Information Security Management System

Information Security Management Systems.

ISMS Management Policy -  Statement encompassing Information Security and Procedures of CESD electronic assets.

 

Cyber Security Procedures

Description

Target Audience

Cyber Incident Response

Who needs to be involved in a Cyber Incident / Attack

 Dept Heads/

Superintendents

Cyber Incident Response Categories

Responses to different types of attack

Technology Services

Ransomware Attack Playbook

Response to Ransomware attack

Technology Services

Denial of Service Playbook

Response to DOS attack

Technology Services

Malware Playbook

Response to Malware Infection

Technology Services

Third-Party Incident Response Playbook

Third-Party Incident Response Playbook

Technology Services / Department Heads

SAAS Security Requirements

Software as a service requirements.

Department Heads

Security Risk Management

Identify, Assess and Mitigate risk

Department Heads / Superintendents

 

 

 

ISMS Procedures

Description

Target Audience

Backup and restore

Who should backup data , where they should store it and  how.

All users

Clock Synchronization

Technical details about how the date and time are managed across the Division’s networked devices.

Technology Services

Data Protection

How to protect our digital assets and protect our staff and students by avoiding data loss.

All users

Due Diligence

Tough but necessary questions to ask vendors when entering into agreements involving CESD Information.

Department Heads

Information Security Roles and Responsibilities

Data has an owner, a custodian and a user. This outlines the roles and responsibilities.

All users

Information sensitivity

How information is classified. I.e.

Public, Confidential, Private

All users

IT Access Procedure 

How access to Information is determined for users.

All users

Media Disposal 

The safe disposal of old hard drives from computers and copiers. Including external media and devices.

All users

Mobile Computing and Communications

The safe and responsible use of Mobile computing devices.

All users

OS Patch Management

Procedures to ensure computing systems are protected by using the latest security patches and upgrades.

Technology Services

Password Protection

Best Practices and controls for password creation

All users

Personal Devices and Voicemail

Ensuring Communication and voicemail is being used effectively, securely and safely.

All users

Removable Media

What can be stored on removable media and how to prevent spread of infections.

All users

Responsibilities and Process - Security Incidents

How to deal with security breaches and who needs to be involved.

All users

Secure Logon - Technical

Technical requirements to configure Logons

Technology Services

Secure Logon to Operating systems

New and parting user access and monitoring access

All users

Secure Transfer of Information

Details about sending confidential and private information to external parties.

All users

Server Malware

Which Server systems MUST have Anti-virus and anti-spyware software.

Technology Services

Server Security

Security requirements for configuring and controlling CESD servers.

Technology Servers

Technical Compliance

Ensuring Technical  compliance and testing of Network systems across networks.

Technology Services

Third Party Information Security

Expectations of Third parties accessing or holding CESD information.

Department Heads

Unattended User equipment

Expectations around unattended and unlocked commuting devices

Technology Services

Visitor IT Access

Requirements for visitors accessing CESD data and information

All users