Course Project Milestone 1

docx

School

Ivy Tech Community College, Indianapolis *

*We aren’t endorsed by this school

Course

260

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

20

Uploaded by SuperAtomPartridge28

Report
Contents Acceptable Use Policy 1. Overview .................................................................................................................................. 5 2. Purpose ..................................................................................................................................... 5 3. Scope ........................................................................................................................................ 5 4. Policy ........................................................................................................................................ 6 4.1 General Use and Ownership ............................................................................................. 6 4.1.1 Coastal Veterinary Clinic proprietary information stored on electronic and computing devices, whether owned or leased by Coastal Veterinary Clinic, the employee, or a third party, remains the sole property of Coastal Veterinary Clinic. You must ensure that the Data Protection Standard protects proprietary information through legal or technical means . ........... 6 4.1.2 You are responsible for promptly reporting the theft, loss, or unauthorized disclosure of Coastal Veterinary Clinic proprietary information .................................................................. 6 4.1.3 You may access, use, or share Coastal Veterinary Clinic proprietary information only to the extent authorized and necessary to fulfill your assigned job duties .................................. 6 4.1.4 Employees are responsible for exercising good judgment regarding the reasonableness of personal use. Individual departments are responsible for creating guidelines concerning personal use of Internet/Intranet/Extranet systems. In the absence of such policies, employees should be guided by departmental policies on personal use, and if there is any uncertainty, employees should consult their supervisor or manager ........................................... 6 4.1.5 For security and network maintenance purposes, authorized individuals within Infosec may monitor equipment, systems, and network traffic at any time, per Infosec's Audit Policy . 6 4.1.6 Infosec reserves the right to audit networks and systems periodically to ensure compliance with this policy ......................................................................................................... 6 5. Policy Compliance ................................................................................................................. 10 5.2 Exceptions ........................................................................................................................... 10 5.3 Non-Compliance ................................................................................................................. 10 Coastal Veterinary Clinic 2023 – All Rights Reserved Page 1 Coastal Veterinary Clinic
Disaster Recovery Plan Policy 1. Overview ................................................................................................................................ 11 2. Purpose ................................................................................................................................... 11 3. Scope ...................................................................................................................................... 11 4. Policy ...................................................................................................................................... 11 5. Policy Compliance ................................................................................................................. 12 5.2 Exceptions ........................................................................................................................... 12 5.3 Non-Compliance ................................................................................................................. 12 Password Protection Policy 1. Overview ................................................................................................................................ 13 2. Purpose ................................................................................................................................... 13 3. Scope ...................................................................................................................................... 13 4. Policy ...................................................................................................................................... 13 4.1 Password Creation .............................................................................................................. 13 4.1.1 All user-level and system-level passwords must conform to the Password Construction Guidelines ...................................................................................................................................... 13 4.1.2 Users must use a separate, unique password for their work-related accounts. Users may not use any job-related passwords for their own personal accounts .............................................. 13 4.1.3 User accounts with system-level privileges granted through group memberships or programs such as sudo must have a unique password from all other accounts held by that user to access system-level privileges. In addition, it is highly recommended that some form of multi- factor authentication is used for any privileged accounts .............................................................. 13 4.2 Password Change ................................................................................................................ 14 4.2.1 Passwords must be changed every 30 days. You may not use any of your previous 12 passwords ....................................................................................................................................... 14 4.2.2 Password cracking or guessing may be performed periodically or randomly by the Infosec Team or its delegates. If a password is guessed or cracked during one of these scans, the user will be required to change it to comply with the Password Construction Guidelines ........... 14 4.3 Password Protection ............................................................................................................ 14 Coastal Veterinary Clinic 2023 – All Rights Reserved Page 2 Coastal Veterinary Clinic
4.3.1 Passwords must not be shared with anyone, including Coastal Veterinary Clinic information. Corporate Information Security recognizes that legacy applications do not support proxy systems in place. Please refer to the technical reference for additional details ................... 14 4.3.2 Passwords must not be inserted into email messages, Alliance cases, or other forms of electronic communication, nor revealed over the phone to anyone .............................................. 14 4.3.3 Passwords may be stored only in “password managers” authorized by the organization. 14 4.3.4 Do not use applications' "Remember Password" feature (for example, web browsers).14 4.3.5 Any user suspecting their password may have been compromised must report the incident and change all passwords ................................................................................................. 14 4.4 Application Development ................................................................................................... 14 4.5 Multi-Factor Authentication ............................................................................................... 14 4.5.1 Multi-factor authentication is highly encouraged and should be used whenever possible, not only for work-related and personal accounts ........................................................................... 15 5. Policy Compliance ................................................................................................................. 15 5.5 Exceptions ........................................................................................................................... 15 5.6 Non-Compliance ................................................................................................................. 15 6 Related Standards, Policies, and Processes ............................................................................ 15 Password Construction Guidelines 1. Overview ................................................................................................................................ 16 2. Purpose ................................................................................................................................... 16 3. Scope ...................................................................................................................................... 16 4. Statement of Guidelines ......................................................................................................... 16 5. Policy Compliance ................................................................................................................. 17 6.2 Exceptions ........................................................................................................................... 17 6.3 Non-Compliance ................................................................................................................. 17 Digital Signature Acceptance Policy 1. Overview ................................................................................................................................ 18 2. Purpose ................................................................................................................................... 18 Coastal Veterinary Clinic 2023 – All Rights Reserved Page 3 Coastal Veterinary Clinic
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
3. Scope ...................................................................................................................................... 18 4. Policy ...................................................................................................................................... 18 5. Policy Compliance ................................................................................................................. 19 6.5 Exceptions ........................................................................................................................... 19 6.6 Non-Compliance ................................................................................................................. 19 Coastal Veterinary Clinic 2023 – All Rights Reserved Page 4 Coastal Veterinary Clinic
Acceptable Use Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is no prior approval required. If you would like to contribute a new policy or updated version of this policy, please send an email to policy-resources@sans.org . Last Update Status: Updated October 2023 1. Overview Infosec’s intentions for publishing an Acceptable Use Policy are not to impose restrictions contrary to Coastal Veterinary Clinic’s established culture of openness, trust, and integrity. Infosec is committed to protecting Coastal Veterinary Clinic's employees, partners, and the company from illegal or damaging actions by individuals, knowingly or unknowingly. Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, WWW browsing, and FTP, are the property of Coastal Veterinary Clinic. These systems are to be used for business purposes in serving the interests of the company and our clients and customers during normal operations. Please review Human Resources policies for further details. Effective security is a team effort involving the participation and support of every Coastal Veterinary Clinic employee and affiliate who deals with information or information systems. It is the responsibility of every computer user to know these guidelines and to conduct their activities accordingly. 2. Purpose This policy aims to outline the acceptable use of computer equipment at Coastal Veterinary Clinic. These rules are in place to protect the employee and Coastal Veterinary Clinic. Inappropriate use exposes Coastal Veterinary Clinic to risks, including virus attacks, compromise of network systems and services, and legal issues. 3. Scope This policy applies to using information, electronic and computing devices, and network resources to conduct Coastal Veterinary Clinic business or interact with internal networks and business systems, whether owned or leased by Coastal Veterinary Clinic, the employee, or a third party. All employees, contractors, consultants, temporary, and other workers at Coastal Veterinary Clinic and its subsidiaries are responsible for exercising good judgment regarding the appropriate use of information, electronic devices, and network resources in accordance with Coastal Veterinary Clinic 2023 – All Rights Reserved Page 5 Coastal Veterinary Clinic
Coastal Veterinary Clinic policies and standards and local laws and regulations. Exceptions to this policy are documented in section 5.2 This policy applies to employees, contractors, consultants, temporaries, and other workers at Coastal Veterinary Clinic, including all personnel affiliated with third parties. This policy applies to all equipment owned or leased by Coastal Veterinary Clinic. 4. Policy 4.1 General Use and Ownership 4.1.1 Coastal Veterinary Clinic proprietary information stored on electronic and computing devices, whether owned or leased by Coastal Veterinary Clinic, the employee, or a third party, remains the sole property of Coastal Veterinary Clinic. You must ensure that the Data Protection Standard protects proprietary information through legal or technical means . 4.1.2 You are responsible for promptly reporting the theft, loss, or unauthorized disclosure of Coastal Veterinary Clinic proprietary information. 4.1.3 You may access, use, or share Coastal Veterinary Clinic proprietary information only to the extent authorized and necessary to fulfill your assigned job duties. 4.1.4 Employees are responsible for exercising good judgment regarding the reasonableness of personal use. Individual departments are responsible for creating guidelines concerning personal use of Internet/Intranet/Extranet systems. In the absence of such policies, employees should be guided by departmental policies on personal use, and if there is any uncertainty, employees should consult their supervisor or manager. 4.1.5 For security and network maintenance purposes, authorized individuals within Infosec may monitor equipment, systems, and network traffic at any time, per Infosec's Audit Policy . 4.1.6 Infosec reserves the right to audit networks and systems periodically to ensure compliance with this policy. 4.2 Security and Proprietary Information 4.2.1 All mobile and computing devices that connect to the internal network must comply with the Minimum Access Policy . Coastal Veterinary Clinic 2023 – All Rights Reserved Page 6 Coastal Veterinary Clinic
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4.2.2 System-level and user-level passwords must comply with the Password Policy . Providing access to another individual, deliberately or through failure to secure its access, is prohibited. 4.2.3 All computing devices must be secured with a password-protected screensaver with the automatic activation feature set to 10 minutes or less. You must lock the screen or log off when the device is unattended. 4.2.4 Postings by Coastal Veterinary Clinic employees from an email address to newsgroups should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of Coastal Veterinary Clinic unless posting is in the course of business duties. 4.2.5 Employees must use extreme caution when opening e-mail attachments received from unknown senders, which may contain malware. 4.3 Unacceptable Use The following activities are, in general, prohibited. Employees may be exempted from these restrictions during their legitimate job responsibilities (e.g., systems administration staff may need to disable a host's network access if that host is disrupting production services). Under no circumstances is an employee of Coastal Veterinary Clinic authorized to engage in any illegal activity under local, state, federal, or international law while utilizing Coastal Veterinary Clinic-owned resources. The lists below are by no means exhaustive but attempt to provide a framework for activities that fall into the unacceptable use category. 4.3.1 System and Network Activities The following activities are strictly prohibited, with no exceptions: 1. Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by Coastal Veterinary Clinic. 2. Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books, or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which Coastal Veterinary Clinic or the end user does not have an active license is strictly prohibited. 3. Accessing data, a server, or an account for any purpose other than conducting Coastal Veterinary Clinic business, even with authorized access, is prohibited. Coastal Veterinary Clinic 2023 – All Rights Reserved Page 7 Coastal Veterinary Clinic
4. Exporting software, technical information, encryption software, or technology in violation of international or regional export control laws is illegal. The appropriate management should be consulted before exporting any material in question. 5. Introducing malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.). 6. Revealing your account password to others or allowing use of your account by others. This includes family and other household members when work is done at home. 7. Using a Coastal Veterinary Clinic computing asset to actively procure or transmit material that violates sexual harassment or hostile workplace laws in the user's local jurisdiction. 8. Making fraudulent offers of products, items, or services originating from any Coastal Veterinary Clinic account. 9. Making statements about warranty, expressly or implied, unless it is a part of regular job duties. 10. Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access unless these duties are within the scope of regular duties. For this section, "disruption" includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes. 11. Port scanning or security scanning is expressly prohibited unless prior notification to Infosec is made. 12. Executing any network monitoring that will intercept data not intended for the employee's host unless this activity is a part of the employee's regular job/duty. 13. Circumventing user authentication or any host, network, or account security. 14. Introducing honeypots, honeynets, or similar technology on the Coastal Veterinary Clinic network. 15. Interfering with or denying service to any user other than the employee's host (for example, denial of service attack). 16. Using any program/script/command or sending messages of any kind with the intent to interfere with or disable a user's terminal session via any means, locally or via the Internet/Intranet/Extranet. 17. Providing information about, or lists of, Coastal Veterinary Clinic employees to parties outside Coastal Veterinary Clinic. Coastal Veterinary Clinic 2023 – All Rights Reserved Page 8 Coastal Veterinary Clinic
4.3.2 Email and Communication Activities Users must realize they represent the company when using company resources to access and use the Internet. Whenever employees state an affiliation to the company, they must also clearly indicate that "the opinions expressed are my own and not necessarily those of the company." Questions may be addressed to the IT Department. 1. Sending unsolicited email messages, including sending "junk mail" or other advertising material to individuals who did not specifically request such material (email spam). 2. Any form of harassment via email, telephone, or paging, whether through language, frequency, or size of messages. 3. Unauthorized use or forging of email header information. 4. Solicitation of email for any other email address other than that of the poster's account with the intent to harass or to collect replies. 5. Creating or forwarding "chain letters," "Ponzi," or other "pyramid" schemes of any type. 6. Use of unsolicited email originating from within Coastal Veterinary Clinic's networks of other Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service hosted by Coastal Veterinary Clinic or connected via Coastal Veterinary Clinic's network. 7. Posting the same or similar non-business-related messages to large numbers of Usenet newsgroups (newsgroup spam). 4.3.3 Blogging and Social Media 1. Blogging by employees, whether using Coastal Veterinary Clinic’s property and systems or personal computer systems, is also subject to the terms and restrictions outlined in this Policy. Limited and occasional use of Coastal Veterinary Clinic’s systems to engage in blogging is acceptable, provided that it is done in a professional and responsible manner, does not otherwise violate Coastal Veterinary Clinic’s policy, is not detrimental to Coastal Veterinary Clinic’s best interests, and does not interfere with an employee's regular work duties. Blogging from Coastal Veterinary Clinic’s systems is also subject to monitoring. 2. Coastal Veterinary Clinic’s Confidential Information policy also applies to blogging. As such, Employees are prohibited from revealing any Coastal Veterinary Clinic confidential or proprietary information, trade secrets, or any other material covered by Coastal Veterinary Clinic’s Confidential Information policy when engaged in blogging. Coastal Veterinary Clinic 2023 – All Rights Reserved Page 9 Coastal Veterinary Clinic
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
3. Employees shall not engage in any blogging that may harm or tarnish the image, reputation, and/or goodwill of Coastal Veterinary Clinic and/or its employees. Employees are also prohibited from making discriminatory, disparaging, defamatory, or harassing comments when blogging or engaging in any conduct prohibited by Coastal Veterinary Clinic’s Non-Discrimination and Anti-Harassment policy. 4. Employees may also not attribute personal statements, opinions, or beliefs to Coastal Veterinary Clinic when blogging. If an employee is expressing his or her beliefs and/or opinions in blogs, the employee may not, expressly or implicitly, represent themselves as an employee or representative of Coastal Veterinary Clinic. Employees assume any and all risks associated with blogging. 5. Apart from following all laws pertaining to the handling and disclosure of copyrighted or export-controlled materials, Coastal Veterinary Clinic’s trademarks, logos, and any other Coastal Veterinary Clinic intellectual property may also not be used in connection with any blogging activity 5. Policy Compliance 5.1 Compliance Measurement The Infosec team will verify compliance with this policy through various methods, including but not limited to business tool reports, internal and external audits, and feedback to the policy owner. 5.2 Exceptions The Infosec team must approve any exception to the policy in advance. 5.3 Non-Compliance An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. Coastal Veterinary Clinic 2023 – All Rights Reserved Page 10 Coastal Veterinary Clinic
Disaster Recovery Plan Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is no prior approval required. If you would like to contribute a new policy or updated version of this policy, please send an email to policy-resources@sans.org . Last Update Status: Updated October 2023 1. Overview Since disasters happen so rarely, management often ignores the disaster recovery planning process. It is essential to realize that having a contingency plan in the event of a disaster gives Coastal Veterinary Clinic a competitive advantage. This policy requires management to financially support and diligently attend to disaster contingency planning efforts. Disasters are not limited to adverse weather conditions. Any event that could likely cause an extended service delay should be considered. The Disaster Recovery Plan is often part of the Business Continuity Plan. 2. Purpose This policy defines the requirement for a baseline disaster recovery plan to be developed and implemented by Coastal Veterinary Clinic that will describe the process to recover IT Systems, Applications, and Data from any type of disaster that causes a major outage. 3. Scope This policy is directed to the IT Management Staff, who ensures the plan is developed, tested, and updated. This policy is solely to state the requirements for a disaster recovery plan; it does not provide requirements for what goes into the plan or sub-plans. Coastal Veterinary Clinic 2023 – All Rights Reserved Page 11 Coastal Veterinary Clinic
4. Policy 4.1 Contingency Plans The following contingency plans must be created: Computer Emergency Response Plan: Who will be contacted, when, and how? What immediate actions must be taken in the event of certain occurrences? Succession Plan: Describe the flow of responsibility when normal staff is unavailable to perform their duties. Data Study: Detail the data stored on the systems, its criticality, and its confidentiality . Criticality of Service List: List all the services provided and their order of importance. It also explains the recovery order in both short-term and long-term timeframes. Data Backup and Restoration Plan: Detail which data is backed up, the media to which it is saved, where that media is stored, and how often the backup is done. It should also describe how that data could be recovered. Equipment Replacement Plan: Describe what equipment is required to begin to provide services, list the order in which it is necessary, and note where to purchase the equipment. Mass Media Management: Who is in charge of giving information to the mass media? Also provide some guidelines on what data is appropriate to be provided. After creating the plans, practicing them to the extent possible is essential. Management should set aside time to test the implementation of the disaster recovery plan. Tabletop exercises should be conducted annually. During these tests, issues that may cause the plan to fail can be discovered and corrected in an environment with few consequences. The plan, at a minimum, should be reviewed and updated on an annual basis. 5. Policy Compliance 5.1 Compliance Measurement The Infosec team will verify compliance with this policy through various methods, including but not limited to periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner. 5.2 Exceptions The Infosec Team must approve any exception to the policy in advance. Coastal Veterinary Clinic 2023 – All Rights Reserved Page 12 Coastal Veterinary Clinic
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
5.3 Non-Compliance An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. Password Protection Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is no prior approval required. If you would like to contribute a new policy or updated version of this policy, please send an email to policy-resources@sans.org . Last Update Status: Updated October, 2023 1. Overview Passwords are an important aspect of computer security. A poorly chosen password may result in unauthorized access and/or exploitation of our resources. All staff, including contractors and vendors with access to Coastal Veterinary Clinic systems, are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords. 2. Purpose The purpose of this policy is to establish a standard for the creation of strong passwords and the protection of those passwords. Coastal Veterinary Clinic 2023 – All Rights Reserved Page 13 Coastal Veterinary Clinic
3. Scope The scope of this policy includes all personnel who have or are responsible for an account (or any form of access that supports or requires a password) on any system that resides at any Coastal Veterinary Clinic facility, has access to the Coastal Veterinary Clinic network, or stores any non-public Coastal Veterinary Clinic information. 4. Policy 4.1 Password Creation 4.1.1 All user-level and system-level passwords must conform to the Password Construction Guidelines . 4.1.2 Users must use a separate, unique password for each of their work-related accounts. Users may not use any work-related passwords for their own personal accounts. 4.1.3 User accounts that have system-level privileges granted through group memberships or programs such as sudo must have a unique password from all other accounts held by that user to access system-level privileges. In addition, it is highly recommended that some form of multi-factor authentication is used for any privileged accounts 4.2 Password Change 4.2.1 Passwords must be changed every 30 days. You may not use any of your previous 12 passwords. 4.2.2 Password cracking or guessing may be performed periodically or randomly by the Infosec Team or its delegates. If a password is guessed or cracked during one of these scans, the user must change it to comply with the Password Construction Guidelines. 4.3 Password Protection 4.3.1 Passwords must not be shared with anyone, including Coastal Veterinary Clinic information. Corporate Information Security recognizes that legacy applications do not support proxy systems in place. Please refer to the technical reference for additional details. 4.3.2 Passwords must not be inserted into email messages, Alliance cases, or other forms of Coastal Veterinary Clinic 2023 – All Rights Reserved Page 14 Coastal Veterinary Clinic
electronic communication, nor revealed over the phone to anyone. 4.3.3 Passwords may be stored only in “password managers” authorized by the organization. 4.3.4 Do not use the "Remember Password" feature of applications (for example, web browsers). 4.3.5 Any user suspecting that his/her password may have been compromised must report the incident and change all passwords. 4.4 Application Development Application developers must ensure that their programs contain the following security precautions: 4.4.1 Applications must support the authentication of individual users, not groups. 4.4.2 Applications must not store passwords in clear text or in any easily reversible form. 4.4.3 Applications must not transmit passwords in clear text over the network. 4.4.4 Applications must provide some sort of role management, such that one user can take over the functions of another without having to know the other's password. 4.5 Multi-Factor Authentication 4.5.1 Multi-factor authentication is highly encouraged and should be used whenever possible, not only for work-related accounts but also for personal accounts. 5. Policy Compliance 5.4 Compliance Measurement The Infosec team will verify compliance with this policy through various methods, including but not limited to periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner. 5.5 Exceptions The Infosec Team must approve any exception to the policy in advance. 5.6 Non-Compliance An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. Coastal Veterinary Clinic 2023 – All Rights Reserved Page 15 Coastal Veterinary Clinic
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
6 Related Standards, Policies, and Processes Password Construction Guidelines Password Construction Guidelines Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is no prior approval required. If you would like to contribute a new policy or updated version of this policy, please send an email to policy-resources@sans.org . Last Update Status: Updated October, 2023 1. Overview Passwords are a critical component of information security. Passwords serve to protect user accounts; however, a poorly constructed password may result in the compromise of individual systems, data, or networks. This guideline provides best practices for creating secure passwords. Coastal Veterinary Clinic 2023 – All Rights Reserved Page 16 Coastal Veterinary Clinic
2. Purpose The purpose of these guidelines is to provide best practices for the creation of strong passwords. 3. Scope This guideline applies to employees, contractors, consultants, temporary and other workers, including all personnel affiliated with third parties. This guideline applies to all passwords, including but not limited to user-level accounts, system-level accounts, web accounts, e-mail accounts, screen saver protection, voicemail, and local router logins. 4. Statement of Guidelines Strong passwords are long; the more characters you have, the stronger the password. We recommend a minimum of 14 characters in your password. In addition, we highly encourage the use of passphrases and passwords made up of multiple words. Examples include “ It’s time for vacation ” or “ block-curious-sunny-leaves .” Passphrases are easy to remember and type yet meet the strength requirements . Poor or weak passwords have the following characteristics: Contain eight characters or less. Contain personal information such as birthdates, addresses, phone numbers, or names of family members, pets, friends, and fantasy characters. Contain number patterns such as ab, qwerty, zyxwvuts, or 123321. Are some version of “Welcome123” “Password123” “Changeme123” In addition, every work account should have a different, unique password. To enable users to maintain multiple passwords, we highly encourage the use of ‘password manager’ software that is authorized and provided by the organization. Whenever possible, also enable the use of multi- factor authentication. 5. Policy Compliance 6.1 Compliance Measurement The Infosec team will verify compliance with this policy through various methods, including but not limited to periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner. Coastal Veterinary Clinic 2023 – All Rights Reserved Page 17 Coastal Veterinary Clinic
6.2 Exceptions The Infosec team must approve any exception to the policy in advance. 6.3 Non-Compliance An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. Digital Signature Acceptance Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is no prior approval required. If you would like to contribute a new policy or updated version of this policy, please send an email to policy-resources@sans.org . Last Update Status: Updated October 2023 Coastal Veterinary Clinic 2023 – All Rights Reserved Page 18 Coastal Veterinary Clinic
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
1. Overview See Purpose. 2. Purpose This policy provides guidance on when digital signatures are considered accepted means of validating a signer's identity in Coastal Veterinary Clinic electronic documents and correspondence, and thus a substitute for traditional “wet” signatures within the organization. Because communication has become primarily electronic, the goal is to reduce confusion about when a digital signature is trusted. 3. Scope This policy applies to all Coastal Veterinary Clinic employees and affiliates. This policy applies to all Coastal Veterinary Clinic employees, contractors, and other agents conducting Coastal Veterinary Clinic business with Coastal Veterinary Clinic-provided digital key pair. This policy applies only to intra-organization digitally signed documents and correspondence and not to electronic materials sent to or received from non-Coastal Veterinary Clinic-affiliated persons or organizations. 4. Policy A digital signature is an acceptable substitute for a wet signature on any intra-organization document or correspondence, except those noted on the site of the Chief Financial Officer (CFO) on the organization’s intranet: <CFO’s Office URL> The CFO’s office will maintain an organization-wide list of documents and correspondence types not covered by this policy. Digital signatures must apply to individuals only. Digital signatures for roles, positions, or titles (e.g., the CFO) are invalid . 4.1 Responsibilities Digital signature acceptance requires specific action on the employee signing the document or correspondence (hereafter the signer ) and the employee receiving/reading the document or correspondence (hereafter the recipient ). 4.2 Signer Responsibilities 4.2.1 Signers must obtain a signing key pair from Coastal Veterinary Clinic HR. This key pair will be generated using the Coastal Veterinary Clinic ’s Public Key Infrastructure (PKI), and the public key will be signed by the Coastal Veterinary Clinic ’s Certificate Authority (CA). Coastal Veterinary Clinic 2023 – All Rights Reserved Page 19 Coastal Veterinary Clinic
4.2.2 Signers must sign documents and correspondence using software approved by the infosec IT organization. 4.2.3 Signers must protect their private key and keep it secret. 4.2.4 If a signer believes that the signer’s private key was stolen or otherwise compromised, the signer must contact Coastal Veterinary Clinic Identity Management Group immediately to have the signer’s digital key pair revoked. 4.3 Recipient Responsibilities 4.3.1 Recipients must read documents and correspondence using software approved by the Infosec IT department. 4.3.2 Recipients must verify that the signer’s public key was signed by the Coastal Veterinary Clinic ’s Certificate Authority (CA) by viewing the details about the signed key using the software they are using to read the document or correspondence. 4.3.3 The recipient must not trust the document's source or correspondence if the signer's digital signature does not appear valid . 4.3.4 If a recipient believes that a digital signature has been abused, the recipient must report the recipient’s concern to Coastal Veterinary Clinic Identity Management Group . 5. Policy Compliance 6.4 Compliance Measurement The Infosec team will verify compliance with this policy through various methods, including but not limited to business tool reports, internal and external audits, and feedback to the policy owner. 6.5 Exceptions The Infosec team must approve any exception to the policy in advance. 6.6 Non-Compliance An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. Coastal Veterinary Clinic 2023 – All Rights Reserved Page 20 Coastal Veterinary Clinic

Related Documents

Shawn Arroyo Topic 1 Assignment Part 1.docx
NSE-Lab4-Samantha-DeGaetano.docx
SArroyo Benchmark-SQL Triggers.docx
IT 304 Project One System Requirements Specific.- Angran (1).docx
Foster C__5e Lesson Planning_Assignment.pdf
Katie Coleman_DoD Project_Final.docx
Case Study 9 Data collection methods.docx
Case Study 6 Real World Case 17.1.docx
M2.Risk Register_SharyuShah.xlsx
Case Study 3 Data Dictionary.docx
Case Study 4 Home vs Work.docx
Week 5 Asynch. Slides - Schema-on-Write Database Design.pptx