This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
wiki:policies:access [2023/09/28 17:33] kholub |
wiki:policies:access [2024/01/24 19:42] (current) katcow [Revision History] |
||
---|---|---|---|
Line 21: | Line 21: | ||
* Unique user identifier | * Unique user identifier | ||
* Password | * Password | ||
+ | * MFA device (Authenticator applications or physical device) | ||
+ | * Dictated by [[: | ||
=== System Access Controls: === | === System Access Controls: === | ||
Line 34: | Line 36: | ||
Users will be granted access to systems and proprietary data on a need-to-know basis, following PoLP. That is, users or groups of users will only receive access to systems and information that are required for performing their job duties. If it's determined that a user or group needs access to a system or information, | Users will be granted access to systems and proprietary data on a need-to-know basis, following PoLP. That is, users or groups of users will only receive access to systems and information that are required for performing their job duties. If it's determined that a user or group needs access to a system or information, | ||
- | **Shared Accounts: | + | === Shared Accounts: |
The use of shared credentials by Nested Knowledge employees and contractors is prohibited. | The use of shared credentials by Nested Knowledge employees and contractors is prohibited. | ||
Line 45: | Line 47: | ||
Individuals who are not employees, contractors, | Individuals who are not employees, contractors, | ||
+ | |||
+ | === Access for Law Enforcement and Authority: === | ||
+ | |||
+ | Nested Knowledge will not disclose information unless: | ||
+ | |||
+ | * Making such a disclosure is a legal obligation, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved. | ||
+ | * A serious risk of imminent harm to individuals exists that justifies compliance with the Data Disclosure Requests | ||
+ | |||
+ | Request for data disclosure shall be immediately escalated to the Chief Technology Officer and the Information Security Team via email or Slack alert. | ||
+ | |||
+ | When the Data Disclosure Request is related to personal information of a Nested Knowledge Customer, Nested Knowledge will request that the Authority send the request directly to the customer. Should the Authority agree, Nested Knowledge will provide assistance to the customer so that they can fulfill the Request. | ||
=== Unauthorized Access: === | === Unauthorized Access: === | ||
Line 59: | Line 72: | ||
* Social media accounts | * Social media accounts | ||
* Company-issued devices (laptops) | * Company-issued devices (laptops) | ||
+ | |||
+ | === Network Devices === | ||
+ | |||
+ | Nested Knowledge does not manage network devices in its production environment, | ||
===== IV. Audit Trails and Logging ===== | ===== IV. Audit Trails and Logging ===== | ||
Line 92: | Line 109: | ||
All workstations used for this business activity, no matter where they are located, must use an access control system approved by Nested Knowledge. Employees must use company-issued devices for completing their work. Active workstations are not to be left unattended for prolonged periods of time, where appropriate, | All workstations used for this business activity, no matter where they are located, must use an access control system approved by Nested Knowledge. Employees must use company-issued devices for completing their work. Active workstations are not to be left unattended for prolonged periods of time, where appropriate, | ||
- | When accessing Nested Knowledge systems | + | When accessing Nested Knowledge systems, authorized users are responsible for preventing access to any of our computer resources or data by non-authorized Users. The authorized user bears responsibility for and consequences of misuse of the authorized user’s access. |
=== Remote Working Environmental Controls: === | === Remote Working Environmental Controls: === | ||
- | Equipment should be located and/or protected to reduce the risks from environmental threats and hazards, and opportunities for unauthorized access. | + | Equipment should be located and/or protected to reduce the risks from environmental threats and hazards, and opportunities for unauthorized access. |
+ | |||
+ | * Update default router administrator password | ||
+ | * Following our [[: | ||
+ | * Disable remote access to the router | ||
+ | * Enable wireless encryption (WPA2/3) on their home network | ||
+ | * Store company devices behind locked doors | ||
- | For cloud-related access protocols, please refer to our [[: | + | Employees will be trained upon hire and updated on an annual basis. |
==== Compliance Statement ==== | ==== Compliance Statement ==== | ||
Line 107: | Line 130: | ||
^Author^Date of Revision/ | ^Author^Date of Revision/ | ||
- | |K. Holub|9/28/2023|Annual | + | |K. Holub|12/18/ |
+ | |K. Cowie|01/24/ | ||
|K. Kallmes|1/ | |K. Kallmes|1/ | ||
|P. Olaniran|10/ | |P. Olaniran|10/ | ||
- | |K. Cowie|01/ | ||
[[: | [[: | ||