Information Security Management System

Information Security Management Systems.

ISMS Management Policy -  Statement encompassing Information Security and Procedures of CESD electronic assets.

 

Procedure Title

Description

Target Audience

Backup and restore

Who should backup data , where they should store it and  how.

All users

Clock Synchronization

Technical details about how the date and time are managed across the Division’s networked devices.

Technology Services

Data Protection

How to protect our digital assets and protect our staff and students by avoiding data loss.

All users

Due Diligence

Tough but necessary questions to ask vendors when entering into agreements involving CESD Information.

Department Heads

Information Security Roles and Responsibilities

Data has an owner, a custodian and a user. This outlines the roles and responsibilities.

All users

Information sensitivity

How information is classified. I.e.

Public, Confidential, Private

All users

IT Access Procedure 

How access to Information is determined for users.

All users

Media Disposal 

The safe disposal of old hard drives from computers and copiers. Including external media and devices.

All users

Mobile Computing and Communications

The safe and responsible use of Mobile computing devices.

All users

OS Patch Management

Procedures to ensure computing systems are protected by using the latest security patches and upgrades.

Technology Services

Password Protection

Best Practices and controls for password creation

All users

Personal Devices and Voicemail

Ensuring Communication and voicemail is being used effectively, securely and safely.

All users

Removable Media

What can be stored on removable media and how to prevent spread of infections.

All users

Responsibilities and Process - Security Incidents

How to deal with security breaches and who needs to be involved.

All users

Secure Logon - Technical

Technical requirements to configure Logons

Technology Services

Secure Logon to Operating systems

New and parting user access and monitoring access

All users

Secure Transfer of Information

Details about sending confidential and private information to external parties.

All users

Server Malware

Which Server systems MUST have Anti-virus and anti-spyware software.

Technology Services

Server Security

Security requirements for configuring and controlling CESD servers.

Technology Servers

Technical Compliance

Ensuring Technical  compliance and testing of Network systems across networks.

Technology Services

Third Party Information Security

Expectations of Third parties accessing or holding CESD information.

Department Heads

Unattended User equipment

Expectations around unattended and unlocked commuting devices

Technology Services

Visitor IT Access

Requirements for visitors accessing CESD data and information

All users