tailieunhanh - I.T. SECURITY POLICY

BACnet itself is a living standard undergoing constant growth and revision under the auspices of ASHRAE Standing Standard Project Committee (SSPC) 135. This committee is made up of building control industry vendors, BCS users, academics and government representatives. The BACnet standard has been designed specifically to meet the com- munication needs of building automation and control systems for applications such as heating, ventilation, air conditioning control, lighting control, access control, and fire detection systems. In early 2001 the Network Security Working Group (NS-WG) was formed in response to concerns over access controls on life safety objects. It was soon. | IT Security Policy . SECURITY POLICY Copyright Ruskwig - Ruskwig provides you with the right to copy and amend this document for your own use - You may not resell ask for donations for or otherwise transfer for value the document. Page 1 IT Security Policy TABLE OF CONTENTS 1. POLICY 2. VIRUS 3. PHYSICAL SECURITY OF COMPUTER . . CATEGORIES OF . REQUIRED PHYSICAL . COMPUTER 4. ACCESS 5. LAN 6. SERVER SPECIFIC 7. UNIX LINUX SPECIFIC 8. WIDE AREA NETWORK 9. TCP IP INTERNET 10. VOICE SYSTEM 11. Page 2 IT Security Policy . Security Policy 1. POLICY STATEMENT It shall be the responsibility of the . Department to provide adequate protection and confidentiality of all corporate data and proprietary software systems whether held centrally on local storage media or remotely to ensure the continued availability of data and programs to all authorised members of staff and to ensure the integrity of all data and configuration controls. Summary of Main Security Policies. . Confidentiality of all data is to be maintained through discretionary and mandatory access controls and wherever possible these access controls should meet with C2 class security functionality. . Internet and other external service access is restricted to authorised personnel only. . Access to data on all laptop computers is to be secured through encryption or other means to provide confidentiality of data in the event of loss or theft of equipment. . Only authorised and licensed software may be installed and installation may only be performed by . Department staff. . The use of unauthorised software is prohibited. In the event of unauthorised software being discovered it will be removed from the workstation immediately. . Data may only be transferred for the purposes determined in the Organisation s