Policy presentation

22
Policy and Procedures of the users account Presentation by : Hani Allehyani Ahmed Alluhaybi

Transcript of Policy presentation

Page 1: Policy presentation

Policy and Procedures of the users account

• Presentation by :

Hani AllehyaniAhmed Alluhaybi

Page 2: Policy presentation

OVERVIEW

1 of 21

Introduction Definition What are kind of police?• Basic Principles :• General Principles : Questions

Page 3: Policy presentation

Introduction

2 of 21

These policies regulate the direct and indirect use of Technology resources across most companies in the world.

The success of any information security program lies in policy development

Page 4: Policy presentation

Definition

3 of 21

The basic principles by which a company is guided.

Page 5: Policy presentation

What are kind of polices?

4 of 21

• There are two kinds of policies • Basic Principles :• General Principles :

Page 6: Policy presentation

Basic Principles

5 of 21

• Every user should have one identity Connect all users description by ID that has 10 number to make easy to research

Page 7: Policy presentation

Basic Principles

6 of 21

• Every user account should be used only by the person who issued to him

Not allow to any user give to another user his username and password so If the user Account is misused, the person to whom the account was issued must take sole responsibility for those actions

Page 8: Policy presentation

Basic Principles

7 of 21

User account or email addresses shall not affect after account retirement and after 12 month

If the user account retire you will lose it after 12 month. There are two main reasons for this policy . Firstly, it is a requirement for our organization membership. Secondly, experience has shown that re-using an account it means still receives lots of private newsletters and messages.

Page 9: Policy presentation

Basic Principles

8 of 21

All accounts must adhere to the principle of least privilege

The level of access to resources granted to all users Account should be commensurate with the privileges required by the owner to do his job

Page 10: Policy presentation

Basic Principles

9 of 21 2

In our organization the password is required to at least meet the following:• At least 8 characters long• Contain at least one upper case letter and at least one lower case letter• Contain at least one number or punctuation character• Not be a dictionary word• Be less than 12 months old

Page 11: Policy presentation

General Principles

10 of 21

semi-user accounts There are some cases in which two users have the same name Mohammed Abdullah Allehyani   M a allehyani or lehyani1

continue

Page 12: Policy presentation

General Principles :

11 of 21

How to create username

A good naming convention makes it easy for users to remember their logon names

continue

Page 13: Policy presentation

General Principles

12 of 21

Signal user accountAll user ids should take the form

Mohammed Abdullah Allehyani   M a lehyani

continue

Page 14: Policy presentation

General Principles

13 of 21

semi-user accounts There are some cases in which two users have the same name Mohammed Abdullah Allehyani   M a allehyani or lehyani1

continue

Page 15: Policy presentation

General Principles

14 of 21

Service accounts Any users have Service Accounts shall have the prefix “svc”, followed by a descriptive name of the service the account relates to it .

The Exchange service account would be:

Page 16: Policy presentation

Procedures of users account

15 of

Account Creation Process: If the individual is not entered into the domain within 60 days after the originally intended start date you will be lost the account .

21

Page 17: Policy presentation

Procedures of users account

16 of

Account Removal Process

HR will regularly notify IT Services of changes in employee status for remove or increase the privileges it related to the status change

21

Page 18: Policy presentation

Procedures of users account

17 of

account is locked

Account locked duration 10 minutes and you will remove the screen to screen saver .If you do not touch or remove (keyboard or mouse ) after this time account is locked .

21

Page 19: Policy presentation

Procedures of users account

18 of

Ports

All ports like CD/DVD ,USB and FLOPY are locked except the ports connect the device like (printer, scanner , barcode……etc.) by using Trend Antiviruses programme

21

Page 20: Policy presentation

Procedures of users account

19 of

Sharing

You should be chosen the username that give him permission for files, folders or drives. Do not use default shares you should be removed

21

Page 21: Policy presentation

Procedures of users account

20 of

Antivirus software

Antivirus software should be updated timely in consultation with System Administrator

21

Page 22: Policy presentation

Procedures of users account

21 of

Partition  Do not give others the opportunity to look over your shoulder if you are working on sensitive data

21