Professional Documents
Culture Documents
Company Name
April 2010 FEU East Asia College For Internal Use Only
Introduction Provide a brief discussion of the Security Policy of the organization. Explain the purpose of the Security Policy creation.
Table of Contents Introduction Table of Contents I. COMPANY INFORMATION A. Company History B. Company Description C. Nature of Business D. Organizational Chart II. SYSTEM INFORMATION A. Domain Information B. Active Directory Structure C. Organizational Units D. Number of Users per Organizational Unit E. User Accounts III. NETWORK INFORMATION A. Logical Topology B. Type of WAN Connection C. IP Addressing Scheme D. Equipment List E. Router Configuration IV. CONTROL DELEGATION A. Assignment of Security Control Responsibility Matrix B. Security Groups C. Security Control Tasks and Permission V. GROUP POLICY A. Default Domain Policy B. Group Policies Executive Office GPO HR GPO Students GPO and so on
VI. SECURITY POLICY A. Computer Security Acceptable Use Policy Acceptable Encryption Policy User Encryption Key Protection Policy Password Policy Database Password Policy Software Installation Policy Computer Disaster Recovery Plan Policy B. Desktop Security Policy Clean Desk Policy Social Engineering Awareness Policy C. E-mail Security Policy E-mail Use Policy Automatically Forwarded E-mail Policy E-mail Retention Policy D. Internet Security Policy Internet Usage Policy Remote Access Tools Usage Policy Lab Anti-Virus Policy E. Mobile Security Policy Mobile Device Encryption Policy Mobile Access Policy F. Network Security Policy Router Security Policy Remote Access Policy Virtual Private Network (VPN) Policy G. Physical Security Policy Visitor and Contractor Premise Access Policy H. Server Security Policy Server Security Policy Server Malware Protection Policy
Removable Media Policy I. Wireless Security Policy Wireless Communication Policy VII. COMPUTER INCIDENT RESPONSE TEAM (CIRT) A. Overview B. Purpose C. Duties and Responsibilities D. Scope E. Members VIII. INCIDENT HANDLING FORMS A. Incident Communication Log B. Incident Contact List C. Incident Containment D. Incident Eradication F. Incident Identification G. Incident Survey
B. Company Description
C. Nature of Business
D. Organizational Chart
C. Organizational Units
E. User Accounts
C. IP Addressing Scheme Network/Subnet Address Server IP Address Subnet Mask Default Gateway DNS Server Address HR Employee Name OU Head Employee1-10 Reserved And so on D. Equipment List Device Router Switch Firewall Server Access Point Desktop Laptop Network Printer etc E. Router Configuration Quantity Brand Model Purpose Placement : 172.16.8.0/21 : 172.16.23.200 : 255.255.248 : 172.16.23.250 : 172.16.23.200 IP Address 172.16.18.101 172.16.18.102 - 172.16.18.111 172.16.18.112 - 172.16.18.120 Subnet Mask 255.255.248 255.255.248 255.255.248 Default Gateway 172.16.23.250 172.16.23.250 172.16.23.250
CONTROL DELEGATION A. Assignment of Security Control Responsibility Matrix Name Account Name Security Group Administrators Domain Admins Domain Controller Group Policy Creator Owners : : and so on Administrators Group Policy Creator Owners Account Operators Responsibility
Alex T. Parchamento
atparchamento
John T. Smith jtsmith Leo E. Tria letria Juan D. Cruz jdcruz : And so on Note: I should see your names here. B. Security Groups Security Group Administrators Domain Admins Group Policy Creator Owners Account Operators : And so on
Name Alex T. Parchamento John T. Smith Alex T. Parchamento Alex T. Parchamento Leo E. Tria Juan D. Cruz
C. Security Control Tasks and Permission Tasks Implementor Create, delete, and manage Alex T. Parchamento user accounts Juan D. Cruz Reset user passwords and force password change at next logon Create All Child Objects Read All Properties : And so on Object User Computer
GROUP POLICY
10
A. Default Domain Policy Scope Link Security Filtering Details Domain Owner Created Modified Unique ID GPO Status Settings Hierarchy Computer Configuration (Enabled) Policies Windows Settings Security Settings Account Policies / Password Policy Policy Enforce password history : : And so on Setting 24 password remembered : : And so on feu-eac.edu.ph Authenticated User
Computer Configuration (Enabled) And so on Policies Windows Settings Security Settings Account Policies / Account Lockout Policy : : And so on Delegation Name Allowed Permissions
And so on
Inherited
11
B. Group Policies Executive Office GPO This GPO is link to the EO OU which will cover all authenticated users. <brief description of the GPO in 2 sentences or more> Scope Link Security Filtering Details Domain Owner Created Modified Unique ID GPO Status Settings Hierarchy User Configuration (Enabled) Policies Administrative Templates Policy Force classic Control Panel View Hide the Program Control Panel Setting Enabled Enabled Enabled Enabled Enabled feu-eac.edu.ph Authenticated User
Password protect the screen saver System/Ctrl+Alt+Del Remove Lock Computer Options Remove Change Password : : User Configuration (Enabled) Policies Administrative Templates : And so on And so on And so on And so on And so on
And so on And so on
12
Delegation Name Alex Parchamento : : And so on HR GPO ITE GPO Students GPO : : and so on
Inherited No
Note: All GPOs should be stated here and must be the same in the Group Policy Objects of Group Policy Management of the server. Remember that GPOs depend on user types and OUs. Therefore, a GPO may be unique.
13
SECURITY POLICY
<Note: You have to create your own. Use only the attachments as references>
14
A. Computer Security
15
2.0 Purpose
3.0 Scope
4.0 Policy
5.0 Enforcement
6.0 Definition
16
2.0 Scope
3.0 Policy
4.0 Enforcement
5.0 Definitions
17
2.0 Scope
3.0 Policy
4.0 Enforcement
5.0 Definitions
18
2.0 Purpose
3.0 Scope
4.0 Policy
5.0 Enforcement
6.0 Definitions
19
2.0 Scope
3.0 Policy
4.0 Enforcement
5.0 Definitions
20
2.0 Purpose
3.0 Scope
4.0 Policy
5.0 Enforcement
6.0 Definitions
21
2.0 Purpose
3.0 Scope
4.0 Policy
5.0 Enforcement
6.0 Definitions
22
B.
Desktop Policy
Security
23
24
25
<You do the rest> C. E-mail Security Policy E-mail Use Policy Automatically Forwarded E-mail Policy E-mail Retention Policy D. Internet Security Policy Internet Usage Policy Remote Access Tools Usage Policy Lab Anti-Virus Policy E. Mobile Security Policy Mobile Device Encryption Policy Mobile Access Policy F. Network Security Policy Router Security Policy Remote Access Policy Virtual Private Network (VPN) Policy G. Physical Security Policy Visitor and Contractor Premise Access Policy H. Server Security Policy Server Security Policy Server Malware Protection Policy Removable Media Policy I. Wireless Security Policy Wireless Communication Policy
26
D. Scope
E. Members
27
28
29
30
Incident Containment
31
Incident Eradication
32
Incident Identification
33
Incident Survey
34