Information Security policy

1. Purpose and Objectives

Ashri Digital Marketing Co. L.L.C (ADMC) recognizes the critical importance of information security. This policy aims to:

  • Safeguard sensitive data.

  • Ensure compliance with legal and industry standards.

  • Foster a security-conscious culture.

2. Authority and Scope

  • ADMC’s leadership is responsible for enforcing this policy.

  • It applies to all employees, contractors, and third parties handling ADMC data.

3. Organizational Security Management

  • Risk Assessment: Regularly assess risks and vulnerabilities.

  • Access Control: Limit access to authorized personnel.

  • Incident Response: Define procedures for handling security incidents.

  • Security Awareness Training: Educate staff on security best practices.

4. Functional Responsibilities

  • IT Team: Implement security controls, monitor systems, and respond to incidents.

  • Employees: Adhere to security policies, report incidents, and protect data.

5. Data Protection

  • Data Classification: Categorize data (public, internal, confidential).

  • Encryption: Encrypt sensitive data in transit and at rest.

  • Data Retention: Define retention periods and disposal procedures.

6. Remote Work and BYOD

  • Remote Access: Secure remote connections using VPNs.

  • Bring Your Own Device (BYOD): Implement policies for personal devices.

7. Vendor Management

  • Third-Party Vendors: Assess their security practices.

  • Contracts: Include security clauses in vendor contracts.

8. Compliance and Auditing

  • Legal Requirements: Comply with data protection laws.

  • Regular Audits: Conduct security audits and assessments.

9. Incident Reporting

  • Reporting: Employees must promptly report security incidents.

  • Investigation: Investigate incidents and take corrective actions.

10. Policy Review and Updates

  • Review: Annually review and update this policy.

  • Communication: Ensure all staff are aware of changes

11. Network Segregation

Ashri Digital Marketing Co. L.L.C (ADMC) enforces network segregation to protect critical assets.

  • Protection Measures:

    • Traffic Rules: Define strict rules for data flow between segments.

    • Access Controls: Limit access based on roles and responsibilities.

    • Monitoring: Continuously monitor network traffic for anomalies.

    • Threat Prevention: Implement firewalls, intrusion detection systems, and encryption.

By combining network segregation and robust protection measures, ADMC ensures a secure and resilient network environment.

12. Anti Virus Software

Ashri Digital Marketing Co. L.L.C (ADMC) prioritizes endpoint security. This policy ensures the installation and effective use of anti-virus software on all company endpoints.

  • Installation: All company-owned devices (workstations, laptops, servers) must have approved anti-virus software installed.

  • Updates: Regularly update anti-virus definitions to protect against emerging threats.

  • Scans: Conduct scheduled and on-demand scans to detect and remove malware.

  • Exceptions: Obtain approval for any exceptions to this policy.

  • IT Team:

    • Install and configure anti-virus software.

    • Monitor alerts and respond to threats promptly.

  • Employees:

    • Report any suspicious activity or malware alerts.

    • Avoid disabling or tampering with anti-virus tools.

  • Non-compliance may result in disciplinary action.

  • Regular audits will verify adherence to this policy.

Remember, anti-virus protection is a collective effort. Let’s keep our endpoints secure!

12. Daily Operations:

Ashri Digital Marketing Co. L.L.C (ADMC) establishes a security baseline to enhance daily operations. This policy covers:

  • Screen Locking: All devices must auto-lock after a specified idle time.

  • Password Complexity: Employees must use strong, unique passwords.

  • Clear-Desk Policy: Workstations should be clear of sensitive information when unattended.

  • Multi-Factor Authentication (MFA): Enable MFA for critical systems.

  • Screen Locking:

    • Set screen lock timeout to 5 minutes.

    • Require password or biometric authentication to unlock.

  • Password Complexity:

    • Minimum 8 characters.

    • Mix of uppercase, lowercase, numbers, and special characters.

    • Change passwords every 90 days.

  • Clear-Desk Policy:

    • Secure physical documents.

    • Lock screens or log out when leaving workstations.

  • MFA:

    • Enable MFA for email, VPN, and critical applications.

  • IT Team:

    • Configure settings.

    • Monitor compliance.

  • Employees:

    • Follow guidelines.

    • Report violations promptly.

  • Regular audits ensure adherence.

  • Non-compliance may result in disciplinary action.

Remember, security starts with consistent practices. Let’s protect ADMC’s assets and data!

13. Access Control:

Ashri Digital Marketing Co. L.L.C (ADMC) prioritizes secure access to systems and data. This policy ensures:

  • Least Privilege: Users have the minimum necessary access rights.

  • Data Protection: Personal data access is restricted.

  • Least Privilege:

    • Assign access rights based on job roles.

    • Regularly review and adjust permissions.

    • Limit administrative access to essential personnel.

  • Data Access:

    • Personal data access restricted to authorized users.

    • Multi-factor authentication (MFA) for critical systems.

    • Audit logs for access monitoring.

  • IT Team:

    • Enforce access controls.

    • Monitor user access.

  • Employees:

    • Adhere to access policies.

    • Report any violations.

  • Regular audits ensure adherence.

  • Non-compliance may result in disciplinary action.

Remember, secure access protects both our organization and personal data. Let’s follow the principle of least privilege!

14. Data Classification and Encryption:

Ashri Digital Marketing Co. L.L.C (ADMC) prioritizes data security. This policy ensures:

  • Data Classification: Categorize data (public, internal, confidential).

  • Encryption:

    • In-Transit: Encrypt data during transmission using secure protocols (e.g., TLS).

    • At-Rest: Encrypt sensitive data stored on servers, databases, and devices.

  • Data Classification:

    • Define data sensitivity levels.

    • Label data accordingly (e.g., public, internal, confidential).

  • Encryption:

    • In-Transit:

      • Use TLS for communication between servers and clients.

      • Ensure strong cipher suites (e.g., AES-256).

    • At-Rest:

      • Encrypt databases, backups, and storage.

      • Use robust encryption algorithms (e.g., AES).

  • IT Team:

    • Implement encryption protocols.

    • Monitor compliance.

  • Employees:

    • Handle data according to its classification.

    • Report any security incidents.

  • Regular audits verify adherence.

  • Non-compliance may result in disciplinary action.

Remember, data security is everyone’s responsibility. Let’s protect ADMC’s assets and maintain client trust!