|
Security Policies & Standards Index
Last Updated: September 2004
For a complete copy contact support@deskscape.com
This document states the policies of Deskscape for the application of IT security management disciplines to protect Deskscape's corporate data, systems and applications against threats that could endanger their confidentiality, integrity and availability.
As a "trusted clearinghouse", Deskscape takes the responsibilities associated with value that the Customers have placed in Deskscape services very seriously and will continue to invest in upgrading its facilities to safeguard the confidentiality plus storage and delivery of Customer data.
Securities Policies & Standards
This policy and any associated standards and procedures apply to all users of the IT systems and applications of Deskscape and Deskscape's product support group. It applies across all hardware platforms, to all practices within Deskscape, and to all partners, staff and contractors of Deskscape.
Security Policies Content
Securities Policies & Standards Document
1.1 Deskscape's Security Policy Statement
1.2 Enforcement of Deskscape's Security Policies
IT Security Organization
2.1 The Security Organization Framework
2.1.1 Manager, Technology Services
2.1.2 Information Security
2.1.3 Networks and Firewalls Security
2.1.4 Physical Security
2.1.5 Database Administrator
Critical Assets
3.1 Criteria for Identifying Critical Assets
3.2 Documentation of Critical Assets
3.2.1 Ownership
3.2.2 Identification
3.2.3 Description
3.2.4 Configuration
3.3 Security Classification
3.3.1 Confidentiality
3.3.2 Availability
3.3.3 Integrity
Personnel Security
4.1 Employee & Contractor Responsibilities
4.1.1 Nondisclosure Agreement
4.1.2 Employee Agreement
4.1.3 Employee Conduct
4.1.4 Use of computer hardware and software
4.2 Internet & E-Mail Usage
4.2.1 Internet Usage
4.2.2 E-mail Usage
4.2.3 External User Access
4.3 Security Incident Reporting
4.3.1 Definition of a Security Incident
4.3.2 Personnel Responsibilities for Reporting a Security Incident
Environmental Security of IT Rooms
5.1 Space & Layout
5.2 Security
5.3 Power
5.4 Fire
5.5 Air Conditioning
5.6 Environmental Control & Monitoring
5.7 Access to IT Rooms
Data Preservation
6.1 Data Preservation
Computer & Network Management
7.1 Hardware Inventory & Deployment
7.2 Server Configuration
7.3 Hardware Redundancy
7.4 Workstation Configuration
7.5 Generic Accounts
7.6 Anti-Virus Protection
7.7 Security Patches & Updates
7.8 Software Media
7.9 Software Installations
Security Auditing
8.1 Security Reviews
8.2 Recordkeeping
8.3 Log Files
System Access Control
9.1 Secure Data Access
9.2 User Access Administration
9.2.1 User Access
9.2.2 Groups
9.2.3 Remote Access Users
9.2.4 Third Party Network Access
9.2.5 Access Control for IT Projects
9.3 Password & User ID Standards
9.3.1 Passwords
9.3.2 User IDs
Product Development
10.1 Approval of New Development Projects
10.2 Software Development
10.2.1 Requirements Analysis
10.2.2 Development Approach
10.2.3 Source Code Version Management
10.2.4 Module Testing
10.2.5 System Testing
10.2.6 End User Acceptance Testing
10.2.7 Release Planning
Change Management
11.1 Change Management Policy
11.2 Change Management Standards
11.2.1 Change Request Form
11.2.2 Change Management Best Practices
Business Continuity Management
|
View a brief PowerPoint presentation introducing Deskscape features and benefits.