NETWORK SECURITY POLICY
Document Name: | NETWORK SECURITY POLICY
|
|
|
Classification: | Internal |
|
|
Document Owner: | CISO/MR- |
|
|
Document Approver: | Top Management |
|
|
Original Document Issue Date: | 10/10/2023 |
|
|
Current Edition: | Version 2.0 |
|
|
Revision History: |
|
|
|
S. No. | Description of Change | Date of Change | Version No. |
1 | Initial Release | 10/10/2023 | 1.0 |
2 | Second Release | 10/10/2023 | 2.0 |
3 |
|
|
|
5 |
|
|
|
6 |
|
|
|
7 |
|
|
|
NETWORK SECURITY POLICY
1. Introduction
This document defines the Network Security Policy for LEGISTIFY SERVICES PRIVATE LIMITED The Network Security Policy applies to all business functions and information contained on the network, the physical environment and relevant people who support and are Users of the network.
This document sets out the:
LEGISTIFY SERVICES PRIVATE LIMITED's policy for the protection of the confidentiality, integrity and availability of the network;
b. Establishes the security responsibilities for network security;
c. Provides reference to documentation relevant to this policy.
The network is a collection of communication equipment such as servers, computers, printers, and modems, which has been connected together by cables or wireless devices. The network is created to share data, software, and peripherals such as printers, modems, fax machines, Internet connections, CD-ROM and tape drives, hard disks and other data storage equipment.
2. Purpose/Scope of this Policy
The purpose of this policy is to ensure the security of LEGISTIFY SERVICES PRIVATE LIMITED's network. To do this the LEGISTIFY SERVICES PRIVATE LIMITED will:
Ensure Availability
Ensure that the network is available for Users;
Preserve Integrity
Protect the network from unauthorised or accidental modification;
Preserve Confidentiality
Protect assets against unauthorised disclosure.
The purpose of this policy is also to ensure the proper use of the LEGISTIFY SERVICES PRIVATE LIMITED’s network and make Users aware of what the LEGISTIFY SERVICES PRIVATE LIMITED deems as acceptable and unacceptable use of its network.
Willful or negligent disregard of this policy may be investigated and dealt with under the LEGISTIFY SERVICES PRIVATE LIMITED Disciplinary Procedure.
This policy applies to all networks managed by LEGISTIFY SERVICES PRIVATE LIMITED used for:
The provision of Internet systems for receiving, sending and storing non-business or business data or images.
3. Policy
The Network Security Policy for LEGISTIFY SERVICES PRIVATE LIMITED is described below:
The LEGISTIFY SERVICES PRIVATE LIMITED information network will be available when needed and can be accessed only by legitimate Users. The network must also be able to withstand or recover from threats to its availability, integrity and confidentiality. To satisfy this, The LEGISTIFY SERVICES PRIVATE LIMITED will undertake the following:
Protect all hardware, software and information assets under its control. This will be achieved by implementing a set of well-balanced technical and non-technical measures;
Provide both effective and cost-effective protection that is commensurate with the risks to its network assets.
Implement the Network Security Policy in a consistent, timely and cost effective manner.
4. Physical & Environmental Security
Core network computer equipment will be housed in a controlled and secure environment. Critical or sensitive network equipment will be housed in an environment that has a monitored temperature and backup power supply along with appropriate security barriers and entry controls.
Door lock are managed by guards manned in the office on 24 hours basis in shifts.
Critical or sensitive network equipment will be protected from power supply failures and fire suppression systems.
Smoking, eating and drinking is forbidden in areas housing critical or sensitive network equipment.
All visitors to secure network areas must be authorised by a senior member of the IT Department,
All visitors to secure network areas must be made aware of security requirements.
All visitors to secure network areas must be logged in and out. The log will contain name, purpose of visit, date, and time in and out.
The LEGISTIFY SERVICES PRIVATE LIMITED will ensure that all relevant staff are made aware of procedures for visitors.
Entry to secure areas housing critical or sensitive network equipment will be restricted to those whose job requires it.
5. Access Control to the Network
Access rights to the network will be allocated as per LEGISTIFY SERVICES PRIVATE LIMITED IT Access control and user management policy.
6. Wireless Network
The LEGISTIFY SERVICES PRIVATE LIMITED has deployed a wireless network across premises which is for the use of employees and authorised representatives only,
The wireless network security standards are as follows:
Service Set Identifier (SSID):
The SSID for ‘guest’ access to the Internet only, will be broadcast so as to make it easily available to authorised visitors. Access will be granted via the IT Helpdesk.
Encryption: The wireless networks will utilise AES (Advanced Encryption Standard) level of encryption.
The laptops used by LEGISTIFY SERVICES PRIVATE LIMITED staff will confirm to the WPA 2 (Wi-Fi Protected Access) standard.
Unauthorised devices connected to the wireless network shall be blocked with no warning.
7. Maintenance Contracts
LEGISTIFY SERVICES PRIVATE LIMITED will ensure that maintenance contracts are maintained and periodically reviewed for all network equipment.
8. Fault Logging
The IT Department is responsible for ensuring that a log of all faults on the network is maintained and reviewed.
9. Data Backup and Restoration
Refer LEGISTIFY SERVICES PRIVATE LIMITED backup and restoration policy.
10. Malicious Software
The LEGISTIFY SERVICES PRIVATE LIMITED must ensure that measures are in place to detect and protect the network from viruses and other malicious software.
11. Unauthorised software
Unauthorised Software are not installed. Open source software when used are first approved by the IT and network team and then installed after doing risk assessment and testing.
12. Secure Disposal or Re-use of Equipment
Refer the disposal policy.
13. System Change Control
Refer the change management policy.
14. Security Monitoring
The LEGISTIFY SERVICES PRIVATE LIMITED is responsible for ensuring that the network is monitored for potential security breaches.
The LEGISTIFY SERVICES PRIVATE LIMITED reserves the right to access, modify or delete all data stored on or transmitted across its network. This includes data stored in personal network folders, mailboxes etc.
The LEGISTIFY SERVICES PRIVATE LIMITED reserves the right to disconnect or block any device connected either by physical or wireless means to the network.
The LEGISTIFY SERVICES PRIVATE LIMITED reserves the right to block any physical non-approved device connected to a piece of LEGISTIFY SERVICES PRIVATE LIMITED owned equipment.
15. Training and Awareness
All users of the network must be made aware of the contents and implications of the Network Security Policy.
16. Reporting Data Security Breaches and Weaknesses
Refer the incident management policy.
17. Disaster Recovery Plans
The LEGISTIFY SERVICES PRIVATE LIMITED will ensure that disaster recovery plans are produced for the network and that these are tested on a regular basis.
18. Unattended Equipment and Clear Screen
Users must ensure that they protect the network from unauthorised access. They must log off the network when LEGISTIFY SERVICES PRIVATE LIMITED hed working.
The LEGISTIFY SERVICES PRIVATE LIMITED operates a clear desk policy that means that Users must ensure that any equipment logged on to the network must be protected if they leave it unattended, even for a short time. Workstations must be locked or a screensaver password activated if a workstation is left unattended for a short time.
19. Process for Monitoring Compliance and Effectiveness
Performance reporting arrangements.
Internal Audits.
Policy Revision History
Date | Version | Author | Reviewer | Approver | Comments |
| 0.1 | ISMS Manager | CIO | LEGISTIFY SERVICES PRIVATE LIMITED Management | Draft Version of NETWORK SECURITY POLICY
|
|
|
|
|
|
|
|
|
|
|
|
|