IT Security

iNetInfra provides guidelines for employees’ use of IT and data in order to protect all data connected to our customers and clients that we work with. It is also to protect employees’ personal integrity, so that each individual can then act based on the conditions that apply, and in the longer term also protect customer’s infrastructure against infringement or data leaks, thus helping to safeguard Humana’s brand.

A complete network security policy ensures the confidentiality, integrity, and availability of data on company’s systems by following a specific procedure for conducting information system and network activity review on a periodic basis. The policy ensures that systems have appropriate hardware, software, or procedural auditing mechanisms. Audit events include failed log in attempts, information start up or shut down, and the use of privileged accounts.

The data retention policy specifies the types of data the business must retain and for how long. The policy also states how the data will be stored and destroyed. This policy will help to remove outdated and duplicated data and creating more storage space. A data retention policy will also help organize data so it can be used at a later date. Types of data includes documents, customer records, transactional information, email messages, and contracts. This policy is essential to businesses that store sensitive information. Organizations should reference regulatory standards for their data retention requirements.

So you’ve got the Top 10 Important Policies implemented, but here are few more we highly recommend you review and consider adding to your policy set.

• Mobile Device Management (MDM) Policy and Procedures
• Bring Your Own Device (BYOD)
• Encryption and Decryption Policy
• SPAM Protection Policies
• HR Policy Set
• System Maintenance Policy
• Vulnerability Management Policy

Security awareness training should be administered to all workforce members, so they can properly carry out their functions while appropriately safeguarding company information. Employees must sign a confidentiality agreement and provide proof of completion when they have finished the training. Management should design the training to educate users on the security policy of the organization.

The policy should include information about the incident response team, personnel responsible for testing to the policy, the role of each team member, and actions, means, and resources used to identify and recover compromised data. Phases of incident response include:

• Preparation
• Identification
• Containment
• Eradication
• Recover
• Post- Incident