This standard documents the security requirements for Wireless solutions within the Company.
The objectives of this standard are to:
a. Provide a statement of intent describing how Wireless solutions will be implemented in accordance with Information Security and other requirements
b. Describe any system functionality/ parameters that are necessary to fulfil security requirements
c. Identify the scope of systems and equipment to which this Standard applies
d. Determine any procedural requirements that need to be accounted for during design and implementation
All wireless networks and devices must have security capabilities in order to minimize the risk of unauthorized users taking advantage of an insecure wireless network and gaining access to business critical Company data. This standard is applicable to wireless network devices (including switches, routers and access points).
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. ACCOUNTABILITIES AND RESPONSIBILITIES
4. INVENTORY OF ASSETS
4.2 CLOCK SYNCHRONIZATION
4.3 USER ACCESS
4.6 PASSWORD AND KEY MANAGEMENT
4.7 WIRELESS DEVICE UPDATES
4.8 NOTIFICATIONS AND ALERTS
4.9 INCIDENT MANAGEMENT
4.10 PHYSICAL INSTALLATION AND DEPLOYMENT
4.11 UNAUTHORIZED WIRELESS DISCOVERY
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
6.2 DOCUMENT REVISION
The objective of the Cryptographic Controls Standard is to outline the minimum information security controls which must be applied when cryptographic services and solutions are utilized by the Company. Specifically, this Standard focuses on key management requirements, acceptable algorithms, appropriate key lengths, and raises pertinent regulatory considerations relating to the use of cryptography.
The IT Acceptable Use Policy sets out the principles and instructions to follow for acceptable and appropriate use of information technology hardware, software, systems, applications, data, facilities, networks, and telecommunications equipment based on information security control objectives and requirements to protect Company’s IT information assets.
The objective of the Change Management Procedure is to ensure the integrity and availability of Company’s information and to prevent damages from uncontrolled changes to all IT and physical infrastructure services that support Company’s systems.