This standard documents the security requirements for Wireless solutions within the Company.
The objectives of this standard are to:
a. Provide a statement of intent describing how Wireless solutions will be implemented in accordance with Information Security and other requirements
b. Describe any system functionality/ parameters that are necessary to fulfil security requirements
c. Identify the scope of systems and equipment to which this Standard applies
d. Determine any procedural requirements that need to be accounted for during design and implementation
All wireless networks and devices must have security capabilities in order to minimize the risk of unauthorized users taking advantage of an insecure wireless network and gaining access to business critical Company data. This standard is applicable to wireless network devices (including switches, routers and access points).
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. ACCOUNTABILITIES AND RESPONSIBILITIES
4. INVENTORY OF ASSETS
4.2 CLOCK SYNCHRONIZATION
4.3 USER ACCESS
4.6 PASSWORD AND KEY MANAGEMENT
4.7 WIRELESS DEVICE UPDATES
4.8 NOTIFICATIONS AND ALERTS
4.9 INCIDENT MANAGEMENT
4.10 PHYSICAL INSTALLATION AND DEPLOYMENT
4.11 UNAUTHORIZED WIRELESS DISCOVERY
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
6.2 DOCUMENT REVISION
The objective of this policy is to define standards, procedures, and restrictions for end users who are connecting a personally-owned device to Company’s organization network for business purposes.
The IT Acceptable Use Policy sets out the principles and instructions to follow for acceptable and appropriate use of information technology hardware, software, systems, applications, data, facilities, networks, and telecommunications equipment based on information security control objectives and requirements to protect Company’s IT information assets.
The objective of the Change Management Procedure is to ensure the integrity and availability of Company’s information and to prevent damages from uncontrolled changes to all IT and physical infrastructure services that support Company’s systems.