This IT Risk Standard details the requirements with respect to Network Security. It addresses requirements which must be incorporated into the Company network design, in order to mitigate risks associated with remote access and interconnected networks. This standard also addresses requirements associated with the ongoing monitoring, management, and review activity associated with maintaining network security once the network design has been realized. Due care must be taken to adhere to the requirements set forth in this document, as it aims to protect the reputation of Company and prevent the unauthorized disclosure of Internal and Confidential information. The term “risk assessment,” as used throughout this standard, refers collectively to the standardized IT Risk processes set forth and implemented within Company to analyze risk in order to facilitate risk decision making.
CONTENT
1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. RESTRICTED ACCESS TO THE NETWORK
3.1 AUTHORIZATION PROCESS
3.2 IDENTIFICATION OF UNAUTHORIZED NETWORK DEVICES
4. NETWORK ARCHITECTURE AND CONFIGURATION CONTROLS
4.1 TRUST LEVELS AND ESTABLISHMENT OF NETWORK ZONES
4.2 NETWORK SEGREGATION
4.3 PREVENTION OF UNAUTHORIZED CONNECTION WITH UNTRUSTED NETWORKS
4.4 PATH RESTRICTIONS
4.5 USE OF ROUTING PROTOCOLS WITH UNTRUSTED NETWORKS
4.6 SECURITY CONTROL DEVICE FAILURE
4.7 MALWARE SCANNING AND CONTENT BLOCKING
4.8 LIMITATION OF SERVICES
4.9 TUNNELS
4.10 PREVENTING LEAKAGE OF NETWORK INFORMATION
5. NETWORK MANAGEMENT CONTROLS
5.1 NETWORK CONNECTIONS WITH UNTRUSTED NETWORKS
5.2 USE OF STANDARD CONVENTIONS FOR NETWORK SECURITY CONTROL DEVICE CONFIGURATION
5.3 CONFIGURATION CHANGES TO NETWORK SECURITY CONTROL DEVICES
5.4 THIRD PARTY MANAGED NETWORKS
5.5 INVENTORY OF NETWORK INFORMATION
5.6 PERIODIC REVIEW
5.7 INCIDENT AND PROBLEM MANAGEMENT
5.8 CONTROLLED ACCESS TO NETWORK INFORMATION
5.9 AUTHORIZATION TO AVAILABLE SERVICES
6. NETWORK ACCESS CONTROL
6.1 AUTHENTICATION AT THE NETWORK PERIMETER
6.2 REMOTE ACCESS TO COMPANY NETWORKS AND RESOURCES
6.3 PROTECTION AND USE OF NETWORK MANAGEMENT SERVICES
6.4 THIRD-PARTY REMOTE SUPPORT RESTRICTIONS
6.5 LIMITATION OF CONNECTION TIME
7. PROTECTING THE CONFIDENTIALITY OF NETWORK TRAFFIC
8. MONITORING
8.1 AUDIT LOGGING
8.2 INTRUSION DETECTION
9. SECURE CONFIGURATION OF NETWORK DEVICES
9.1 HARDENING OF NETWORK DEVICES
9.2 MAINTAINING SECURITY OF REMOTE ACCESS SOLUTIONS
9.3 VULNERABILITY MANAGEMENT
10. COMPLIANCE
11. EXCEPTIONS
12. FINAL CONSIDERATIONS
12.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
12.2 DOCUMENT REVISION
Pages: 29
This bundle contains all the products listed in the Operations Management section. Take advantage of the 25% OFF when buying the bundle!
The objective of the Incidents and Problems Management Procedure is to describe general steps for incident and problem management regardless of the system and technology platform used.
The Public Cloud Security Standard (the Standard) establishes security requirements and controls to maintain the Confidentiality, integrity, and availability of the Company’s data in the public cloud.
Review Network Security Standard.
You must be logged in to post a review.