I accept my obligations and the set of 21 SST Century technological challenges for which I have been hired to undertake. The greatest benefit as the architect of Geld’s security policies is my responsibility to provide leadership, respect and knowledge to best of my ability in creating the policies that will protect Global Distribution Inc. Implementing cutting edge polices. Current Network Configuration As Global Distribution Inc. Continues to grow, GUI must pay close attention to ensure that the assets it acquires are properly secured at every level.
At an information technology perspective the assets of interest include the 81 remote facilities or warehouses that each connect over a WAN or Wide Area Network to the central data processing acclivities. Each remote facility is equipped with its own network (infrastructure) including a central switch, a workup server, workstations and a frame relay connection to the central data processing area through a simple ISIS/DISC device connection. The central data processing area houses the IBM 390 application mainframe units and the utility micro servers upon which the entire business is reliant upon.
The central data processing facility also provides those that work within that facility with wireless networking access through 802. 11(g) access points. The entire company accesses the Internet through a proxy server and public network router that resides at the central data processing facility as the only barrier between the whole company and the World Wide Web. The company’s Internet facing FTP/ESMTP bridgehead server is installed at the central data processing location to provide napped EDI file transfer seen/ice for all customers and suppliers.
The EDI files that housed on the FTP/ESMTP bridgehead file server are just one of many valuable digital information assets used and stored by the company. Information traveling to and from the central data processing facility is also a chital asset as are the emails housed on the FTP/ESMTP bridgehead server. In addition, the IBM 390 and Utility Micro Servers also store information on products, customers, business processes, suppliers, marketing, sales and finance that are critical to the stability of the company.
If these assets were damaged, lost or stolen, the consequences would be biblically embarrassing for the company and its officers and quite possibly devastating, in some cases even beyond the point of recovery due to loss of credibility with clients and suppliers. The assets described above would prove extremely valuable to interiors if in their possession or if they were lost, causing severe harm to Global Distribution Inc. At a time when GUI is growing rapidly, it is extremely important to ensure that the company’s most valuable information assets are secure from corporate espionage as well as malicious cyber attackers on the Internet.
The company perform the necessary tasks to ensure that information availability, confidentiality and integrity are properly protected. 12 Policies Web Server Security Policy Establish standards for the base configuration of internal server equipment owned and operated by Global Distribution Incorporated. This policy applies to server equipment owned and/or operated by GUI, and to servers registered under any GUI owned internal network domain. While providing effective implementation Of this policy will lessen unauthorized access to GUI proprietary information and technology.
The guidelines are general configuration guidelines, monitoring, compliance and enforcement. Information Classification Security Policy Assists employees in determining the relative sensitivity of information used by GUI and how this information should be treated and disclosed to other GUI employees and other parties. The information is stored or shared by any means and marked in alignment with this policy. This includes electronic information, information shared, information on paper, visually or verbally (video conferencing telephone and whiteboards.
Acceptable Use Policy Outline the acceptable use of computer equipment at Global Distribution Incorporated. This policy rules are to protect the user most importantly the GUI Company. The risks that is considered inappropriate that potentially exposes GUI to virus attacks, legal issues and compromise of network systems and services and legal issues. In order to execute this policy towards it’s fullest potential effective security is a team effort that involves the participation and support of every user and affiliate who has access to information and or information systems.
It is the computer’s user responsibility to know these guidelines and to conduct their events accordingly. Minimum Access policy This policy is to ensure the security of the entire Global Distribution Incorporated including network and the data that resides within it. This policy identifies the standards on the physical network in public and Access Card areas for wired and wireless network ports and their connections throughout al owned and operated Global Distribution Incorporated facilities connected to the Global Distribution Incorporated network.
This policy defines port access standards for all wireless and wired network data ports within any Global Distribution Inc. Owned or operated facility. These standards will minimize the potential exposure to risk of the loss of (or damage to) sensitive or to the company confidential data, intellectual property and company image, which might result from the unauthorized use of Global Distribution Inc. Resources. Includes public access all areas such as Internal rooms, office arrogations, lobbies, cafeterias, customer service areas, desktop standards, guest access and wired ; non wired ports.
Physical Security Establishes rules for the proper use of handheld devices incorporate environments in order to protect the confidentiality of sensitive data, the integrity of data and applications and the availability of services at Global Distribution Incorporated, while protecting both handheld devices and their users, as well as corporate assets (confidentiality and integrity) and continuity of the business. Policy includes hand held devices, pocket PC’s, smartness. Extranet Policy-
Describes the policy under which 3rd party organizations connect to Global Distribution Inc. Networks for the purpose of transacting all businesses relative to Global Distribution Inc. This specific policy entails a security review, business case, third party connection agreement, 4 point of contact, modifying or changing connectivity & access, terminating access, establishing connectivity and terminating access. Wireless policy The focus of this specific policy is to protect and secure information assets owned by Global Distribution Inc.
GUI grants access to these resources as a privilege and is imperative to manage accordingly to maintain the integrity, confidentiality, and availability of all information assets. There are conditions that wireless infrastructure devices must satisfy to connect to the GUI network. The wireless infrastructure devices that meet the GUI standards specified in this policy will be allowed access by the Information Security Department and are approved for connectivity to a GUI network. This policy includes and not limited to desktops.
Laptops, cellular phones and personal digital assistants. This includes any form of wireless communication device that is capable of transmitting packet data. Email Security policy This policy is to protect the public image of Global Distribution Inc. Any email that is transmitted out from GUI will generally viewed as a an official policy statement. The GUI email system shall not be used at any time for the creation Or distribution of any disruptive or Offensive messages that includes language that is considered offensive by either the forwarding or receiving parties.
Any emails that violate these terms set forth by GUI should be reported immediately to their supervisor. Remote Access This policy is to define Global Distribution Inc. Standards for connecting to Geld’s network from any host. Any GUI or personally owned computer used to connect to GUI network such as employees, vendors, contractors and agents must adhere to this policy. Any policy used to do work on behalf of GUI that includes reading, or sending email and viewing intranet web sources. Risk Assessment Policy Risk assessments can be conducted on any entity within Global Distribution Inc. R any outside entity that has signed a Third Party Agreement with Global Distribution Inc. Specific requirements will entail performing periodic information security risk assessments for the purpose of determining areas of vulnerability, and to initiate appropriate remediation. Infuses and the department are accountable for the systems area being assessed. Employees are expected to cooperate fully with any risk assessment being conducted on a system for which they are held responsible.
Employees are further expected to work with the Infuses Risk Assessment Team in the development of all remediation plans. Network Security policy Requires minimal security configuration for all network routers and switches connecting to a active network or used in a production capacity at or on behalf of Global Distribution Inc. All routers and switches connected to GUI production networks are accessed. Routers and switches internal ‘secured labs are not accessed. Network routers and switches within DMZ areas will fall under the web DMZ Equipment Policy.
All network routers must meet the following configuration standards; no local accounts are configured on the network router: password must be kept secure and encrypted form: these must be disabled / IP directed broadcasts TCP small services CODE small services All source routing All web services running on router Auto-configuration: *also disabled except business / Cisco discovery protocol and other discovery protocols Dynamic trucking Scripting environments, such as the TCL shell: the following must be configured/ Password-encryption NTP configured to a corporate standard source: Must use corporate standardized SNAP community strings.
Default strings, public or private must be removed. SNAP must be configured to use the most secure version Of the protocol allowed for by the combination of the device and management systems. Access control lists must be used to limit the source and type of traffic that can terminate on the device itself. Access control lists for transiting the device are to be added as any business needs arise. The network router must be included in the corporate enterprise management system with a designated point of contact.
All network routers must have the following statement presented for any forms of login whether remote or local. All persons must have explicit permission to access or configure this device. All activities performed on this device may be logged, and violations of this policy may result in disciplinary action, and may be reported to law enforcement. There is no right to privacy on this device. Use of this system will constitute consent to monitoring. Telnet can never be used across any network router to manage a router, unless there is a secure unwell protecting the entire communication path accessed.