Unit 4 Assignment 1: Enhance and Existing It Security Policy Framework
Unit 4 Assignment 1: Enhance and Existing IT Security Policy Framework
Richman Investments Remote Access Standards
Purpose:
This document is designed to provide definition of the standards for connecting remotely to Richman Investments’ network outside of the company’s direct network connection. The standards defined here are designed to mitigate exposure to potential damage to Richman Investments’ network, resulting from the use of unauthorized use of network resources.
Scope:
All Richman Investments agents, vendors, contractors, and employees, who use either Richman Investments company property or their own personal property to connect to the Richman Investments network, are governed by this policy. The scope of this policy covers remote connections, used to access or do work on behalf of Richman Investments, including, but not limited to, the viewing or sending of e-mail, and the viewing of intranet resources.
Policy:
Richman Investments agents, vendors, contractors, and employees with privilege to remote access to Richman Investments’ corporate network are responsible for ensuring that they adhere to these standards, whether using company-owned or personal equipment for data access, and that they follow the same guidelines that would be followed for on-site connections to the Richman Investments network.
General access to the Internet by household members via the Richman Investments network will be permitted, and should be used responsibly, such that all Richman Investments standards and guidelines are enforced for the duration of Internet activity. The Richman Investments agent, vendor, contractor, or employee will bear any responsibilities and consequences for any misused access.
Requirements:
* Remote access must be secure and strictly controlled. Enforcement of control will be via password authentication or private/public keys with strong pass-phrases. * Richman Investments employees should, at no time, provide their security
Richman Investments Remote Access Standards
Purpose:
This document is designed to provide definition of the standards for connecting remotely to Richman Investments’ network outside of the company’s direct network connection. The standards defined here are designed to mitigate exposure to potential damage to Richman Investments’ network, resulting from the use of unauthorized use of network resources.
Scope:
All Richman Investments agents, vendors, contractors, and employees, who use either Richman Investments company property or their own personal property to connect to the Richman Investments network, are governed by this policy. The scope of this policy covers remote connections, used to access or do work on behalf of Richman Investments, including, but not limited to, the viewing or sending of e-mail, and the viewing of intranet resources.
Policy:
Richman Investments agents, vendors, contractors, and employees with privilege to remote access to Richman Investments’ corporate network are responsible for ensuring that they adhere to these standards, whether using company-owned or personal equipment for data access, and that they follow the same guidelines that would be followed for on-site connections to the Richman Investments network.
General access to the Internet by household members via the Richman Investments network will be permitted, and should be used responsibly, such that all Richman Investments standards and guidelines are enforced for the duration of Internet activity. The Richman Investments agent, vendor, contractor, or employee will bear any responsibilities and consequences for any misused access.
Requirements:
* Remote access must be secure and strictly controlled. Enforcement of control will be via password authentication or private/public keys with strong pass-phrases. * Richman Investments employees should, at no time, provide their security
Cited: Stephen. "SANS Remote Access Policy." SANS Institute. N.p., 2006. Web. 21 Jan. 2013. <http://www.sans.org/security-resources/policies/Remote_Access_Policy.pdf>.