Information Security policy
1. Purpose and Objectives
Ashri Digital Marketing Co. L.L.C (ADMC) recognizes the critical importance of information security. This policy aims to:
Safeguard sensitive data.
Ensure compliance with legal and industry standards.
Foster a security-conscious culture.
2. Authority and Scope
ADMC’s leadership is responsible for enforcing this policy.
It applies to all employees, contractors, and third parties handling ADMC data.
3. Organizational Security Management
Risk Assessment: Regularly assess risks and vulnerabilities.
Access Control: Limit access to authorized personnel.
Incident Response: Define procedures for handling security incidents.
Security Awareness Training: Educate staff on security best practices.
4. Functional Responsibilities
IT Team: Implement security controls, monitor systems, and respond to incidents.
Employees: Adhere to security policies, report incidents, and protect data.
5. Data Protection
Data Classification: Categorize data (public, internal, confidential).
Encryption: Encrypt sensitive data in transit and at rest.
Data Retention: Define retention periods and disposal procedures.
6. Remote Work and BYOD
Remote Access: Secure remote connections using VPNs.
Bring Your Own Device (BYOD): Implement policies for personal devices.
7. Vendor Management
Third-Party Vendors: Assess their security practices.
Contracts: Include security clauses in vendor contracts.
8. Compliance and Auditing
Legal Requirements: Comply with data protection laws.
Regular Audits: Conduct security audits and assessments.
9. Incident Reporting
Reporting: Employees must promptly report security incidents.
Investigation: Investigate incidents and take corrective actions.
10. Policy Review and Updates
Review: Annually review and update this policy.
Communication: Ensure all staff are aware of changes
11. Network Segregation
Ashri Digital Marketing Co. L.L.C (ADMC) enforces network segregation to protect critical assets.
Protection Measures:
Traffic Rules: Define strict rules for data flow between segments.
Access Controls: Limit access based on roles and responsibilities.
Monitoring: Continuously monitor network traffic for anomalies.
Threat Prevention: Implement firewalls, intrusion detection systems, and encryption.
By combining network segregation and robust protection measures, ADMC ensures a secure and resilient network environment.
12. Anti Virus Software
Ashri Digital Marketing Co. L.L.C (ADMC) prioritizes endpoint security. This policy ensures the installation and effective use of anti-virus software on all company endpoints.
Installation: All company-owned devices (workstations, laptops, servers) must have approved anti-virus software installed.
Updates: Regularly update anti-virus definitions to protect against emerging threats.
Scans: Conduct scheduled and on-demand scans to detect and remove malware.
Exceptions: Obtain approval for any exceptions to this policy.
IT Team:
Install and configure anti-virus software.
Monitor alerts and respond to threats promptly.
Employees:
Report any suspicious activity or malware alerts.
Avoid disabling or tampering with anti-virus tools.
Non-compliance may result in disciplinary action.
Regular audits will verify adherence to this policy.
Remember, anti-virus protection is a collective effort. Let’s keep our endpoints secure!
12. Daily Operations:
Ashri Digital Marketing Co. L.L.C (ADMC) establishes a security baseline to enhance daily operations. This policy covers:
Screen Locking: All devices must auto-lock after a specified idle time.
Password Complexity: Employees must use strong, unique passwords.
Clear-Desk Policy: Workstations should be clear of sensitive information when unattended.
Multi-Factor Authentication (MFA): Enable MFA for critical systems.
Screen Locking:
Set screen lock timeout to 5 minutes.
Require password or biometric authentication to unlock.
Password Complexity:
Minimum 8 characters.
Mix of uppercase, lowercase, numbers, and special characters.
Change passwords every 90 days.
Clear-Desk Policy:
Secure physical documents.
Lock screens or log out when leaving workstations.
MFA:
Enable MFA for email, VPN, and critical applications.
IT Team:
Configure settings.
Monitor compliance.
Employees:
Follow guidelines.
Report violations promptly.
Regular audits ensure adherence.
Non-compliance may result in disciplinary action.
Remember, security starts with consistent practices. Let’s protect ADMC’s assets and data!
13. Access Control:
Ashri Digital Marketing Co. L.L.C (ADMC) prioritizes secure access to systems and data. This policy ensures:
Least Privilege: Users have the minimum necessary access rights.
Data Protection: Personal data access is restricted.
Least Privilege:
Assign access rights based on job roles.
Regularly review and adjust permissions.
Limit administrative access to essential personnel.
Data Access:
Personal data access restricted to authorized users.
Multi-factor authentication (MFA) for critical systems.
Audit logs for access monitoring.
IT Team:
Enforce access controls.
Monitor user access.
Employees:
Adhere to access policies.
Report any violations.
Regular audits ensure adherence.
Non-compliance may result in disciplinary action.
Remember, secure access protects both our organization and personal data. Let’s follow the principle of least privilege!
14. Data Classification and Encryption:
Ashri Digital Marketing Co. L.L.C (ADMC) prioritizes data security. This policy ensures:
Data Classification: Categorize data (public, internal, confidential).
Encryption:
In-Transit: Encrypt data during transmission using secure protocols (e.g., TLS).
At-Rest: Encrypt sensitive data stored on servers, databases, and devices.
Data Classification:
Define data sensitivity levels.
Label data accordingly (e.g., public, internal, confidential).
Encryption:
In-Transit:
Use TLS for communication between servers and clients.
Ensure strong cipher suites (e.g., AES-256).
At-Rest:
Encrypt databases, backups, and storage.
Use robust encryption algorithms (e.g., AES).
IT Team:
Implement encryption protocols.
Monitor compliance.
Employees:
Handle data according to its classification.
Report any security incidents.
Regular audits verify adherence.
Non-compliance may result in disciplinary action.
Remember, data security is everyone’s responsibility. Let’s protect ADMC’s assets and maintain client trust!