by Anonymous (not verified)
Network security policy

Here's a concise summary of the university's network security policy in English:

Objective: To establish a stable and secure network that meets organizational requirements and protects connected systems.

Scope: All wired and wireless network components and communications infrastructure.

Organization Duties:

  • Instructions: Clear procedures for network component handling.
  • Control: Security controls for connecting network components.
  • Environment: Secure physical environment for network components.
  • Permissions: Appropriate user access levels.
  • Documentation: Network diagrams and documentation.
  • Settings Storage: Secure storage of network configurations.
  • Updates: Regular OS and component updates.
  • Password Management: Secure password allocation.
  • Auditing: Periodic network component audits.
  • Protection: Firewalls, intrusion detection/prevention systems.
  • Compliance: Monitoring employee adherence to policies.
  • Spare Equipment: Secure storage of backup equipment.

System Manager Duties:

  • Compatibility: Ensure device and application compatibility.
  • Port Management: Open only necessary ports.
  • Network Security: Configure device settings and install security systems.
  • Device Management: Monitor connected devices and apply updates.
  • Performance Monitoring: Report on network performance and security incidents.

Information Security Manager Duties:

  • Periodic Audit: Review network security compliance.
  • Security Reports: Follow up on and resolve network security issues.

Employee Duties:

  • Safe Network Use: Adhere to acceptable use policies.
  • Server Storage: Save information on designated servers.

Detailed Simulation:

  • Acceptable Policy:
    • Secure protocols (SSH), firewalls, complex passwords.
    • Secure server room with surveillance and cooling.
    • IDS/IPS, log analysis, regular updates.
    • Secure backups, access control lists (ACLs).
    • Result: Stable, secure network with threat detection and data protection.
  • Unacceptable Policy:
    • Insecure protocols (Telnet), weak passwords.
    • Unsecured server room.
    • Lack of IDS/IPS, no log monitoring, irregular updates.
    • No backups, no access restrictions.
    • Result: Vulnerable to hacking, data theft, service interruptions.

Key Differences:

  • Acceptable: Secure infrastructure, monitoring, strict controls.
  • Unacceptable: Lack of security tools, leading to threats and instability.

Conclusion:

  • Proper network security implementation is essential for stability and data protection.

Read more articles

Backup policy
Newer
Backup policy
Anti-virus and malware policy
Older
Anti-virus and malware policy
University Presidency
Anonymous (not verified)
1
min read
A- A+