Scribd Logo
Upload

Welcome to Scribd!

  • FGDG

    Uploaded by

    jocansino4496
    36 views34 pages
    dfgdf

    Original Title

    fgdg

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    dfgdf

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    36 views34 pages

    FGDG

    Uploaded by

    jocansino4496
    dfgdf

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 34

    SECURITY POLICY DOCUMENT

    Company Name

    Companys Address Companys Website

    Name of Team Members

    April 2010 FEU East Asia College For Internal Use Only

    Introduction Provide a brief discussion of the Security Policy of the organization. Explain the purpose of the Security Policy creation.

    Table of Contents Introduction Table of Contents I. COMPANY INFORMATION A. Company History B. Company Description C. Nature of Business D. Organizational Chart II. SYSTEM INFORMATION A. Domain Information B. Active Directory Structure C. Organizational Units D. Number of Users per Organizational Unit E. User Accounts III. NETWORK INFORMATION A. Logical Topology B. Type of WAN Connection C. IP Addressing Scheme D. Equipment List E. Router Configuration IV. CONTROL DELEGATION A. Assignment of Security Control Responsibility Matrix B. Security Groups C. Security Control Tasks and Permission V. GROUP POLICY A. Default Domain Policy B. Group Policies Executive Office GPO HR GPO Students GPO and so on

    VI. SECURITY POLICY A. Computer Security Acceptable Use Policy Acceptable Encryption Policy User Encryption Key Protection Policy Password Policy Database Password Policy Software Installation Policy Computer Disaster Recovery Plan Policy B. Desktop Security Policy Clean Desk Policy Social Engineering Awareness Policy C. E-mail Security Policy E-mail Use Policy Automatically Forwarded E-mail Policy E-mail Retention Policy D. Internet Security Policy Internet Usage Policy Remote Access Tools Usage Policy Lab Anti-Virus Policy E. Mobile Security Policy Mobile Device Encryption Policy Mobile Access Policy F. Network Security Policy Router Security Policy Remote Access Policy Virtual Private Network (VPN) Policy G. Physical Security Policy Visitor and Contractor Premise Access Policy H. Server Security Policy Server Security Policy Server Malware Protection Policy

    Removable Media Policy I. Wireless Security Policy Wireless Communication Policy VII. COMPUTER INCIDENT RESPONSE TEAM (CIRT) A. Overview B. Purpose C. Duties and Responsibilities D. Scope E. Members VIII. INCIDENT HANDLING FORMS A. Incident Communication Log B. Incident Contact List C. Incident Containment D. Incident Eradication F. Incident Identification G. Incident Survey

    COMPANY INFORMATION A. Company History

    B. Company Description

    C. Nature of Business

    D. Organizational Chart

    SYSTEM INFORMATION A. Domain Information

    B. Active Directory Structure

    C. Organizational Units

    D. Number of Users per Organizational Unit

    E. User Accounts

    NETWORK INFORMATION A. Logical Topology

    B. Type of WAN Connection

    C. IP Addressing Scheme Network/Subnet Address Server IP Address Subnet Mask Default Gateway DNS Server Address HR Employee Name OU Head Employee1-10 Reserved And so on D. Equipment List Device Router Switch Firewall Server Access Point Desktop Laptop Network Printer etc E. Router Configuration Quantity Brand Model Purpose Placement : 172.16.8.0/21 : 172.16.23.200 : 255.255.248 : 172.16.23.250 : 172.16.23.200 IP Address 172.16.18.101 172.16.18.102 - 172.16.18.111 172.16.18.112 - 172.16.18.120 Subnet Mask 255.255.248 255.255.248 255.255.248 Default Gateway 172.16.23.250 172.16.23.250 172.16.23.250

    CONTROL DELEGATION A. Assignment of Security Control Responsibility Matrix Name Account Name Security Group Administrators Domain Admins Domain Controller Group Policy Creator Owners : : and so on Administrators Group Policy Creator Owners Account Operators Responsibility

    Alex T. Parchamento

    atparchamento

    John T. Smith jtsmith Leo E. Tria letria Juan D. Cruz jdcruz : And so on Note: I should see your names here. B. Security Groups Security Group Administrators Domain Admins Group Policy Creator Owners Account Operators : And so on

    Name Alex T. Parchamento John T. Smith Alex T. Parchamento Alex T. Parchamento Leo E. Tria Juan D. Cruz

    Account Name atparchamento Jtsmith atparchamento atparchamento letria jdcruz

    C. Security Control Tasks and Permission Tasks Implementor Create, delete, and manage Alex T. Parchamento user accounts Juan D. Cruz Reset user passwords and force password change at next logon Create All Child Objects Read All Properties : And so on Object User Computer

    GROUP POLICY

    10

    A. Default Domain Policy Scope Link Security Filtering Details Domain Owner Created Modified Unique ID GPO Status Settings Hierarchy Computer Configuration (Enabled) Policies Windows Settings Security Settings Account Policies / Password Policy Policy Enforce password history : : And so on Setting 24 password remembered : : And so on feu-eac.edu.ph Authenticated User

    Computer Configuration (Enabled) And so on Policies Windows Settings Security Settings Account Policies / Account Lockout Policy : : And so on Delegation Name Allowed Permissions

    And so on

    Inherited

    11

    B. Group Policies Executive Office GPO This GPO is link to the EO OU which will cover all authenticated users. <brief description of the GPO in 2 sentences or more> Scope Link Security Filtering Details Domain Owner Created Modified Unique ID GPO Status Settings Hierarchy User Configuration (Enabled) Policies Administrative Templates Policy Force classic Control Panel View Hide the Program Control Panel Setting Enabled Enabled Enabled Enabled Enabled feu-eac.edu.ph Authenticated User

    Control Panel Control Panel/Add or remove Programs Control Panel / Display

    Password protect the screen saver System/Ctrl+Alt+Del Remove Lock Computer Options Remove Change Password : : User Configuration (Enabled) Policies Administrative Templates : And so on And so on And so on And so on And so on

    And so on And so on

    12

    Delegation Name Alex Parchamento : : And so on HR GPO ITE GPO Students GPO : : and so on

    Allowed Permissions Edit settings

    Inherited No

    Note: All GPOs should be stated here and must be the same in the Group Policy Objects of Group Policy Management of the server. Remember that GPOs depend on user types and OUs. Therefore, a GPO may be unique.

    13

    SECURITY POLICY
    <Note: You have to create your own. Use only the attachments as references>

    14

    A. Computer Security

    15

    Place the Company Logo here.

    Acceptable Use Policy 1.0 Overview

    2.0 Purpose

    3.0 Scope

    4.0 Policy

    5.0 Enforcement

    6.0 Definition

    7.0 Revision History

    16

    Place the Company Logo here.

    Acceptable Encryption Policy 1.0 Purpose

    2.0 Scope

    3.0 Policy

    4.0 Enforcement

    5.0 Definitions

    6.0 Revision History

    17

    Place the Company Logo here.

    User Encryption Key Protection Policy 1.0 Purpose

    2.0 Scope

    3.0 Policy

    4.0 Enforcement

    5.0 Definitions

    6.0 Revision History

    18

    Place the Company Logo here.

    Password Policy 1.0 Overview

    2.0 Purpose

    3.0 Scope

    4.0 Policy

    5.0 Enforcement

    6.0 Definitions

    7.0 Revision History

    19

    Place the Company Logo here.

    Database Password Policy 1.0 Purpose

    2.0 Scope

    3.0 Policy

    4.0 Enforcement

    5.0 Definitions

    6.0 Revision History

    20

    Place the Company Logo here.

    Software Installation Policy 1.0 Overview

    2.0 Purpose

    3.0 Scope

    4.0 Policy

    5.0 Enforcement

    6.0 Definitions

    7.0 Revision History

    21

    Place the Company Logo here.

    Computer Disaster Recovery Plan Policy 1.0 Overview

    2.0 Purpose

    3.0 Scope

    4.0 Policy

    5.0 Enforcement

    6.0 Definitions

    7.0 Revision History

    22

    B.

    Desktop Policy

    Security

    23

    Place the Company Logo here.

    Clean Desk Policy

    24

    Place the Company Logo here.

    Social Engineering Awareness Policy

    25

    <You do the rest> C. E-mail Security Policy E-mail Use Policy Automatically Forwarded E-mail Policy E-mail Retention Policy D. Internet Security Policy Internet Usage Policy Remote Access Tools Usage Policy Lab Anti-Virus Policy E. Mobile Security Policy Mobile Device Encryption Policy Mobile Access Policy F. Network Security Policy Router Security Policy Remote Access Policy Virtual Private Network (VPN) Policy G. Physical Security Policy Visitor and Contractor Premise Access Policy H. Server Security Policy Server Security Policy Server Malware Protection Policy Removable Media Policy I. Wireless Security Policy Wireless Communication Policy

    26

    COMPUTER INCIDENT RESPONSE TEAM (CIRT) A. Overview

    B. Purpose and Responsibilities

    C. Duties and Responsibilities

    D. Scope

    E. Members

    27

    INCIDENT HANDLING FORMS


    <Note: You have to create your own. Use only the attachments as references>

    28

    Incident Communication Log

    29

    Incident Contact List

    30

    Incident Containment

    31

    Incident Eradication

    32

    Incident Identification

    33

    Incident Survey

    34

    You might also like