information about individuals.

Institute of Technology, Sligo. Information Security Policy. Version 0.2

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Department of Public Health O F S A N F R A N C I S C O

UTAH VALLEY UNIVERSITY Policies and Procedures

Acceptable Use Policy

GUIDANCE ON ELECTRONIC VOTING SYSTEM PREPARATION AND SECURITY

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

Department of Public Health O F S A N F R A N C I S C O

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017

Apex Information Security Policy

Acceptable Use Policy (AUP)

Employee Security Awareness Training Program

IMPLEMENTATION POLICY AND PROCEDURES FOR SECURING NETWORKED DEVICES

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

The essential guide to creating a School Bring Your Own Device Policy. (BYOD)

Donor Credit Card Security Policy

7.16 INFORMATION TECHNOLOGY SECURITY

St Edmund Arrowsmith Catholic Centre for Learning

Information Security Policy

Security Architecture

Digital Safety and Digital Citizenship

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

NEOMED OPERATIONAL POLICY

PS 176 Removable Media Policy

Information Security Controls Policy

Start the Security Walkthrough

Total Security Management PCI DSS Compliance Guide

Cross Country Healthcare, Inc.

Information Security Policy

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY September 20, 2017

Technologies 1ºESO. Unit 2. Hardware and software. Name Nº Class. After having explained page 26 of your book:

University of Liverpool

Cyber Security Program

ISSP Network Security Plan

Terms and Conditions 01 January 2016

Information Security Data Classification Procedure

Information Security Controls Policy

MIS5206-Section Protecting Information Assets-Exam 1

01.0 Policy Responsibilities and Oversight

Acceptable Use Policy

1) Are employees required to sign an Acceptable Use Policy (AUP)?

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Data Protection Policy

Network Security Policy

Transcription:

Document title: Digital Computing Asset Management Approval date: Purpose of document: This document is to keep the AUC community aware of the existence of security requirements to protect the digital computing assets of the university. Office/department responsible: Office of IT Approved by: Nagwa Nicola, Chief Technology Officer Document classification level: PUBLIC Document accessible: [ [https://www.aucegypt.edu/about/university-policies]] Related documents/see also: [ AUC Data Governance Policy, Information Security Policy, Electronic Mail Email Policy, Acceptable Use Policy, Peer to Peer Sharing Policy] Policy Statement Digital Computing Asset Management AUC digital computing assets must be protected by all means and listed by a rigid inventory. No violations of use are accepted. AUC has the right to protect its assets and ensure its compliance. Reason for Policy/Purpose The purpose of this digital computing asset security policy is to enable AUC to ensure community are fully aware of the requisite security needed to protect a digital computing asset, be it in a secure office environment or any other location and describe the controls necessary to minimize information security risks affecting AUC digital computing assets. Who Approved This Policy Nagwa Nicola, Chief Technology Officer Wessam Maher, Principal Campus Information Security Officer Who Needs to Know This Policy Entire AUC community Digital Computing Asset Management Policy Page 1 of 5

Web Address for this Policy https://www.aucegypt.edu/about/university-policies Contacts Responsible University Official: Wessam Maher Responsible University Office: Information Security Office If you have any questions on the policy, you may send an e-mail to infosec@aucegypt.edu Definitions Term (alphabetical order) Digital computing assets Malware Definition as it relates to this policy AUC supplied/provisioned electronic device like computer, laptop, tablet, phone.etc. Malicious or unwanted computer program that can steal data and or harm the data/device Policy/Procedures 1. Users who use an AUC digital computing asset are primarily responsible for its safekeeping and for the security of any information it contains. Users must protect AUC digital computing asset to minimize the possibility of loss or theft, unauthorized use, or tampering. 2. Users must follow all IT and Information Security rules, guidelines, limitations concerning the protection of AUC digital computing asset and its content. 3. IT and Information Security have the right monitor the use of digital computing asset for purposes of security, compliance and administration purposes. 4. IT and Information Security have the right to limit and control the scope of use of the digital computing assets to serve AUC objectives efficiently and effectively. 5. IT and Information Security have the right to install and enforce software packages and features changes for enabling/disabling features, limiting administrator privileges, measuring performance and applying security controls. Users doesn t have the right to disable, control or limit these actions. A documented approval and risk acceptance must be signed for any exception. 6. IT and Information Security must approve and validate all purchasing requests for digital computing assets to ensure its adequacy from operational and security perspective. 7. All data output, analysis outcome, application developed, research results etc. that are resulted and realized through the use of AUC digital computing asset are considered owned by AUC unless an formal exception is granted by AUC senior management. 8. AUC digital computing assets should only be used for AUC approved business needs only 9. Cryptocurrency mining using AUC digital computing assets is forbidden. 10. Digital computing assets should be compliant to copyright laws, telecommunication laws and all applicable laws 11. Whenever required by law, AUC will provide relevant information and access to digital computing assets to law enforcement entities Digital Computing Asset Management Policy Page 2 of 5

12. AUC has the right to access, collect and confiscate any digital computing asset for investigation, digital forensic, or compliance needs. Access rules and procedures are handled by Information Security, Legal and Physical Security offices. 13. AUC has the right to analyze the outgoing and incoming traffic to any digital computing asset connected to its network for performance management, problem solving, information security and compliance needs Inventory A digital computing asset inventory must be in place that include all relevant digital data like MAC address, operating system type and version, device vendor, model name and number, list of software installed name and version.etc. This inventory is essential for operational support, upgrade plans as well as information security controls enforcement and risk assessment. Inventory of newly added assets and retiring assets should be performed adequately. Live inventory/monitoring tools and agents can be used to identify the device status when applicable. Ownership Ownership of digital computing assets must be documented and adequately updated at all times. Digital computing assets must be delegated to a custodian/person at all times. Assets Return Digital computing assets should be returned to AUC as the ultimate owner whenever the asset is not in use, outdated, the owner has ended his/her relation with AUC. University Servers and Associated Applications 1. Ownership of AUC servers and its associated applications must be clarified and documented at all times in a detailed inventory. 2. An application admin and a system admin should be identified for every AUC server and digital service 3. Application and system admins are data custodians, data owners have the ultimate hand on access granting and revoking. 4. Application admin is the responsible person for operating and maintaining the application to meet the business objectives. 5. System admin is the responsible person for operating and maintaining the operating system and any server backend services/packages that are essential for the application to run. 6. New AUC servers/services/applications must have the following prerequisites before going live: - a. Documented high and low level architecture b. Data flow chart c. Documented risk assessment and business impact analysis Acceptable Use of digital computing assets 1. Ensure that you log out and clear your data and credentials when you use any public access computer, like lab/library PCs 2. The physical security of AUC digital computing asset is your responsibility, so take all reasonable precautions. Be sensible and stay alert to risks. 3. Keep AUC digital computing asset that is in your custody in your possession and within sight whenever possible. Be careful in public places such as airports, railway stations, or restaurants. Digital Computing Asset Management Policy Page 3 of 5

4. If you have to leave the digital computing asset temporarily unattended in the office, meeting room, or hotel room, even for a short while, use a digital computing asset security cable or similar device to attach it firmly to a desk or similar heavy furniture whenever applicable or put it in a safe if applicable. 5. Lock the digital computing asset away out of sight when you are not using it, preferably in a strong cupboard, filing cabinet, or safe. This applies at home, in the office, or in a hotel. Never leave a digital computing asset visibly unattended in a vehicle. 6. Carry and store the digital computing asset in a padded bag or strong briefcase to reduce the chance of accidental damage. 7. Keep a note of the make, model, serial number and AUC asset label of your digital computing asset, but do not keep this information with the digital computing asset. If it is lost or stolen, notify AUC Physical Security, the police and inform the IT help/service desk immediately. 8. Outside office hours, digital computing assets that are left in office must be properly closed and secured in a suitable locked cabinet within their place of work whenever applicable. 9. You must use approved encryption software on all AUC digital computing assets whenever applicable, choose a long, strong encryption password/phrase and keep it secure. Contact the IT help/service desk for further information on digital computing asset encryption. If your digital computing asset is lost or stolen, encryption provides extremely strong protection against unauthorized access to the data. 10. You are personally accountable for all network and systems access under your user ID, so keep your password absolutely secret. Never share it with anyone, not even members of your family, friends, or IT staff. 11. University digital computing assets are provided for official use by authorized persons. Do not loan your digital computing asset or allow it to be used by others such as family and friends. 12. Don t store personal data on AUC assets, accidental access and storage can be acceptable. 13. Avoid leaving your digital computing asset unattended and logged-on. Always shut down, log off, or activate a password-protected screensaver before walking away from the machine. 14. Malwares are a major threat to AUC and digital computing assets are particularly vulnerable if their anti-virus/anti-malware software is not kept up to date. The antivirus software MUST be updated at least weekly. 15. E-mail attachments are now the number one source of computer viruses. Avoid opening any e-mail attachment unless you were expecting to receive it from that person. 16. Always virus-scan any files downloaded to your digital computing asset from any source (CD/DVD, USB hard disks and memory sticks, network files, e-mail attachments or files from the Internet). Virus scans normally happen automatically, but the IT help/service desk can tell you how to initiate manual scans if you wish to be certain. 17. Report any security incidents (such as virus infections) promptly to the IT help/service desk to reduce the damage. 18. Respond immediately to any virus warning message on your computer or if you suspect a virus (by unusual file activity) by contacting the IT help desk. Do not forward any files or upload data onto the network if you suspect your PC might be infected. Digital Computing Asset Management Policy Page 4 of 5

19. Do not download, install, or use unauthorized software programs. Unauthorized software could introduce serious security vulnerabilities into AUC networks as well as affect the working condition of your digital computing asset. 20. Software packages that permit the computer to be remote controlled (e.g., Team viewer, PC anywhere...etc.) and hacking tools (network sniffers and password crackers etc) are explicitly forbidden on AUC equipment unless they have been explicitly preauthorized by information security office for legitimate business purposes. 21. Be careful about software licenses. Most software, unless it is specifically identified as freeware or public domain software, may only be installed and/or used if the appropriate license fee has been paid. 22. Shareware or trial packages must be deleted or licensed by the end of the permitted free trial period. 23. You must ensure that you manage to run regular backups of data on your digital computing asset. 24. You need to ensure that backups are encrypted and physically secured. 25. AUC will not tolerate inappropriate materials such as pornographic, racist, defamatory, or harassing files, pictures, videos or e-mail messages that might cause offense or embarrassment. Never store, use, copy, or circulate such material on any digital computing asset and steer clear of dubious websites. 26. If you receive inappropriate material by e-mail or other means, report it to IT help desk or delete it immediately 27. Portable digital computing assets normally have smaller keyboards, displays, and pointing devices that are less comfortable to use than desktop systems, increasing the chance of repetitive strain injury. Wherever possible, place the digital computing asset on a conventional desk or table and sit comfortably in an appropriate chair to use it. 28. If you tend to use the digital computing asset in an office most of the time, you are advised to use a docking station with a full-sized keyboard, a normal mouse, and a display permanently mounted at the correct height. Related Information AUC Data Governance Policy Information Security Policy Electronic Mail Email Policy Acceptable Use Policy Peer to Peer Sharing Policy https://www.aucegypt.edu/about/university-policies History/Revision Dates Origination Date: January, 2016 Last Amended Date: February, 2018 Next Review Date: October, 2019 Digital Computing Asset Management Policy Page 5 of 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback