SecureNet Solutions provides a variety of policies
to address client needs:
| Service |
Description |
| Comprehensive Security Policy |
Combines applicable reports defined below as required
by business risk assessment. |
| Acceptable Encryption Policy |
Defines requirements for encryption algorithms
used within the organization. |
| Acceptable Use Policy |
Defines acceptable use of equipment and computing
services, and the appropriate employee security
measures to protect the organization's corporate
resources and proprietary information. |
| Analog/ISDN Line Policy |
Defines standards for use of analog/ISDN lines
for Fax sending and receiving, and for connection
to computers. |
| Anti-Virus Process |
Defines guidelines for effectively reducing the
threat of computer viruses on the organization's
network. |
| Application Service Provider Policy |
Defines minimum security criteria that an ASP
must execute in order to be considered for use on
a project by the organization. |
| Application Service Provider Standards |
Outlines the minimum security standards for the
ASP. This policy is referenced in the ASP Policy
above. |
| Acquisition Assessment Policy |
Defines responsibilities regarding corporate acquisitions,
and defines the minimum requirements of an acquisition
assessment to be completed by the information security
group. |
| Automatically Forwarded Email Policy |
Automatically Forwarded Email Policy - Documents
the requirement that no email will be automatically
forwarded to an external destination without prior
approval from the appropriate manager or director. |
| Database Credentials Coding Policy |
Defines requirements for securely storing and
retrieving database usernames and passwords. |
| Dial-in Access Policy |
Defines appropriate dial-in access and its use
by authorized personnel. |
| DMZ Lab Security Policy |
Defines standards for all networks and equipment
deployed in labs located in the "Demilitarized Zone"
or external network segments. |
| Extranet Policy |
Defines the requirement that third party organizations
requiring access to the organization's networks
must sign a third-party connection agreement. |
| Information Sensitivity Policy |
Defines the requirements for classifying and
securing the organization's information in a manner
appropriate to its sensitivity level. |
| Internal Lab Security Policy |
Defines requirements for internal labs to ensure
that confidential information and technologies are
not compromised, and that production services and
interests of the organization are protected from
lab activities. |
| Internet DMZ Equipment Policy |
Defines the standards to be met by all equipment
owned and/or operated by the organization that is
located outside the organization's Internet firewalls
(the demilitarized zone or DMZ)). |
| Lab Anti-Virus Policy |
Defines requirements which must be met by all
computers connected to the organization's lab networks
to ensure effective virus detection and prevention. |
| Password Protection Policy |
Defines standards for creating, protecting, and
changing strong passwords. |
| Remote Access Policy |
Defines standards for connecting to the organization's
network from any host or network external to the
organization. |
| Risk Assessment Policy |
Defines the requirements and provides the authority
for the information security team to identify, assess,
and premeditate risks to the organization's information
infrastructure associated with conducting business. |
| Router Security Policy |
Defines standards for minimal security configuration
for routers and switches inside a production network,
or used in a production capacity. |
| Server Security Policy |
Defines standards for minimal security configuration
for servers inside the organization's production
network, or used in a production capacity. |
| The Third Party Network Connection Agreement |
Defines the standards and requirements, including
legal requirements, needed in order to interconnect
a third party organization's network to the production
network. This agreement must be signed by both parties. |
| VPN Security Policy |
Defines the requirements for Remote Access IPSec
or L2TP Virtual Private Network (VPN) connections
to the organization's network. |
| Wireless Communication Policy |
Defines standards for wireless systems used to
connect to the organization's networks. |
