Professional Documents
Culture Documents
Lab 4
Lab 4
Standards:
This policy references technical hardware, software, and configuration standards for IT assets
throughout the seven domains of ABC Credit Union's typical IT infrastructure. These standards
include, but are not limited to, the following:
- Workstation Configuration Standards
- Network Device Configuration Standards
- Server Configuration Standards
- Database Configuration Standards
- Cloud Services Security Standards
- Application Security Standards
- Physical Security and Access Controls Standards
Procedures:
1. Endpoint Devices:
- All workstations, laptops, and smartphones must comply with the Workstation Configuration
Standards.
- The IT department is responsible for ensuring the proper configuration and security of all
endpoint devices.
- Employees are responsible for reporting any security incidents or vulnerabilities to the IT
department.
2. Network Devices:
- All network devices must comply with the Network Device Configuration Standards.
- The IT department is responsible for ensuring the proper configuration and security of all
network devices.
3. Servers:
- All servers must comply with the Server Configuration Standards.
- The IT department is responsible for ensuring the proper configuration and security of all
servers.
4. Database Systems:
- All database systems must comply with the Database Configuration Standards.
- The IT department is responsible for ensuring the proper configuration and security of all
database systems.
5. Cloud Services:
- All cloud services must comply with the Cloud Services Security Standards.
- The IT department is responsible for ensuring the proper configuration and security of all
cloud services.
6. Application Systems:
- All application systems must comply with the Application Security Standards.
- The IT department is responsible for ensuring the proper configuration and security of all
application systems.
7. Physical Security and Access Controls:
- All physical security and access controls must comply with the Physical Security and Access
Controls Standards.
Guidelines
- Information systems security is a shared responsibility among all employees, with defined
roles and responsibilities.
- Employees are responsible for following all policies and procedures related to information
systems security.
- The IT department is responsible for maintaining the technical hardware, software, and
configuration standards for IT assets throughout the seven domains of a typical IT
infrastructure.
- Regular security audits will be performed to ensure compliance with this policy and to
identify any gaps or areas for improvement.
- If an employee identifies a potential security breach or violation of this policy, they must
report it immediately to the IT department.
- Any disputes or misunderstandings regarding the separation of duties should be addressed
through the appropriate channels and with the involvement of HR and senior management if
necessary.
- The policy will be reviewed and updated annually to ensure its effectiveness and to align with
the latest IT security best practices.