writing the IT policy for JCP bank
LAN Domain
{Introduction}
{Purpose}
{Scope}
{Policies}
Example
The workstation domain includes end-user devices such as desktops, laptops, and mobile devices. There are many considerations for the workstation domain, including DoD requirements and regulations.
Purpose
The purpose of this policy is to identify and implement security controls to help protect information systems resources within the workstation domain.
Scope
The scope of this policy includes all end-user devices used to access any company network or data, including but not limited to: desktops, laptops, and mobile devices. This policy will cover operating systems and locally installed software.
Policies
Antivirus software is required on any device that connects to the DoD network. “The DoD requires Components to implement virus protection such as antivirus tools to prevent and eliminate downloading, installing, and using unauthorized software on DoD networks” (Inspector General, 2016, p. 13).
Operating systems should be kept up-to-date based on the latest DoD recommendations. Workstations are to be hardened by uninstalling unneeded software and drivers, and unneeded services shall be turned off.
Hard drives should be encrypted and all devices protected by multifactor authentication. One report states that “The DoD issued logical access policies, including policies requiring the use of multifactor authentication” (Inspector General, 2016, p. i).
Screen locks shall be enabled on each device to protect devices from unauthorized access. Monitors shall have privacy filters installed to prevent shoulder surfing in susceptible areas.
0 comments