The institution includes security measures in networks and communication systems, especially those linked with critical systems and information resources.
This involves the security of local area networks, the Internet, and wireless, FTP, email and mobile technologies and systems.
Guideline code
ICT_04100
Mechanism
Mechanism
- In elaborating comprehensive security measures for networks and communication systems, the ICT unit should:
- Introduce network measures to control external access to data resources, especially by configuring firewalls to allow access only through previously defined ports and protocols; other access should be restricted;
- Establish security measures to control access to internal resources through wireless communication, especially by implementing IEEE 802.1x at access points and using various authentication mechanisms (not only based on MAC address);
- Establish security measures for FTP-based communication systems in order to avoid risks related to this protocol (avoid using this protocol to transfer sensitive data);
- Establish measures in order to avoid risks related to e-mail protocols (use SMTP protocols with external systems only when the institution’s equipment is adequately configured);
- Establish measures for accessing the Internet which enable control of access to data resources through the Web, ideally through centrally managed gateways;
- Establish security measures to protect mobile devices in order to avoid illegal access to internal resources through this channel.
Parent
Structure
Structure
- The ICT unit should develop comprehensive security measures for networks and communication systems to protect computer networks, information exchange systems and e-services, and monitor information processing facilities.
- The management should define duties and responsibilities to enforce security policies for networks and communication systems.
- Internal policies and procedures on security for networks and communication systems should be based on the institutional information security management framework, the international standard ISO/IEC 27002:2005 Information technology – Security techniques, and recommendations issued by the National Institute of Standards and Technology (NIST).
Title HTML
Guideline 32. Security in networks and communication systems
Type
Guideline_1
Weight
44