The purpose of this statement of policy is to establish incident response protocols, disaster response protocols and methods for maintaining information assurance. This will outline procedures that are in accordance with legal and organizational regulation requirements and policies that will address any issues regarding information stored within the organization.
Incident Response Protocols
Unauthorized Facility Access:
If there is an unauthorized attempt to access the facility where the data files are kept the MPs will be notified immediately.
All personnel will report to one central location for accountability of staff and access cards and keys.
All computers and files will be checked for any missing or copied data. …show more content…
Fire department will be notified immediately.
The IT Officer will notify the IT office to do a quick back up of the facilities data servers in case of total loss.
All data equipment and files will be checked after fire is put out to determine loss.
Sprinkler Activation
The company IT Officer on duty or on call will be notified upon activation.
Once the source of activation is identified or eliminated. We will shut off the system and conduct a thorough analysis of all data systems and files.
The IT Officer will notify the IT office to do a quick back up of the facilities data servers in case of total loss.
Justification of Disaster Response Protocols
These protocols are emplaced to ensure that even in a disaster data is safe and recoverable. If there is a need to replace the network equipment the data has been secured at an offsite location for data restore. The company IT Officer is the point man to ensure the IT office is aware of the situation and take steps outlined in documented procedures.
Access Control Protocols
IT Office
Personnel in the IT Office has Super User permissions to log into any system on the network.
They require for …show more content…
The review of policies and procedures are to ensure that they are up to date with the latest assurance plan. The policies and procedures are what governs how data is handled.
Security training briefs are administered to new comers and old employees. The briefs are to educate the users on how to handle the information they come across on a daily basis. The quarterly is just to ensure the user is still aware of the current information assurance plan and update them on any changes.
Testing security implementations like logins and password, and permission schedules and tables ensures that all security measures are working as configured.
Ensuring old logins are removed from the system ensure not only system integrity but information integrity as well. Old logins can be used if found to access the network and any information stored.
Logins and passwords are like house keys. Give the wrong person the right keys and they can walk up in your house with no issue. The logins have to have the correct permissions to access information because if you give someone too high of a permission they may access information that they were not supposed to