This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
wiki:policies:access [2023/09/28 17:40] kholub |
wiki:policies:access [2024/01/24 19:42] (current) katcow [Revision History] |
||
---|---|---|---|
Line 21: | Line 21: | ||
* Unique user identifier | * Unique user identifier | ||
* Password | * Password | ||
- | * MFA device (Authenticator applications | + | * MFA device (Authenticator applications |
+ | * Dictated by [[: | ||
=== System Access Controls: === | === System Access Controls: === | ||
Line 35: | Line 36: | ||
Users will be granted access to systems and proprietary data on a need-to-know basis, following PoLP. That is, users or groups of users will only receive access to systems and information that are required for performing their job duties. If it's determined that a user or group needs access to a system or information, | Users will be granted access to systems and proprietary data on a need-to-know basis, following PoLP. That is, users or groups of users will only receive access to systems and information that are required for performing their job duties. If it's determined that a user or group needs access to a system or information, | ||
- | **Shared Accounts: | + | === Shared Accounts: |
The use of shared credentials by Nested Knowledge employees and contractors is prohibited. | The use of shared credentials by Nested Knowledge employees and contractors is prohibited. | ||
Line 46: | Line 47: | ||
Individuals who are not employees, contractors, | Individuals who are not employees, contractors, | ||
+ | |||
+ | === Access for Law Enforcement and Authority: === | ||
+ | |||
+ | Nested Knowledge will not disclose information unless: | ||
+ | |||
+ | * Making such a disclosure is a legal obligation, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved. | ||
+ | * A serious risk of imminent harm to individuals exists that justifies compliance with the Data Disclosure Requests | ||
+ | |||
+ | Request for data disclosure shall be immediately escalated to the Chief Technology Officer and the Information Security Team via email or Slack alert. | ||
+ | |||
+ | When the Data Disclosure Request is related to personal information of a Nested Knowledge Customer, Nested Knowledge will request that the Authority send the request directly to the customer. Should the Authority agree, Nested Knowledge will provide assistance to the customer so that they can fulfill the Request. | ||
=== Unauthorized Access: === | === Unauthorized Access: === | ||
Line 60: | Line 72: | ||
* Social media accounts | * Social media accounts | ||
* Company-issued devices (laptops) | * Company-issued devices (laptops) | ||
+ | |||
+ | === Network Devices === | ||
+ | |||
+ | Nested Knowledge does not manage network devices in its production environment, | ||
===== IV. Audit Trails and Logging ===== | ===== IV. Audit Trails and Logging ===== | ||
Line 97: | Line 113: | ||
=== Remote Working Environmental Controls: === | === Remote Working Environmental Controls: === | ||
- | Equipment should be located and/or protected to reduce the risks from environmental threats and hazards, and opportunities for unauthorized access. | + | Equipment should be located and/or protected to reduce the risks from environmental threats and hazards, and opportunities for unauthorized access. |
+ | |||
+ | * Update default router administrator password | ||
+ | * Following our [[: | ||
+ | * Disable remote access to the router | ||
+ | * Enable wireless encryption (WPA2/3) on their home network | ||
+ | * Store company devices behind locked doors | ||
- | For cloud-related access protocols, please refer to our [[: | + | Employees will be trained upon hire and updated on an annual basis. |
==== Compliance Statement ==== | ==== Compliance Statement ==== | ||
Line 108: | Line 130: | ||
^Author^Date of Revision/ | ^Author^Date of Revision/ | ||
- | |K. Holub|9/28/2023|Annual | + | |K. Holub|12/18/ |
+ | |K. Cowie|01/24/ | ||
|K. Kallmes|1/ | |K. Kallmes|1/ | ||
|P. Olaniran|10/ | |P. Olaniran|10/ | ||
- | |K. Cowie|01/ | ||
[[: | [[: | ||