Design a network security policy for a small organization (D2)
ADA IT Services – Security Policy
User-group: Executive Directors, Corporation – Audit Committee, Auditors, Managers, I.T. Services
Staff, Personnel, Staff Development, Registry.
Category: Information Technology
Last Modified: May 2017
Review Date: November 2018
Approved By: Executive
Author: Insert your name here, ADA Services Manager
Contact Person: Insert your name here, ADA Services Manager
Person Responsible: Imran Khan, Director of Corporate Services: Directorate
ADA Goal Statement: “To ensure everyone everywhere knows what the security policy is
when it comes to information technology and achieve their potential through this.”
Policy Title: Security Policy for IT
Author: Insert your name here
Updated May 2017
Due for Review November 2018
,EXECUTIVE SUMMARY: Our security policy for information technology explains the ways of
security when it comes to information technology. Both physically and virtually. Our information
about security is basically an index for security when it comes to information technology.
Policy Title: Security Policy for IT
Author: Insert your name here
Updated May 2017
Due for Review November 2018
,ADA SECURITY POLICY
Contents
1 Physical Security.................................................................................................................................5
1.1 CCTV................................................................................................................................................5
1.2 Good locks.......................................................................................................................................5
1.3 Bio metrics.......................................................................................................................................5
1.4 Security guards................................................................................................................................6
1.5 Fire extinguishers & sprinkler system..............................................................................................6
1.6 Flooding...........................................................................................................................................6
1.7 Bars on vulnerable parts of a building.............................................................................................6
1.8 Intrusion detection system .............................................................................................................6
1.9 Staff and visitor identification..........................................................................................................6
1.10 Access control (sign in/out) systems..............................................................................................6
1.11 Port Locking (USB).........................................................................................................................7
1.12 Cable shielding...............................................................................................................................7
2 Network security................................................................................................................................7
2.1 Network Operations........................................................................................................................7
2.2 Encryption keys................................................................................................................................7
2.3 Call back...........................................................................................................................................8
2.4 Handshaking....................................................................................................................................8
2.5 Diskless workstation........................................................................................................................8
2.6 Use of backups.................................................................................................................................8
2.7 Audit logs.........................................................................................................................................8
2.8 Firewall............................................................................................................................................8
2.9 Virus checking software...................................................................................................................9
2.10 Virtual private network..................................................................................................................9
2.11 Intruder detection systems............................................................................................................9
2.12 Passwords......................................................................................................................................9
2.13 Levels of access to data................................................................................................................10
2.14 Software updating.......................................................................................................................10
3 Disaster recovery..............................................................................................................................10
3.1 Back-ups stick................................................................................................................................10
3.2 Restore Points................................................................................................................................11
3.3 Imaging..........................................................................................................................................11
Policy Title: Security Policy for IT
Author: Insert your name here
Updated May 2017
Due for Review November 2018
,4 Encryption.........................................................................................................................................11
4.1 Private Key.....................................................................................................................................11
4.2 RSA.................................................................................................................................................11
4.3 Public key.......................................................................................................................................12
4.4 Triple Bolt Lock..............................................................................................................................12
4.5 Double Bolt Lock............................................................................................................................12
4.6 Single Bolt Lock..............................................................................................................................12
5 Policy and guidelines for IT security issues.......................................................................................12
5.1 Disaster recovery policies..............................................................................................................12
5.2 Updating security procedures........................................................................................................13
5.3 Scheduling of security audits.........................................................................................................13
5.4 Codes of conduct...........................................................................................................................13
5.5 Surveillance policies.......................................................................................................................13
5.6 Risk Management..........................................................................................................................14
5.7 Budget setting................................................................................................................................14
6 Employment contracts which can affect security.............................................................................14
6.1 Hiring policy...................................................................................................................................14
6.2 Separation of obligations...............................................................................................................15
6.3 Ensuring compliance involving disciplinary procedures.................................................................15
6.4 Training and communication with staff as their responsibilities....................................................16
6.5 How we can use staff employment contracts and company codes of conduct to help keep our
systems secure....................................................................................................................................16
7 laws related to security and privacy of data.....................................................................................17
7.1 Data Protection Act (1998)............................................................................................................17
7.2 Computer Misuse Act (1990).........................................................................................................17
7.3 Freedom of Information Act (2000)...............................................................................................17
7.4 Copyright Legislation (1998)..........................................................................................................18
Policy Title: Security Policy for IT
Author: Insert your name here
Updated May 2017
Due for Review November 2018
, 1 Physical Security
1.1 CCTV
CCTV which stands for closed-circuit television can be installed in good hiding positions to
put off any hackers or thieves and prevent them from doing anything dodgy and will help
keep the systems secure.
1.2 Good locks
The lock and key security and good use of high quality locks on doors and entrances into any
organisations buildings. Locks can also have passkeys associated with them making them
even more secure then they usually are.
1.3 Bio metrics
Bio metric security is a security used to authenticate and give access to a facility or system
based retinal scanning, voice and fingerprint technology. Because bio metric security takes a
scan at someone bodily features or biological data, it is the strongest and most fool proof
physical security technique used for identity verification. Making it very good for keeping
systems secure.
Policy Title: Security Policy for IT
Author: Insert your name here
Updated May 2017
Due for Review November 2018
ADA IT Services – Security Policy
User-group: Executive Directors, Corporation – Audit Committee, Auditors, Managers, I.T. Services
Staff, Personnel, Staff Development, Registry.
Category: Information Technology
Last Modified: May 2017
Review Date: November 2018
Approved By: Executive
Author: Insert your name here, ADA Services Manager
Contact Person: Insert your name here, ADA Services Manager
Person Responsible: Imran Khan, Director of Corporate Services: Directorate
ADA Goal Statement: “To ensure everyone everywhere knows what the security policy is
when it comes to information technology and achieve their potential through this.”
Policy Title: Security Policy for IT
Author: Insert your name here
Updated May 2017
Due for Review November 2018
,EXECUTIVE SUMMARY: Our security policy for information technology explains the ways of
security when it comes to information technology. Both physically and virtually. Our information
about security is basically an index for security when it comes to information technology.
Policy Title: Security Policy for IT
Author: Insert your name here
Updated May 2017
Due for Review November 2018
,ADA SECURITY POLICY
Contents
1 Physical Security.................................................................................................................................5
1.1 CCTV................................................................................................................................................5
1.2 Good locks.......................................................................................................................................5
1.3 Bio metrics.......................................................................................................................................5
1.4 Security guards................................................................................................................................6
1.5 Fire extinguishers & sprinkler system..............................................................................................6
1.6 Flooding...........................................................................................................................................6
1.7 Bars on vulnerable parts of a building.............................................................................................6
1.8 Intrusion detection system .............................................................................................................6
1.9 Staff and visitor identification..........................................................................................................6
1.10 Access control (sign in/out) systems..............................................................................................6
1.11 Port Locking (USB).........................................................................................................................7
1.12 Cable shielding...............................................................................................................................7
2 Network security................................................................................................................................7
2.1 Network Operations........................................................................................................................7
2.2 Encryption keys................................................................................................................................7
2.3 Call back...........................................................................................................................................8
2.4 Handshaking....................................................................................................................................8
2.5 Diskless workstation........................................................................................................................8
2.6 Use of backups.................................................................................................................................8
2.7 Audit logs.........................................................................................................................................8
2.8 Firewall............................................................................................................................................8
2.9 Virus checking software...................................................................................................................9
2.10 Virtual private network..................................................................................................................9
2.11 Intruder detection systems............................................................................................................9
2.12 Passwords......................................................................................................................................9
2.13 Levels of access to data................................................................................................................10
2.14 Software updating.......................................................................................................................10
3 Disaster recovery..............................................................................................................................10
3.1 Back-ups stick................................................................................................................................10
3.2 Restore Points................................................................................................................................11
3.3 Imaging..........................................................................................................................................11
Policy Title: Security Policy for IT
Author: Insert your name here
Updated May 2017
Due for Review November 2018
,4 Encryption.........................................................................................................................................11
4.1 Private Key.....................................................................................................................................11
4.2 RSA.................................................................................................................................................11
4.3 Public key.......................................................................................................................................12
4.4 Triple Bolt Lock..............................................................................................................................12
4.5 Double Bolt Lock............................................................................................................................12
4.6 Single Bolt Lock..............................................................................................................................12
5 Policy and guidelines for IT security issues.......................................................................................12
5.1 Disaster recovery policies..............................................................................................................12
5.2 Updating security procedures........................................................................................................13
5.3 Scheduling of security audits.........................................................................................................13
5.4 Codes of conduct...........................................................................................................................13
5.5 Surveillance policies.......................................................................................................................13
5.6 Risk Management..........................................................................................................................14
5.7 Budget setting................................................................................................................................14
6 Employment contracts which can affect security.............................................................................14
6.1 Hiring policy...................................................................................................................................14
6.2 Separation of obligations...............................................................................................................15
6.3 Ensuring compliance involving disciplinary procedures.................................................................15
6.4 Training and communication with staff as their responsibilities....................................................16
6.5 How we can use staff employment contracts and company codes of conduct to help keep our
systems secure....................................................................................................................................16
7 laws related to security and privacy of data.....................................................................................17
7.1 Data Protection Act (1998)............................................................................................................17
7.2 Computer Misuse Act (1990).........................................................................................................17
7.3 Freedom of Information Act (2000)...............................................................................................17
7.4 Copyright Legislation (1998)..........................................................................................................18
Policy Title: Security Policy for IT
Author: Insert your name here
Updated May 2017
Due for Review November 2018
, 1 Physical Security
1.1 CCTV
CCTV which stands for closed-circuit television can be installed in good hiding positions to
put off any hackers or thieves and prevent them from doing anything dodgy and will help
keep the systems secure.
1.2 Good locks
The lock and key security and good use of high quality locks on doors and entrances into any
organisations buildings. Locks can also have passkeys associated with them making them
even more secure then they usually are.
1.3 Bio metrics
Bio metric security is a security used to authenticate and give access to a facility or system
based retinal scanning, voice and fingerprint technology. Because bio metric security takes a
scan at someone bodily features or biological data, it is the strongest and most fool proof
physical security technique used for identity verification. Making it very good for keeping
systems secure.
Policy Title: Security Policy for IT
Author: Insert your name here
Updated May 2017
Due for Review November 2018
