Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Policies Group 1 - Week 8 policy for use of technology.

Published byDina Chapman Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Policies Group 1 - Week 8 policy for use of technology."— Presentation transcript:

1 Security Policies Group 1 - Week 8 policy for use of technology

2 Overview of Lockheed Martin Operations  Lockheed Martin (LM) provides solutions for “Aeronautics, Electronic Systems, Information Systems & Global Solutions, and Space Systems.” They utilize EASIstar  “External Access Secure Infrastructure (EASIstar) is a Lockheed Martin Information Systems & Global Solutions (IS&GS) Extranet” providing “customers, partners, teammates, subcontractors, and employees access to a virtual collaborative workspace with capabilities ranging from web access to application and file sharing all in a secure, reliable and cost -- effective manner”.

3 Information Security Policy Policy is a plan or course of action that influences and determine decisions.  EISP: Enterprise Information Security Policy sets the strategic direction, scope, and tone for all of an organization’s security efforts. assigns responsibilities for the various areas of information security. guides the development, implementation, and management requirements of the information security program.  ISSP: Issue Specific Security Policy Articulates the organization’s expectations about how the technology-based system in question should be used Documents how the technology-based system is controlled and identifies the processes and authorities that provide this control Serves to indemnify the organization against liability for an employee’s inappropriate or illegal system use  SysSP: System Specific Security Policy They are often created to function as standards or procedures to be used when configuring or maintaining systems. SysSPs can be separated into two general groups, management guidance and technical specifications

4 Parties Involved CISO of a medium sized IT company Contract for information exchange will use

5 Policy guidelines for use of EASIstar Requirements that are to be complied with when doing business with LM through EASIstar.

6 Lockheed Martin Information Assets Usage Policies Passwords

7

8 Virus Viruses and other malicious code pose a serious threat to Lockheed Martin users and customers. Virus prevention measures as guided by policy  virus protection software be installed and maintained on all Lockheed Martin managed, maintained or leased computing systems  all users of EASIstar must agree to acquire, install, utilize and maintain a current version of anti-virus software on any computer used to access the EASIstar Lockheed Martin Extranet  The following actions are strongly encouraged:  Virus signature files to be updated at lease every 7 days with the recommendation that virus signature files be installed within 24 hours of notification  Complete scans performed weekly  Virus Scan engine updates scheduled for at least once per month.  The downloading, installation, and/or use of freeware/shareware products on EASIstar assets is not permitted without prior Lockheed Martin Intellectual Property Law attorney approval.

9 Information Protection  Sensitive information (LM Proprietary Information, Third Party Proprietary, and Export Controlled) assets (data, systems, documentation, etc.) must be properly classified, labeled and protected. Data/Information owners are responsible for determining the sensitivity of all information to be electronically transmitted in accordance with these policies.  Protective Legends, Labels and other Markings. As appropriate, each item of Sensitive Information will bear a legend, label or other marking which serves to advise the holder that the information requires a specific degree of protection.  Export Controlled Information will be labeled as necessary to comply with the applicable US or foreign government laws and regulations and local procedures.  Lockheed Martin Proprietary Information will be labeled in accordance with approved labeling conventions.  Third Party Proprietary Information will be managed in accordance with the contractual arrangements under which it was received. Such information should not be accepted unless an appropriate written contractual arrangement, which establishes the requirements for protecting the information (e.g., a Proprietary Information Agreement), is in place between Lockheed Martin and the third party. Third Party Proprietary Information will bear the markings applied by the third party, and/or markings prescribed by the contract between Lockheed Martin and the third party. The markings will not be removed without authorization from the third party and/or cognizant Lockheed Martin Legal Counsel.

10 Disclosure  Lockheed Martin policies and the laws of the US and foreign governments impose specific requirements upon the disclosure of Sensitive Information. Failure to comply with these requirements is a violation of policy and may lead to a violation of law. Accordingly, the individual providing access to the Sensitive Information must take the following steps before any disclosure is made: Ensure that the Sensitive Information bears the legend, if any, as identified.  Determine the status of the intended recipient(s) (for example, whether he or she is an employee or a non-employee; a US Citizen or a Foreign Person). Obtain required documentation and approvals, if any, based upon this status (for example, a Proprietary Information Agreement or similar arrangement is required before LMPI is disclosed to a non- employee, and US government approval is required before Export Controlled Information is disclosed to a Foreign Person).

11 Other factors to consider  Transmission: Ensure that the selected transmittal method is secure and complies with this policy and the laws of the recipient country (for example, encryption is prohibited by some foreign countries)  Storage: When not in use, Sensitive Information in databases, desktop hard drives or local area networks will be protected by unique userID and password at a minimum.  Encryption is recommended for Sensitive Information stored in non-US locations, except where prohibited by law. Sensitive Information stored on an asset that is not controlled and managed by Lockheed Martin (e.g., a personally-owned computer) will be protected by unique userID and password at a minimum.  Disposition: Sensitive Information will be retained as required by law, regulation, contract, policy, or, if none of these applies, until no longer useful. Electronic information will be deleted or overwritten using overwriting software approved by Lockheed Martin Enterprise Information Systems. Overwriting is required if Sensitive Information will be disposed of in a non-US location

12 General usage  If a EASIstar Information Technology user suspects or has actual knowledge that the protection of Sensitive Information has been compromised in a manner that appears to be a violation of law, the individual must report such suspicion or actual knowledge to the appropriate Lockheed Martin EASIstar administrator  Ensure Assets connected to EASIstar systems are properly locked or otherwise protected when unattended (e.g., through use of a Power-on password, Password-secured screen saver, etc.)  Carefully Assess all received software or Information (for malicious code) before Execution or Storage  A Lockheed Martin policy prohibiting the use of split tunneling (i.e. simultaneous network access to two or more networks) is in effect when 1) connecting into EASIstar over a Virtual Private Network (VPN) connection, and 2) connecting out of EASIstar over a VPN connection to a remote network.

13 Reference https://easistar.external.lmco.com/ www.sis.pitt.edu/jjoshi/is2820/spring06/chapter04.doc

Download ppt "Security Policies Group 1 - Week 8 policy for use of technology."

Similar presentations

Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
and Electronic Records Retention: IT Requirements Paul Dworak Office of Compliance 565-4906.

and Electronic Records Retention: IT Requirements Paul Dworak Office of Compliance
Identification and Disposition of Official University Records University of Texas at Arlington Records Management.

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
Information Security Policy

Information Security Policy
Section Six: Foreign Ownership, Control, or Influence (FOCI)

Section Six: Foreign Ownership, Control, or Influence (FOCI)
Information Security Policy

Information Security Policy
Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.

Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.
Chapter 5: Asset Classification

Chapter 5: Asset Classification
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Auditing Computer Systems

Auditing Computer Systems
Information Security Awareness:

Information Security Awareness:
Information Security Policies and Standards

Information Security Policies and Standards
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Similar presentations

Ads by Google