| | |

 
  / Infos / ISP Security Policies
ISP Security Policies and Procedures

Policies:

Our Standards: Information Security Management System

  1. Risk assessment
  2. Security policy
  3. Organization of information security
  4. Asset management
  5. Human resources security
  6. Physical and environmental security
  7. Communications and operations management
  8. Access control
  9. Information systems acquisition, development and maintenance
  10. Information security incident management
  11. Business continuity management
  12. Compliance
     

1. Risk Management

Risk management information systems/services (RMIS) are used to support expert advice and cost-effective information management solutions around key processes such as:

  • Risk identification and assessment
  • Risk control
  • Risk financing
     

2. Security policy:

The information security policy establishes guidelines and standards for accessing the organisations information and application systems.

DCL security Policies and procedures applies to its employees, customers, contractors, consultants, volunteers and third party organizations.

DCL reviews its security policy after each quarter.

DCL will have certified security professionals.


3. Organization of Information Security:

The Information Security Policy contains operational policies, standards, guidelines and metrics intended to establish minimum requirements for the secure delivery of any services. Secure service delivery is the assurance of confidentiality, integrity, availability and privacy of government information assets through:

  • Management and business processes that include and enable security processes;
  • Ongoing personnel awareness of security issues;
  • Physical security requirements for information systems;
  • Processes for information technology;
  • Reporting information security events and weaknesses;
  • Creating and maintaining business continuity plans; and,
  • Monitoring for compliance.
     

4. Asset Management:
DCL will help to protect the home and business users that utilize their services.

The security services that DCL provide also protect the servers that are located at the service provider premise.

DCL often called upon to help their customers secure their local networks and workstations to reduce the risks of compromise

DCL will upgrade the Software and Hardware required for security whenever it is necessary.

DCL will protect the data of all its customers.


5. Human Resource Security:
DCL ensure that employees, contractors and third-party users understand their responsibilities, and are suitable for the roles for which they are considered, in order to reduce the risk of theft, fraud or misuse of facilities.

Screening is to background verification checks for all candidates for employment, contractor status, or third party user status.

DCL monitors Security roles and responsibilities of employees, contractors and third-party users should be defined and documented in accordance with the organization's information security policy. Control includes requirements to:

act in accordance with the organization's information security policy, including execution of processes or activities particular to the individual's role;

protect all information assets from unauthorized access, use, modification, disclosure, destruction or interference;

report security events, potential events, or other risks to the organization and its assets; and assign responsibility to the individual for actions taken or, where appropriate, responsibility for actions not taken, consistent with the sanctions policy.
Pre-employment agreements : Where appropriate, employees, contractors and third-party users should be required to sign, prior to being given access or other privileges to information or information processing facilities, In additional they have sign the confidentiality or non-disclosure agreements and/or acceptable use of assets agreements.


6. Physical and Environment Security:
Physical and environmental security addresses the threats, vulnerabilities and countermeasures used to secure an organization’s assets. Physical and environmental security encompasses people, facilities, data, equipment, media and supplies. Physical and environmental security includes administrative controls, physical access controls and environmental protection controls.

DCL will have Physical protect to its facility by security guards, lighting, Keys , locks and monitoring and detection system.

DCL will have environment protection by Power protection and conditioning, Water protection, Fire detection, Evacuation, Environment monitoring and detection.
DCL will complies with regulatory mandates, such as Health and fire safety.


7. Communications and operations management.
DCL will have policy for Exchange of information between DCL and customers, Employees, Consultants, contractor and third party organization.

DCL will have Network controller management for monitor activities on the network.

DCL will have protection against malicious attacks.

DCL will have backup and Disaster Recovery policy.

DCL will have audit logging to monitor activities.


8. Access control
DCL will follow the methods of Discretionary Access Control, Mandatory Access Control and Role Based Access Control.
Discretionary Access Control (DAC) is a means of restricting access to information based on the identity of users and/or membership in certain groups. Access decisions are typically based on the authorizations granted to a user based on the credentials he presented at the time of authentication (user name, password, hardware/software token, etc.)
Mandatory Access Control (MAC) ensures that the enforcement of organizational security policy does not rely on voluntary web application user compliance. MAC secures information by assigning sensitivity labels on information and comparing this to the level of sensitivity a user is operating at.
In Role-Based Access Control (RBAC), access decisions are based on an individual's roles and responsibilities within the organization or user base. The process of defining roles is usually based on analyzing the fundamental goals and structure of an organization and is usually linked to the security policy.


9. Information systems acquisition, development and maintenance
DCL will ensure that information security is considered throughout the lifecycle of any system that holds and processes information assets, from conception and design, through creation and maintenance, to ultimate disposal. This policy outlines the basic requirements and responsibilities to achieve.

Appropriate controls and audit trails is designed into applications to prevent errors, loss and unauthorized modification or misuse of information in application systems. Data input to application systems must be validated to ensure the data is correct. Controls must apply to data types such as names, addresses and reference numbers. Controls must be appropriate and at a minimum be based on a risk assessment.


10. Information security incident management

DCL incident management team provides direction and support to all affected business units. This centralized approach ensures that recovery requirements for affected business units are met while minimizing confusion and duplication of effort.

The incident management team is responsible for Managing internal and external communications, Directing response and recovery activities, Monitoring the recovery progress , Providing or reallocating recovery resources.

DCL Incident Management Team is composed of Executive management, Staff support department representatives, Department heads whose departments have been directly affected by the incident.


11. Business Continuity Management:
DCL will develop a business continuity management process to protect your critical business processes during business disruptions, security failures, and disasters.

DCL will make sure that your business continuity management process is used to prevent business disruptions, security failures, and disasters.

DCL will make sure that your business continuity management process is used to recover from business disruptions, security failures, and disasters.
DCL make sure that your business continuity management process is used to identify and reduce security risks and to ensure that essential operations are restored as quickly as possible.

DCL will make sure that your business continuity management process is used to limit the impact that damaging incidents could have.

DCL will analyze the impact that disasters could have on your critical business processes.

DCL will analyze the impact that security failures could have on critical business processes.

DCL will analyze the impact that a loss of service could have on critical business processes.

DCL will develop a contingency plans in order to ensure that critical business processes are restored within a reasonable period of time.


12. Compliance:
DCL uses comprehensive security policy based on the international standard ISO/IEC 17799:2005