2011 Workshop

IT Security Policy
(Information Technology Security Policy)
2011 Workshop
IT Security Policy - Purpose

Maintaining the security, confidentiality, integrity,

and availability of information stored in the
organization’s computer networks and data
communications infrastructure (“company’s systems”)
is a responsibility shared by all users of those systems.
All users of organization’s systems are responsible for
protecting those resources and the information
processed, stored or transmitted thereby as set forth in
this policy. Violations of this policy may result in
disciplinary action up to and including termination or
expulsion.
2011 Workshop
What is IT Security Policy?

An Information Technology (IT) Security Policy identifies the

rules and procedures for all individuals accessing and using an
organization's IT assets and resources. Effective IT Security Policy is
a model of the organization’s culture, in which rules and procedures
are driven from its employees' approach to their information and
work. A security policy identifies the rules and procedures that all
persons accessing computer resources must adhere to in order to
ensure the confidentiality, integrity and availability of data and
resources.
2011 Workshop
Components of a IT Security Policy

•User Access to Computer Resources

•Passwords
•E-mail
•Internet (World Wide Web)
•Remote Access
•CCTV Recording
2011 Workshop
User Access to Computer Resources

-this identifies the roles and responsibilities of users

accessing the resources on the organization’s network
this include information such as:

-Procedures for obtaining network access and resource

level permission;
-Policies prohibiting personal use of organizational
computer systems;
-Passwords;
-Procedures for indentifying applicable e-mail standards
of conduct;
-Specifications for both acceptable and prohibited Internet
usage;
-Procedures for account termination;
 REQUEST FOR ACCESS TO COMPANY’S DATA
2011 Workshop

= Request access
1. Access to restricted or limited –access data of employee requires a
formal request with an approval from the Senior Manager before
forwarding to the appropriate IT admin.
2. Email request are accepted. The request must specify the data desired
and intended to use.
= Exceptions
1. All request of exceptions to the data access policies must be made in
writing with a consent of a Senior Manager prior to approval of an
IT Manager and/or Finance Division Head . Email Request are accepted.
= Denial
1. IT Manager will provide a written record of the reasons for denial of
any request for access. Email records are acceptable.
 Passwords
2011 Workshop

- Passwords ensure the security and confidentiality of data that is stored on

various workstations and servers across the organization.

There are a number of dos and don’ts when creating and managing your passwords,
but there are some basics guidelines you can follow.

Use both upper- and lower-case letters

Incorporate numbers or punctuation marks
Use at least one of these special characters: ! @ # $ % * ( ) - + = , < > : : “ ‘ .
Make it at least 8 characters long.
A strong password does NOT, in any way, use your personal information, such as name,
phone number, Social Security number, birth date, address or names of anyone you
know.
Come up with something you can remember easily, but would be virtually impossible
for anyone else to guess.
 Local Security Policy
2011 Workshop
2011 Workshop
Example Image. Password Expired
2011 Workshop
Example Image. Change Password
 Example Image. Password Entered not match the requirement
2011 Workshop

“Screen display for entering new password

after expiration”
“Screen display if password not meet the criteria
Password policy setting”
 Example Image. Account and password attempts/locked out
2011 Workshop

Incorrect password(“attempts”) Account locked out after the 3rd or more attempts
 E-mail
2011 Workshop

Email is a meant for informal correspondence to facilitate administrative work and

communication. Email is used to communicate the entire company or all employees
during extreme situations.

The content and maintenance of the user’s electronic mailbox is user’s responsibility.
1. check mail daily
2. delete unwanted messages immediately since these take up disk storage
3. do not open mail with virus or emails with attachments with following EXE, BAT,
SCR, PIF, COM and VBS
4. sending large attachment beyond 5mb should be raised thru the IT. IT will help
help facilitate the sending or receiving
5. email should not be considered private. Confidential information should not be
sent by email.
 Internet (World Wide Web)
2011 Workshop

Internet usage policy should restrict access to these types of sites (hotmail, yahoo, etc.) and should clearly identify
what, if any, personal use is authorized. Authority to access the internet shall be determined by Finance Division Head.
Approved application shall be channeled to the IT Manager wherein access shall be granted based on the
authorized access level.

TYPES of Internet Access

Full access – used by Senior Managers and other user who need full, important access
to different internet sites.
Limited access – Given access are PPIC, Scan and Pack, Merchandisers, Shipping, Sample/Pattern,
Logistics, Adicomp, HRs
- These are only limited for the following sites.
1. Adidas Sites
2. PAXAR/Adicomp
3. Shipping/Courier Sites (FEDEX, UPS, DHL)
4. Trading System/Terminal, FTP connections to taipei office and mail access
5. Government sites (SSS, PHIC, HMDF, BIR, DOLE)
6. Other official business related sites: (FFC, SEDEX, PINKERTON, OMEGA, etc.)
2011 Workshop
CCTV

The purpose of this Policy is to provide guidelines for the use of CCTV on the
organization’s property in a way that enhances security, but also respects the
expectation of reasonable privacy among members of the company. This Policy
applies to all Departments within the company.

Security and Safety Purposes :

-Protection of individuals, including employees, office staff and visitors;
-Protection of company owned and/or operated property, and buildings, including building
perimeters, entrances and exits, lobbies and corridors, receiving docks, locker areas and
loading/unloading area;
-Verification of alarms and access control systems;
-Patrol of common areas and areas accessible to the public, parking lots, public streets
and pedestrian walks;
2011 Workshop
Example Image. CCTV Monitoring

*CCTV Recordings will record 60 days

*All records are placed in internal HDD(Hard Disk Drive)
 Back Up
2011 Workshop

System Back Up Procedure

1.We created a script to backup our system

applications
2.Set a schedule for the backup. backup schedule is
done during non working hours the schedule for
backup is set everyday
3.Aside from CPRD backup, we also have a backup
in CWH
4.We have a 30days backup retention for the system
applications
5.We also send a backup of the database to our
mother company once a week
2011 Workshop

THANK YOU!