Presentation is loading. Please wait.

Presentation is loading. Please wait.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology."— Presentation transcript:

1 ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology Services office

2 ITS Offsite Workshop 2002 PolyU Systems Security Policy Importance of IT Security Recommendation from auditors PolyU Systems Security Policy by ITS Endorsement of the Policy by ITSC Policy and Guidelines on Web

3

4 ITS Offsite Workshop 2002 PolyU Systems Security Policy Physical Security Campus Network and Internet Security Operating System Security Application System Security Personal Computer Security Backup and Recovery

5 ITS Offsite Workshop 2002 Physical Security Equipment housed in safe environment Access control to computer room Equipment installed in open areas should be attended or fixed

6 ITS Offsite Workshop 2002 Physical Security (Cont’d) Proper electrical power protection should be employed, e.g. surge protector, UPS Food, liquid or powdery substances should be keep away from equipment University’s health and safety requirements should be observed

7 ITS Offsite Workshop 2002 Campus Network and Internet Security Security procedures against intrusion should be implemented and maintained Network management and security monitoring should be performed Security control mechanisms should be documented

8 ITS Offsite Workshop 2002 Campus Network and Internet Security (Cont’d) Proper protection mechanisms should be implemented Non PolyU equipment and external links should not be connected to campus network HARNET Acceptable Use Policy should be observed (URL: http://www.jucc.edu.hk/jucc/haup.htm)

9 ITS Offsite Workshop 2002 Operating Systems Security Update list of system administrators Scanning programs to detect security bugs Latest system and security patches should be adopted All accounts should be protected by ‘good’ password and changed regularly

10 ITS Offsite Workshop 2002 Operating Systems Security (Cont’d) Passwords should not be disclosed to others Passwords should not be stored or transmitted in plain text form Users should report security violation to system administrator Accounting, auditing and logging facilities should be adopted for audit trails

11 ITS Offsite Workshop 2002 Application Systems Security System owner must determine security level required for various kinds of data Only authorised users are allowed to access system and data Production data or files must only be used on production systems

12 ITS Offsite Workshop 2002 Application Systems Security (Cont’d) Confidential data should be protected by passwords Passwords should not be written down or shared with others, standards on password length, format and frequency of change should be enforced Effective data encryption techniques should be used for storing highly confidential information

13 ITS Offsite Workshop 2002 Application Systems Security (Cont’d) Changes to production programs should be authorised, controlled and recorded, timestamps, logs and audit trails must be employed Software developers must not access production data without prior approval of system owners

14 ITS Offsite Workshop 2002 Personal Computer Security Access to standalone and networked personal computer equipment and resources should be restricted to authorised users only Data and programs should be backed up regularly

15 ITS Offsite Workshop 2002 Personal Computer Security (Cont’d) Preventive and detective measures should be enforced to minimise damages caused by computer viruses Only licensed software should be used Security problems should be reported to system administrators promptly

16 ITS Offsite Workshop 2002 Backup and Recovery System owners must determine their backup requirements Backup and restoration should be performed by authorised personnel only Backed up should be performed periodically on a transportable media and stored appropriately (onsite or offsite)

17 ITS Offsite Workshop 2002 Backup and Recovery (Cont’d) Backup and restoration procedures should be test and review regularly Disaster Recovery Plan for mission critical systems should be in place and periodical drilling is required

18 ITS Offsite Workshop 2002 IT Security Guidelines Physical Security Campus Network and Internet Security Firewall Security Remote Access Security Proxy Server Security Personal Computer Security

19 ITS Offsite Workshop 2002 IT Security Guidelines (Cont’d) UNIX System Security Web Server Security Novell NetWare and GroupWise Systems Security Student Computing Cluster Security E-mail System Security PolyU Administrative Computer Systems Security

20 ITS Offsite Workshop 2002 Recommendations of Auditor Establish the Internet/Intranet Security Policy with the following contents: What services are allowed User access and privileges Policies for managing web pages Procedures for ensuring no alternate access paths to Internet University’s response to security violation User signing internet usage agreement

21 ITS Offsite Workshop 2002 Recommendations of Auditor (Cont’d) Establish the Internet/Intranet Security Policy with the following contents (cont’d): Enforcing password requirements Management of increased network traffic resulting from Internet use Hardware, software and client applications Client configuration Frequency of security audit Independent internet assessment

22 ITS Offsite Workshop 2002 Recommendations of Auditor (Cont’d) Establish Security Procedures for: Granting of users’ access rights Monitoring of users with administrative rights on IS Guidelines on data encryption Computer security policy training and distribution

23 ITS Offsite Workshop 2002 Recommendations of Auditor (Cont’d) Establish Security Procedures for: Virus protection policy Promote proper usage of internet Sharing of user accounts User accounts housekeeping Utilizing networking scanning tools E-mail virus protection

24 ITS Offsite Workshop 2002 Recommendations of Auditor (Cont’d) Establish Security Procedures for: Door-entry control system Automatic directory listing Banners Vulnerable services World-writeable files System logging

25 ITS Offsite Workshop 2002 Some Security Tips Always apply security patch on OS and service Remove unnecessary services Review and change default settings Implement a personal firewall Apply encryption on sensitive data Enable auditing & review log

26 ITS Offsite Workshop 2002 Thank you!

Download ppt "ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology."

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Information Security Policies and Standards

Information Security Policies and Standards
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
Network security policy: best practices

Network security policy: best practices
Security Guidelines and Management

Security Guidelines and Management
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.

University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Protecting ICT Systems

Protecting ICT Systems
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Similar presentations

Ads by Google