Information Security Management System

Information Security Management Systems.

ISMS Management Policy - Statement encompassing Information Security and Procedures of CESD electronic assets.

Cyber Security Procedures	Description	Target Audience
Cyber Incident Response	Who needs to be involved in a Cyber Incident / Attack	Dept Heads/ Superintendents
Cyber Incident Response Categories	Responses to different types of attack	Technology Services
Ransomware Attack Playbook	Response to Ransomware attack	Technology Services
Denial of Service Playbook	Response to DOS attack	Technology Services
Malware Playbook	Response to Malware Infection	Technology Services
Third-Party Incident Response Playbook	Third-Party Incident Response Playbook	Technology Services / Department Heads
SAAS Security Requirements	Software as a service requirements.	Department Heads
Security Risk Management	Identify, Assess and Mitigate risk	Department Heads / Superintendents

ISMS Procedures	Description	Target Audience
Backup and restore	Who should backup data , where they should store it and how.	All users
Clock Synchronization	Technical details about how the date and time are managed across the Division’s networked devices.	Technology Services
Data Protection	How to protect our digital assets and protect our staff and students by avoiding data loss.	All users
Due Diligence	Tough but necessary questions to ask vendors when entering into agreements involving CESD Information.	Department Heads
Information Security Roles and Responsibilities	Data has an owner, a custodian and a user. This outlines the roles and responsibilities.	All users
Information sensitivity	How information is classified. I.e. Public, Confidential, Private	All users
IT Access Procedure	How access to Information is determined for users.	All users
Media Disposal	The safe disposal of old hard drives from computers and copiers. Including external media and devices.	All users
Mobile Computing and Communications	The safe and responsible use of Mobile computing devices.	All users
OS Patch Management	Procedures to ensure computing systems are protected by using the latest security patches and upgrades.	Technology Services
Password Protection	Best Practices and controls for password creation	All users
Personal Devices and Voicemail	Ensuring Communication and voicemail is being used effectively, securely and safely.	All users
Removable Media	What can be stored on removable media and how to prevent spread of infections.	All users
Responsibilities and Process - Security Incidents	How to deal with security breaches and who needs to be involved.	All users
Secure Logon - Technical	Technical requirements to configure Logons	Technology Services
Secure Logon to Operating systems	New and parting user access and monitoring access	All users
Secure Transfer of Information	Details about sending confidential and private information to external parties.	All users
Server Malware	Which Server systems MUST have Anti-virus and anti-spyware software.	Technology Services
Server Security	Security requirements for configuring and controlling CESD servers.	Technology Servers
Technical Compliance	Ensuring Technical compliance and testing of Network systems across networks.	Technology Services
Third Party Information Security	Expectations of Third parties accessing or holding CESD information.	Department Heads
Unattended User equipment	Expectations around unattended and unlocked commuting devices	Technology Services
Visitor IT Access	Requirements for visitors accessing CESD data and information	All users