Information Security policy

1. Purpose and Objectives

Ashri Digital Marketing Co. L.L.C (ADMC) recognizes the critical importance of information security. This policy aims to:

• Safeguard sensitive data.

• Ensure compliance with legal and industry standards.

• Foster a security-conscious culture.

2. Authority and Scope

• ADMC’s leadership is responsible for enforcing this policy.

• It applies to all employees, contractors, and third parties handling ADMC data.

3. Organizational Security Management

• Risk Assessment: Regularly assess risks and vulnerabilities.

• Access Control: Limit access to authorized personnel.

• Incident Response: Define procedures for handling security incidents.

• Security Awareness Training: Educate staff on security best practices.

4. Functional Responsibilities

• IT Team: Implement security controls, monitor systems, and respond to incidents.

• Employees: Adhere to security policies, report incidents, and protect data.

5. Data Protection

• Data Classification: Categorize data (public, internal, confidential).

• Encryption: Encrypt sensitive data in transit and at rest.

• Data Retention: Define retention periods and disposal procedures.

6. Remote Work and BYOD

• Remote Access: Secure remote connections using VPNs.

• Bring Your Own Device (BYOD): Implement policies for personal devices.

7. Vendor Management

• Third-Party Vendors: Assess their security practices.

• Contracts: Include security clauses in vendor contracts.

8. Compliance and Auditing

• Legal Requirements: Comply with data protection laws.

• Regular Audits: Conduct security audits and assessments.

9. Incident Reporting

• Reporting: Employees must promptly report security incidents.

• Investigation: Investigate incidents and take corrective actions.

10. Policy Review and Updates

• Review: Annually review and update this policy.

• Communication: Ensure all staff are aware of changes

11. Network Segregation

Ashri Digital Marketing Co. L.L.C (ADMC) enforces network segregation to protect critical assets.

• Protection Measures:

  • Traffic Rules: Define strict rules for data flow between segments.

  • Access Controls: Limit access based on roles and responsibilities.

  • Monitoring: Continuously monitor network traffic for anomalies.

  • Threat Prevention: Implement firewalls, intrusion detection systems, and encryption.

By combining network segregation and robust protection measures, ADMC ensures a secure and resilient network environment.

12. Anti Virus Software

Ashri Digital Marketing Co. L.L.C (ADMC) prioritizes endpoint security. This policy ensures the installation and effective use of anti-virus software on all company endpoints.

• Installation: All company-owned devices (workstations, laptops, servers) must have approved anti-virus software installed.

• Updates: Regularly update anti-virus definitions to protect against emerging threats.

• Scans: Conduct scheduled and on-demand scans to detect and remove malware.

• Exceptions: Obtain approval for any exceptions to this policy.

• IT Team:

  • Install and configure anti-virus software.

  • Monitor alerts and respond to threats promptly.

• Employees:

  • Report any suspicious activity or malware alerts.

  • Avoid disabling or tampering with anti-virus tools.

• Non-compliance may result in disciplinary action.

• Regular audits will verify adherence to this policy.

Remember, anti-virus protection is a collective effort. Let’s keep our endpoints secure!

12. Daily Operations:

Ashri Digital Marketing Co. L.L.C (ADMC) establishes a security baseline to enhance daily operations. This policy covers:

• Screen Locking: All devices must auto-lock after a specified idle time.

• Password Complexity: Employees must use strong, unique passwords.

• Clear-Desk Policy: Workstations should be clear of sensitive information when unattended.

• Multi-Factor Authentication (MFA): Enable MFA for critical systems.

• Screen Locking:

  • Set screen lock timeout to 5 minutes.

  • Require password or biometric authentication to unlock.

• Password Complexity:

  • Minimum 8 characters.

  • Mix of uppercase, lowercase, numbers, and special characters.

  • Change passwords every 90 days.

• Clear-Desk Policy:

  • Secure physical documents.

  • Lock screens or log out when leaving workstations.

• MFA:

  • Enable MFA for email, VPN, and critical applications.

• IT Team:

  • Configure settings.

  • Monitor compliance.

• Employees:

  • Follow guidelines.

  • Report violations promptly.

• Regular audits ensure adherence.

• Non-compliance may result in disciplinary action.

Remember, security starts with consistent practices. Let’s protect ADMC’s assets and data!

13. Access Control:

Ashri Digital Marketing Co. L.L.C (ADMC) prioritizes secure access to systems and data. This policy ensures:

• Least Privilege: Users have the minimum necessary access rights.

• Data Protection: Personal data access is restricted.

• Least Privilege:

  • Assign access rights based on job roles.

  • Regularly review and adjust permissions.

  • Limit administrative access to essential personnel.

• Data Access:

  • Personal data access restricted to authorized users.

  • Multi-factor authentication (MFA) for critical systems.

  • Audit logs for access monitoring.

• IT Team:

  • Enforce access controls.

  • Monitor user access.

• Employees:

  • Adhere to access policies.

  • Report any violations.

• Regular audits ensure adherence.

• Non-compliance may result in disciplinary action.

Remember, secure access protects both our organization and personal data. Let’s follow the principle of least privilege!

14. Data Classification and Encryption:

Ashri Digital Marketing Co. L.L.C (ADMC) prioritizes data security. This policy ensures:

• Data Classification: Categorize data (public, internal, confidential).

• Encryption:

  • In-Transit: Encrypt data during transmission using secure protocols (e.g., TLS).

  • At-Rest: Encrypt sensitive data stored on servers, databases, and devices.

• Data Classification:

  • Define data sensitivity levels.

  • Label data accordingly (e.g., public, internal, confidential).

• Encryption:

  • In-Transit:

    • Use TLS for communication between servers and clients.

    • Ensure strong cipher suites (e.g., AES-256).

  • At-Rest:

    • Encrypt databases, backups, and storage.

    • Use robust encryption algorithms (e.g., AES).

• IT Team:

  • Implement encryption protocols.

  • Monitor compliance.

• Employees:

  • Handle data according to its classification.

  • Report any security incidents.

• Regular audits verify adherence.

• Non-compliance may result in disciplinary action.

Remember, data security is everyone’s responsibility. Let’s protect ADMC’s assets and maintain client trust!