Académique Documents
Professionnel Documents
Culture Documents
Purpose:
The network security policy is intended to protect the integrity of Bank networks and to mitigate the risks and losses associated with security threats to Bank networks and network resources.
Goals:
The goals of this network security policy are: Provide a reliable Bank network and Internet connection to conduct the Banks business. Provide only authorized access to institutional, research or personal data and information. Protect computer system and network integrity at the Bank.
Network Security
Head Office, IT Division shall identify the appropriate network security level for Bank systems, in collaboration with branches, divisions and departments. Head Office, IT Division will investigate any unauthorized access of Bank computer systems.
Head Office, IT Division will work with administrative departments when appropriate
Systems on the network must have adequate security installed and maintained.
If security problems are observed, it is the responsibility of all the Bank network users to report problems to the appropriate system administrators or Head Office, IT Division for investigation.
Policy Statement:
Banks, IT Division is exclusively responsible for installing and supporting all software on all its branch, division and department computers. This responsibility set includes: Head Office Division and Department computers.
Branch computers
Software Licensing:
Bank should use only licensed software for its offices and must not use pirated copies of software..
Software requests:
As per the software installation policy of Bank, no user will install or attempt to install any software on their computers without having the prior permission from the Head Office, IT Division. In case of need of installation of any software a user is to request the Head Office, IT Division to install the software.
Backup Policy
Purpose:
The primary purpose for file backup is for disaster recovery of mission critical data due to either system failure or a catastrophic failure such as fire, quake etc.
Policy Statement:
The purpose of the systems and data backup is to provide a means to: restore the integrity of the computer systems in the event of a hardware/software failure or physical disaster, and
provide a measure of protection against human error or the inadvertent deletion of important files.
Backup Policy
Backup Period:
Database Backups are performed approximately at the end of business day.
The Bank also uses other servers for its corporate needs. Incremental data backups are performed approximately at the end of every week on these servers.
Backup Media:
Tapes, Hard Disks, Portable External Hard Disks, DVDs, Data Storage Devices will be used for backup media. A set of (2x6 days)=12 (twelve) Data Cartridge tapes, each pair of which will contain daily backups for weekdays. Daily backups will also be copied to another PC as well as Backup Server for the Central Server.
Backup Policy
Preservation Location:
All backups will be stored at the Head Office IT Division for quick restoration in case of system failure. Besides, backup medias will also be stored in a secure, off-site location with a view to safeguard the data for disaster recovery. Proper environment controls, temperature, humidity and fire protection, shall be maintained at the storage location.
Backup Policy
Archiving Policy:
Archives are normally made once a year or every 6 (six) months, usually at the end of June that is at the end of Half Yearly Process or December that is at the end of Year Ending Process.
These historical data will be archived in tapes as well as in DVDs for future use.
Restoration:
Periodic tests of the data backups will be performed daily on to the backup server to determine if files are error free and can be restored. In failure of the restoration a new backup has to be taken until the restoration is performed successfully.
Backup Policy
The register will be checked and verified daily or weekly by the In-charge or the Head of IT.
IT Audit Policy
Purpose:
This policy defines the authority and responsibility for auditing the security configuration of Information Technology resources managed by bank users.
Ensure conformance to Banks security policies; Monitor user or system activity where appropriate
IT Audit Policy
Responsibility
Anyone who is authorized to conduct security auditing will prepare a written audit plan at least once a year for review and approval by the Head of IT and Infrastructure that addresses the following elements: Resources to be audited; Tools to be used in the audit; Risks created by the audit and steps to be taken to minimize them;
IT Audit Policy
Accessibility
Branches, divisions and departments will provide authorized auditors any access needed for the purpose of performing an audit upon receipt of a request for such access from the audit staff. This access may include: User level and/or system communications device level access to any computing or
Access to information (electronic, hardcopy, etc.) that may be produced, transmitted or stored on. Access to work areas (offices, storage areas, etc.).
Network Security
Documentation of the network IP addresses Routers, firewalls, VPNs, wireless, all other devices Account Management
Creating/Disabling Accounts
Password Protocols Identification of redundant network connection
Change Management
Temperature / humidity controls Neat and orderly computing rooms Fire suppression equipmentSystem software upgrades Application software modifications New hardware rollouts Change notification Testing and acceptance Change approvals UPS (Uninterruptible power supply)