HS-Esslingen/swb6-it-sec
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2024-10-30. You can view files and clone it, but cannot push or open issues or pull requests.
swb6-it-sec/Lab05/documentation/part6/part6.tex

36 lines
2.2 KiB
TeX
Raw Normal View History

init lab5
2022-06-16 12:46:50 +02:00
\section{Part 6: Security Policies}
Update part6.tex
2022-06-28 12:23:29 +02:00
\subsection{Policy 1: Handling of customer-related data}
\begin{list}{-}{}
\item Customer-related data may only be stored on the company server.
\item The temporary storage of customer-related data on anything else outside of the company server is not allowed.
\item Customer-related date must be confidential. It cannot be share with anybody without the permission of the customer.
\item Every customer needs to sign Form 4B before storing of any Data in the system will take place.
\item After a 6 Month storage period all customer-related data must be deleted. Backups may hold the data for no longer then 12 Months.
\item The Client DB is only accessable over the company network.
\item All Communication to the Client DB must be encryped.
\end{list}
\subsection{Policy 1: Implementation}
New Customer -> Signing of Form 4B -> customer-related data is entered in the system and processed -> after 6 months it is deleted -> backups will continue to hold data for 6 more months
\subsection{Policy 2: Access to Production site / Building Security}
\begin{list}{-}{}
\item The front desk is to be staffed 24/7. The staff has to effectively control the entrance to the company premises.
\item Camera monitoring for selected areas must be provided. The records must be archived for 21 days.
\item Loss of keys must be reported immediately to the factory protection (tel.: +49 XXX).
\item Company ID cards and keys may not be passed on or exchanged between employees.
\item The control of these directives is the responsibility of the plant protection team. A check of the perimeter takes place at least twice a day (walking the fence).
\item Access may only permitted if the employee has access to the specific area.
\item Employees need to carry their ID card at any time.
\item Before acces to premises employee needs to sign Form 3C.
\item ID cards need to be visible at all time.
\end{list}
\subsection{Policy 1: Implementation}
New Employee -> Backround Check -> Hire Employee -> IT processes new ID Card -> Employee signs form 3C -> User Account will be created -> Access to restricted area
Reference in a new issue Copy permalink