From 2256bb1c2a3bc179e5d4d8aa3aa5b93f069ac36f Mon Sep 17 00:00:00 2001
From: Florian Hoss <mail@florianhoss.de>
Date: Tue, 28 Jun 2022 12:23:29 +0200
Subject: [PATCH] Update part6.tex

---
 Lab05/documentation/part6/part6.tex | 34 +++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/Lab05/documentation/part6/part6.tex b/Lab05/documentation/part6/part6.tex
index 2982f18..341b923 100644
--- a/Lab05/documentation/part6/part6.tex
+++ b/Lab05/documentation/part6/part6.tex
@@ -1 +1,35 @@
 \section{Part 6: Security Policies}
+
+\subsection{Policy 1: Handling of customer-related data}
+
+\begin{list}{-}{}
+    \item Customer-related data may only be stored on the company server.
+    \item The temporary storage of customer-related data on anything else outside of the company server is not allowed.
+    \item Customer-related date must be confidential. It cannot be share with anybody without the permission of the customer.
+    \item Every customer needs to sign Form 4B before storing of any Data in the system will take place.
+    \item After a 6 Month storage period all customer-related data must be deleted. Backups may hold the data for no longer then 12 Months.
+    \item The Client DB is only accessable over the company network.
+    \item All Communication to the Client DB must be encryped.
+\end{list}
+
+\subsection{Policy 1: Implementation}
+
+New Customer -> Signing of Form 4B -> customer-related data is entered in the system and processed -> after 6 months it is deleted -> backups will continue to hold data for 6 more months
+
+\subsection{Policy 2: Access to Production site / Building Security}
+
+\begin{list}{-}{}
+    \item The front desk is to be staffed 24/7. The staff has to effectively control the entrance to the company premises.
+    \item Camera monitoring for selected areas must be provided. The records must be archived for 21 days.
+    \item Loss of keys must be reported immediately to the factory protection (tel.: +49 XXX).
+    \item Company ID cards and keys may not be passed on or exchanged between employees.
+    \item The control of these directives is the responsibility of the plant protection team. A check of the perimeter takes place at least twice a day (walking the fence).
+    \item Access may only permitted if the employee has access to the specific area.
+    \item Employees need to carry their ID card at any time.
+    \item Before acces to premises employee needs to sign Form 3C.
+    \item ID cards need to be visible at all time.
+\end{list}
+
+\subsection{Policy 1: Implementation}
+
+New Employee -> Backround Check -> Hire Employee -> IT processes new ID Card -> Employee signs form 3C -> User Account will be created -> Access to restricted area