Posted on 2005-03-02
After performing a Business Risk Analysis related to ICT, our company HM, encourages its departments or companies to enforce the following 8 policies as summarized below:
1. Personnel Security Policy: To ensure that a high level of integrity and satisfactory staff conduct is achieved and maintained and to promote an awareness of security matters. Abiding to HM ICT policy must be should be a condition of employment and security training or awareness session be conducted regularly.
2. Information Sensitivity Policy: To specify the information at varying sensitivity levels and adopt the adequate protecting. Confidential information may necessitate more or less stringent measures of protection depending upon the circumstances and the nature of the HM Confidential information in question.
3. Server Security Policy: To register servers and related hardware within the corporate enterprise management system. To clearly identify the responsible person for backup procedures and maintenance of hardware and operating version. To perform access control to the physically secured location of the server.
4. Data Security Policy: To establish data security controls over computers consistent with the criticalness, confidentiality, and privacy needs of the data processed. To backup critical files on a removable media located in a remote site. To perform accurate data entry and ensure integrity of process.
5. Internet Usage Policy: To ensure that employees use the sole Internet link manage by the Security Management Authority for the purpose of HM business only. The standard for properly using company e-mail is like using the official company letterhead or memos. Mass emailing, on-line gaming, browsing of indecent web sites, commerce for personal gain and downloading of music, images for personal use are strictly forbidden.
6. Antivirus Policy: To enable this function on every workstation and server. To use only antivirus technology that has been approved by Harel Mallac & co. ltd.
7. Password Policy: To ensure that users have strong password that are changed regularly at least every month. At no time a user should disclose his password to a third party or insert it into email messages or other forms of electronic communication.
8. Telecom Policy: To ensure that the Departments use Telecom links only to get connected to the HM Group Corporate network. Departments must obtain approval from the Security Management Authority before introducing any new telecom equipment to HM Group network.
Please provide me a detailed help how to proceed in building up a Group Policy which will englobe all the above 8 features.
Also, i'll be using Windows on all platforms, can you provide me a tool which will help me to provide security at the level.