Network Security or Firewall Policy

ARGOTE, LADRON DE GUEVARA & ASOCIADOS

S. CIVIL De R.L.
Purpose: The purpose of this policy is to define the guidelines for the management and use of
the network security infrastructure and firewall devices at ARGOTE, LADRON DE GUEVARA &
ASOCIADOS S. CIVIL DE R.L. This policy aims to provide protection against unauthorized access
and ensure the confidentiality, integrity, and availability of the network infrastructure.

Scope: This policy applies to all employees, contractors, and third-party vendors who have
access to ARGOTE, LADRON DE GUEVARA & ASOCIADOS S. CIVIL DE R.L.'s network infrastructure
and information systems.

Policy:

Firewall Configuration 1.1. The network security infrastructure must include firewall devices that
are configured according to industry standards and best practices. 1.2. All incoming and
outgoing network traffic must pass through the firewall devices, and no direct connections from
external networks to internal systems will be allowed. 1.3. The firewall devices must be
configured to block all unauthorized access attempts and network traffic that violates the
organization's security policies.

Firewall Rules 2.1. Firewall rules must be documented, reviewed, and approved by the
Information Security Officer (ISO) on a regular basis. 2.2. Firewall rules must be reviewed and
updated whenever there is a change in the network infrastructure or business requirements.
2.3. Firewall rules must be configured to restrict access to only those network services required
for business operations.

Network Security Monitoring 3.1. Network security devices, including firewall devices, must be
monitored on an ongoing basis to identify any suspicious or unauthorized activity. 3.2. Logs
generated by the firewall devices must be stored and analyzed on a regular basis to detect any
potential security incidents. 3.3. Any security incidents detected by the network security
infrastructure must be reported to the ISO immediately.

Network Access Control 4.1. Access to the network infrastructure must be controlled using
strong authentication mechanisms, such as passwords, smart cards, or biometric systems. 4.2.
Access to the network infrastructure must be restricted to only those users who require it for
business operations. 4.3. Access to the network infrastructure must be terminated immediately
upon the termination of an employee, contractor, or third-party vendor.

Firewall and Network Security Testing 5.1. The firewall devices and network security
infrastructure must be tested on a regular basis to ensure that they are functioning correctly
and according to industry standards. 5.2. Firewall and network security testing must be
conducted by qualified professionals, either in-house or through a third-party vendor. 5.3.
Testing must include vulnerability scanning, penetration testing, and other security assessments
as required.
Enforcement: Any employee, contractor, or third-party vendor found to have violated this policy
may be subject to disciplinary action, up to and including termination of employment or
contract. Non-compliance with this policy may also result in the revocation of network access
privileges or legal action against the individual or organization responsible.

Review and Revision: This policy will be reviewed annually or whenever there is a significant
change to the network infrastructure or business operations. Any changes to this policy must be
approved by the ISO and communicated to all employees, contractors, and third-party vendors
who have access to the network infrastructure.