Server Security Policy
Defines standards for minimal security configuration for servers inside the organization's production network, or used in a production capacity.
Read the Article
|
Vulnerability Assessment Policy
The first step in securing anything is to first assess the risk. A Vulnerability Assessment is one aspect of an overall Risk Assessment that involves actively finding insecure systems. Do to this "actively finding" nature of Vulnerability Assessments, quite a bit of coordination, management support, and information gathering has to be completed. Where are you going to find this assistance? Policy of course.
Read the Article
|
Policy on Instant Messaging
IM software may be used for direct communications between individual team members. For example it may be used for working on particular tasks, to clarify issues when working on collaborative tasks and to support team working. IM may be particularly suited for short term tasks for which no archive is needed and other team members need not be involved - for example, arranging a meeting place.
Read the Article
|
Disposal of Computer Hard Drives Policy
Sanitization of hard drives is the process of removing sensitive information from storage media in a manner that gives assurance that the information cannot be recovered by keyboard or laboratory attack. Before the sanitization process begins, the computer should be disconnected from any external network to prevent accidental damage to the network operating system (OS) or other files on the network. In addition, when possible, users should audit the sanitizing process to ensure data is no longer retrievable. This means a knowledgeable person should witness the sanitization process and verify that the hard drive was sanitized.
Read the Article
|
Server Security Policy
Defines standards for minimal security configuration for servers inside the organization's production network, or used in a production capacity.
Read the Article
|
Acceptable Encryption Policy
The purpose of this policy is to provide guidance that limits the use of encryption to those algorithms that have received substantial public review and have been proven to work effectively. Additionally, this policy provides direction to ensure that Federal regulations are followed, and legal authority is granted for the dissemination and use of encryption technologies outside of the United States.
Read the Article
|
Enclave Boundary Defense Policy
This policy presents the required administrative and technical steps to ensure secure communication among network enclaves within the Company network. Two guiding themes in Company's use of firewalls are Defense in Depth (DiD) and the Principal of Least Access.
Read the Article
|
