Created by User 7142e, last modified on Jan 24, 2023

This policy shall be reviewed by relevant stakeholders, send feedbacks and shall be approved by relevant Decision Makers and with the Final Approval of the Legal Department for Implementation.

Furthermore please check the latest BSP MORB Guidelines and Requirements to confirm the policies and procedures stated herein.

Introduction:

This policy outlines the measures to protect the integrity and confidentiality of the organization's network resources, including firewalls, intrusion detection and prevention systems, and virtual private networks (VPNs). This policy is intended to ensure the confidentiality, integrity, and availability of IT systems and resources by securing the organization's network infrastructure.

Scope: This policy applies to all employees, contractors, and other individuals who are responsible for the operation and maintenance of the organization's network infrastructure, including but not limited to: servers, routers, switches, and other network devices.

Policy:

  1. Firewall:

  • The organization must have a firewall in place to protect the network from unauthorized access.

  • The firewall must be configured to deny all incoming traffic, except for traffic that is explicitly allowed.

  • The firewall must be configured to log all denied traffic.

  1. Intrusion detection and prevention systems:

  • The organization must have intrusion detection and prevention systems in place to detect and prevent unauthorized access to the network.

  • The intrusion detection and prevention systems must be configured to alert the IT department of any suspicious activity.

  • The intrusion detection and prevention systems must be updated and maintained on a regular basis.

  1. Virtual private networks (VPNs):

  • The organization must have a VPN in place to secure remote access to the network.

  • The VPN must use strong encryption algorithms to protect data in transit.

  • The VPN must be configured to authenticate users before allowing access to the network.

  1. Network segmentation:

  • The organization must segment the network to limit the scope of damage caused by a security incident.

  • The organization must restrict access to sensitive information to only authorized personnel.

  • The organization must implement network access controls to restrict access to specific network resources.

Implementation:

  • The IT department is responsible for the implementation and enforcement of this policy.

  • The IT department must establish a process for configuring and maintaining the firewall, intrusion detection and prevention systems, and VPN.

  • The IT department must conduct regular audits to ensure compliance with this policy.

Enforcement:

  • Non-compliance with this policy may result in disciplinary action, up to and including termination of employment or contract.

  • Any suspected violations of this policy must be reported to the IT department immediately.