Download procedure name - Siskiyou Central Credit Union

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
Document related concepts

Cyber-security regulation wikipedia , lookup

Information security wikipedia , lookup

Cyberattack wikipedia , lookup

Security-focused operating system wikipedia , lookup

Wireless security wikipedia , lookup

Information privacy law wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Distributed firewall wikipedia , lookup

Mobile security wikipedia , lookup

Unix security wikipedia , lookup

Computer security wikipedia , lookup

Social engineering (security) wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Siskiyou Central Credit Union
Procedures
INFORMATION SECURITY PROCEDURES
 Core Data Processing System
o Our core system resides on a IBM i5 server and is hosted by CMC Flex
and is located at the Yreka main office, this system can be accessed in
two formats, IBM’s Client Access software and CMC Flex’s new Java
interface known as JUICE.
 Core Data Process Server Updates
o Updates or patches to the core system are supplied by CMC Flex via C/D
or FTP(file transfer protocol), these may include IBM ‘s PTF or direct
download patches. Direct downloads are sent to the server via FTP from
CMC Flex, this may include version updates, fixes for open service
request or service call fixes approved by the Information Security Officer.
o JUICE fixes are sent in scheduled deployments, these are scheduled for
the third week of each month on Thursday after EOD is processed. The
Information Security Officer receives an e-mail and / or a phone call to
confirm and notify the credit union of each deployment.
 Core Data Process Server Maintenance
o Maintenance on our i5 server is performed quarterly, verify distribution
queue retentions are checked prior to any purging, this is outlined in our I5
quarterly cleanup procedure, this includes purging old data, i.e.; Review
and clean wrkoutq, Purge Credit reports, Purge audio history, Purge Flex
Teller history, Purge AP History, Purged closed accounts, Purge share,
and archived purged accounts.
 Core Data Process Server Backups
o A complete system backup is performed prior to quarterly purging, so that
any data purged can be recovered, and then another complete system
backup is performed once the cleanup process is completed. Daily,
weekly and monthly backups are performed, please refer to our End of
Day, End of Month and our Disaster Recover Procedures.
12/11/2009 Rev. 03/2012
1
Siskiyou Central Credit Union
Procedures
 Core Data Process Server Monitoring / Logs
o System job logs are review by the Information Security Officer to identify
any system changes or modifications. Any Job logs that show changes to
the core system will be retain to identify the system changes to ensure
these were approved.
 Use of Voicemail, Electronic Mail and the Internet
o Company Access To Voice And Computer Communications
o While the Credit Union voicemail and computer (e-mail) systems are
provided for business purposes, it recognizes that employees may make
incidental use of these systems for personal messages. These messages
will be treated no differently than written business messages, and may be
accessed by the Credit Union for a variety of reasons. Please be clear
that anything you send, receive, or store on any Credit Union-provided
system may be read, listened to, or copied. The best guideline is: if you
don’t want management to see it or hear it, don’t use the Credit Union
equipment to write it, receive it, send it, or store it.
o Password Control
o Employee Password best practice is review annually (see SCCU Security
Training Program).
o The System Manager/IT Specialist maintains a record of the following
passwords:
o
Internet
o
E-mail
o
Intranet
o
Telephone voicemail
o
Vacation calendar
o
Personnel evaluation program
o
Employee time clock program
o
Kelley Blue Book
o You are not permitted to use any password except your own to gain
access to any password protected program.
o Obligation To Protect Confidential Information
o In using all electronic communication systems, you are required to protect
the integrity of the Credit Union’s proprietary and confidential business
information and confidential information relating to the Credit Union
employees. Because electronic systems are not private and use of these
systems creates documents and recordings that may be easily distributed
to individuals other than the intended reader, you must exercise caution
12/11/2009 Rev. 03/2012
2
Siskiyou Central Credit Union
Procedures
when you use voicemail or e-mail to transmit Credit Union trade secrets or
other confidential information.
o Restrictions On Use Of Electronic Systems
o Like other Company assets, the Credit Union’s voicemail, e-mail and
Internet systems may be used only in a responsible and lawful manner.
The following policies apply to all use of these systems:
o These systems may not be used to send any communication that may
reasonably be perceived as discriminatory, harassing, offensive, or
disruptive.
o They may not be used to send communications or material that defames
or disparages an individual, Credit Union, or business.
o They may not be used to conduct personal business. Solicitations, offers
to buy and sell goods or services, and other personal messages to groups
are not an appropriate use of these systems.
o You must not make any copies of the Credit Union’s computer software or
computer files except for backup purposes. You must not give software to
any other person.
o Loading of any unauthorized personal software is not allowed.
 Network
o Changes to any part of the credit union network must be documented and
approved by the Information Security Officer, this includes but is not
limited to; configuration changes to any device, adding or removing any
type of devices to the network. Wireless network devices are not allowed
on the credit union internal network.
 Network / Wireless Access Control
o The credit union has all devices assigned a static IP address, DHCP
(Dynamic Host Configuration Protocol) is not enabled on the internal
network. The use of DHCP is setup on the credit unions Linksys Firewall.
The credit union uses a Linksys wireless router / firewall in conjunction
with it‘s Linksys firewall to be used for internet access only and in no way
tied to the internal credit union network, this access is locked and
encrypted with a 128 encryption key. The Information Security Officer
manages the encryption key. This access is for internal use only to allow
auditors or other vendors that may need temporary internet access as well
12/11/2009 Rev. 03/2012
3
Siskiyou Central Credit Union
Procedures
as Board Of Directors Meeting and Training Webinars, if a cabled
connection is needed the Information Security Officer or assigned will
locate the Ethernet port needed for internet access and redirect this cable
to the Firewall’s DHCP port, this will not allow access to the credit unions
network, but will allow the use of the internet.
 Network Anti Virus/Spyware
o The Fortinet Firewall and Cymphonix web content filtering devices
supports antivirus and spyware content blocking, these unit’s update virus
and spyware definitions daily.
 Network Monitoring/Alerts/Report/Logs
o The credit union internal network is monitored and protected by several
devices, Fortinet Firewall, Cymphonix web content filtering device,
Intrusion Detection System (IDS) system know as snort and Spiceworks, a
network monitor that supports network inventory management as well as a
helpdesk to manage network concerns.
o Our Firewall is managed by CMC Flex, the credit union receives monthly
reports of all firewall activities, these are reviewed and logged by the
Information Security Officer. The Cymphonix device, IDS system and
Spiceworks are accessed through the local Intranet; the Information
Security Officer manages access to this device. Any changes or
modification to these systems must be approved by the Information
Security Officer; all logs are reviewed to insure the integrity of the system.
Reports and alerts are e-mailed to the Information Security Officer through
the Cymphonix web content filtering devices, IDS system and Spiceworks
automatically per the policies setup within the reporting / monitoring
properties.
 Personal Computers Access Control
o All credit union pc’s are password protected, each account established
must be setup with a password. All accounts must have a log out time
period enabled and set to no longer than 15 minutes with password set
on resume.
 Personal Computers Maintenance
o Maintenance is performed by the Information Security Officer weekly on all
pc’s on Wednesday and Thursday’s, this includes;
12/11/2009 Rev. 03/2012
4
Siskiyou Central Credit Union
Procedures

Disk cleanup, that includes deleting of downloaded program files,
offline web pages, recycle bin, temporary files, web client/
published temporary files.

Windows operating system updates and security patches, revision
updates and service pack releases. (Note; Revision updates and
Service Packs will not be installed on production machines until
they have been tested to ensure compatibility of third party vendor
software.)

Third party software such as Microsoft Office, Adobe, etc. will be
checked for updates and security patches weekly.

Defragmentation of the hard drives are performed monthly, unless
new hardware or software programs are installed, then a
Defragmentation will be performed after modification of the pc are
completed.
 Personal Computers Anti Virus / Spyware
o All credit union pc’s are protected with Symantec Endpoint Protection
11.0. All pc’s are monitored by the Symantec Endpoint Protection server,
updates are pushed out from the server 24/7 to all pc’s on the network.
The Information Security Officer monitors system performance and
reviews logs daily to ensure virus and spyware system is operating
properly.
If a credit union laptop pc is taken off of the local network, the antivirus
program is configured to receive updates via the internet to ensure virus
definitions are up to date.
 Personal Computers Monitoring
o All PCs are monitored by our Spiceworks system, any modifications or
changes made to any PC on the local network will be logged, the
Information Security Officer will be notified via e-mail of any changes
made to any machine this includes any automated updates.
 Personal Computers Backups
o Backups of personal files are performed monthly on all WorkStation pc’s.
12/11/2009 Rev. 03/2012
5
Siskiyou Central Credit Union
Procedures
o Critical PC systems such as: Symantic antivirus server, time forced data,
wisdom data and website data files are backed up weekly. JMFA Server is
backed up daily.
o All data is backup up to a remote drive located in the server room on
PC31 Drive F running Raid for redundancy.
 Personal Computer Software
o Any software modifications or installations must be approved by the
Information Security Officer prior to being installed or updated.
 Firewall / Routers
o The credit union firewall are maintained by CMC Flex, all configuration file
are backed up to CMC Flex’s hardware department and the credit union’s
Information Security Officer keeps a onsite copy of the file. Internet
Router, MLPS Routers and lines are managed and monitored by AT&T,
with backup modem and e-mail notification sent to the credit union if any
problems occurs.
12/11/2009 Rev. 03/2012
6
Related documents
No Slide Title
No Slide Title
Marketing Policy - Siskiyou Central Credit Union
Marketing Policy - Siskiyou Central Credit Union
Network Security
Network Security
Document 62752
Document 62752
Part II. Project Information, to be completed by the proposer (Faculty
Part II. Project Information, to be completed by the proposer (Faculty
Denial of Service Attacks
Denial of Service Attacks
Firewall
Firewall
Christian Medical College, Vellore, Tamil Nadu, India
Christian Medical College, Vellore, Tamil Nadu, India
Blue Asterisk template - Connected Security Expo
Blue Asterisk template - Connected Security Expo
Research Summary 1
Research Summary 1
Insert practice name
Insert practice name
SOCIAL INFORMATION PROCESSING THEORY
SOCIAL INFORMATION PROCESSING THEORY
Purging Strategies with JD Edwards Software
Purging Strategies with JD Edwards Software
Understanding and Preventing Spyware in the Enterprise
Understanding and Preventing Spyware in the Enterprise