Information Security Management Systems.
ISMS Management Policy - Statement encompassing Information Security and Procedures of CESD electronic assets.
Cyber Security Procedures |
Description |
Target Audience |
Who needs to be involved in a Cyber Incident / Attack |
Dept Heads/ Superintendents |
|
Responses to different types of attack |
Technology Services |
|
Response to Ransomware attack |
Technology Services |
|
Denial of Service Playbook |
Response to DOS attack |
Technology Services |
Malware Playbook |
Response to Malware Infection |
Technology Services |
Third-Party Incident Response Playbook |
Technology Services / Department Heads |
|
Software as a service requirements. |
Department Heads |
|
Identify, Assess and Mitigate risk |
Department Heads / Superintendents |
|
|
|
|
ISMS Procedures |
Description |
Target Audience |
Who should backup data , where they should store it and how. |
All users |
|
Technical details about how the date and time are managed across the Division’s networked devices. |
Technology Services |
|
How to protect our digital assets and protect our staff and students by avoiding data loss. |
All users |
|
Tough but necessary questions to ask vendors when entering into agreements involving CESD Information. |
Department Heads |
|
Data has an owner, a custodian and a user. This outlines the roles and responsibilities. |
All users |
|
How information is classified. I.e. Public, Confidential, Private |
All users |
|
How access to Information is determined for users. |
All users |
|
The safe disposal of old hard drives from computers and copiers. Including external media and devices. |
All users |
|
The safe and responsible use of Mobile computing devices. |
All users |
|
Procedures to ensure computing systems are protected by using the latest security patches and upgrades. |
Technology Services |
|
Best Practices and controls for password creation |
All users |
|
Ensuring Communication and voicemail is being used effectively, securely and safely. |
All users |
|
What can be stored on removable media and how to prevent spread of infections. |
All users |
|
How to deal with security breaches and who needs to be involved. |
All users |
|
Technical requirements to configure Logons |
Technology Services |
|
New and parting user access and monitoring access |
All users |
|
Details about sending confidential and private information to external parties. |
All users |
|
Which Server systems MUST have Anti-virus and anti-spyware software. |
Technology Services |
|
Security requirements for configuring and controlling CESD servers. |
Technology Servers |
|
Ensuring Technical compliance and testing of Network systems across networks. |
Technology Services |
|
Expectations of Third parties accessing or holding CESD information. |
Department Heads |
|
Expectations around unattended and unlocked commuting devices |
Technology Services |
|
Requirements for visitors accessing CESD data and information |
All users |