Purpose
This policy establishes guidelines for the Zeta Alpha information technology security department regarding strengthening asset operability, security, and integration and developing a framework for categorizing systems and data based on their sensitivity, value, and interoperability. Technology areas include, but are not limited to, data categorization, data management, communications, and encryption. In addition, Zeta Alpha information and information systems incorporate regulations for utilizing, administering, and controlling on behalf of the organization by contractor, agency, or other entity.
Responsibilities
All covered personnel, including third-party agents who utilize Zeta Alpha resources, are responsible for adhering to this policy and the access control requirements. In addition, employees who use the organization’s network remotely must follow the organization’s security rules and procedures to secure Zeta Alpha’s equipment, data, and network access, just as they would if they were working on-site.
Administration: Responsibilities include ensuring that proper administrative and technical privacy safeguards are in place and working effectively, in addition to education about access controls and duties.
Information Security Department: Warrants the confidentiality, integrity, and availability of information and information systems by preventing unauthorized access, utilization, disclosure, interruption, alteration, or destruction.
Covered Personnel: All covered staff must understand security responsibilities. In addition, they must possess the necessary skills and experience to guarantee the performance of their assigned duties and ensure they effectively reduce the risk of facility theft, fraud, or abuse, as well as unauthorized access, use, or alteration of information technology resources.
Third Parties: Third-party service providers are responsible for ensuring that Zeta Alpha’s information technology systems and applications conform with this policy and all applicable information technology rules and standards are followed in addition.
Architecture and addressing of the network
For ensuring all data flow to and from the human resource department, financing, and other management support systems are protected, those systems must be physically partitioned from the rest of the network.
Network name services must be configured to deliver nonproprietary names to unwanted external users attempting to access Zeta Alpha’s system while providing meaningful names to the internal users.
Each system and network device should have a unique network address pre-loaded or determined during network authentication. The security of network address servers and the devices that utilize them to determine addresses must follow industry standards.
Procedures must be rewritten to describe any internal network reconfiguration, including changes to internal or external access points.
Access Controls for the Internet
The network access control policy will define the security measures implemented for Zeta Alpha’s network gateways. Gateways are access points that enable data to transfer between internal and external networks to the organization.
- A centralized authentication system will safeguard all telephone network access.
- Modems shall not provide both dial-in and dial-out functionality.
- Only the network administrator may access modem services.
- Users shall not install modems on the network without authorization.
Authentication of applications that utilize gateway services is required. If the legitimacy of this service is unverifiable, services delivered through the gateway must adhere to the authentication standards stated in this specification.