Information Security in Educational Institutions - Analysis
VerifiedAdded on 2022/08/26
|19
|4773
|16
Report
AI Summary
This report provides a comprehensive overview of information security in educational institutions, addressing the critical need for robust data protection. It begins with an executive summary highlighting the importance of safeguarding information from unauthorized access and the challenges faced by educational institutions. The report delves into the CIA triad (confidentiality, integrity, and availability) as the foundation of information security, discussing the layers of access control and data protection. It emphasizes the role of training and periodic awareness programs for students, staff, and faculty to mitigate risks such as phishing scams and the misuse of unsecured networks. Furthermore, the report outlines essential information security standards and guidelines, including the importance of strong password policies, anti-virus measures, and remote access controls. The report underscores the need for institutions to adopt internationally recognized standards and stay vigilant against evolving cyber threats, offering practical recommendations for enhancing data security and preventing breaches.
Running head: INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Name of the Student
Name of the University
Author Note
INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Executive Summary
Information security is the method of shielding information or data from the illegal access
and use of a non-eligible person, which can further results in a data breach. In cases of
professional organizations, information security law is very effective for the protection of the
client data, records, and other information with which the organization is dealing with. In
educational institutions, the security system is not that strong. The reason for this can be that
students, staff, and other people do not face fatal consequences in cases of a data breach.
Thereby, they are quite lenient in cases of protection of personal data. This study aims to
ensure the execution of a proper information security system in an educational institution for
the protection of data.
Executive Summary
Information security is the method of shielding information or data from the illegal access
and use of a non-eligible person, which can further results in a data breach. In cases of
professional organizations, information security law is very effective for the protection of the
client data, records, and other information with which the organization is dealing with. In
educational institutions, the security system is not that strong. The reason for this can be that
students, staff, and other people do not face fatal consequences in cases of a data breach.
Thereby, they are quite lenient in cases of protection of personal data. This study aims to
ensure the execution of a proper information security system in an educational institution for
the protection of data.
2INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Table of Contents
Introduction................................................................................................................................3
Role of training and periodic awareness....................................................................................3
Information security standard and guidelines............................................................................3
Security standard........................................................................................................................3
Design anti-virus and remote access policy...............................................................................3
The acceptable user policy for students, staffs and others.........................................................3
Conclusion..................................................................................................................................3
Table of Contents
Introduction................................................................................................................................3
Role of training and periodic awareness....................................................................................3
Information security standard and guidelines............................................................................3
Security standard........................................................................................................................3
Design anti-virus and remote access policy...............................................................................3
The acceptable user policy for students, staffs and others.........................................................3
Conclusion..................................................................................................................................3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Introduction:
Information security or infosec is the process of protecting information and mitigating
the risk of it getting disclosed improperly (Parsons et al. 2017). It is one of the parts of the
information risk management process. The issue concerning the risk of infosec security is
ranked as number one in the list published by Educause review (Bagheri and Movahed 2016).
It generally includes the process of avoiding or reducing the chances of unauthorized access.
Information can be of any form like physical. tangible, intangible, or electronic. Information
security thrives on protecting the confidentiality of any such data in an organization. The
process involves identifying the information and the linked assets, possible threats, liabilities,
calculating the risk related to the asset, making plans about how to address and mitigate the
risk, plan about undertaking appropriate security control measures and implementing them.
The information security policy should be flexible to make necessary changes whenever it is
necessary. The networks installed in the educational campus often face unique problems in
the cases of information security. The Information security system of an educational
institution gets attacked by different viruses like worms, ransomware, malware, adware, and
trojan. The burden to protect all that information is on the shoulders of the IT team.
Basic principles of information security:
A principle that is the foundation prerequisite of an information security system for
the secured flow of data and storage of information is the CIA triad (AlHogail 2015). The full
form of CIA stands for confidentiality, integrity, and availability, and these three are the main
ideas of information security (Qadir and Quadri 2016). The CIA triad mainly consists of four
information security layers. These layers denote the data communication and data flow
process of the system and are discussed below;
Introduction:
Information security or infosec is the process of protecting information and mitigating
the risk of it getting disclosed improperly (Parsons et al. 2017). It is one of the parts of the
information risk management process. The issue concerning the risk of infosec security is
ranked as number one in the list published by Educause review (Bagheri and Movahed 2016).
It generally includes the process of avoiding or reducing the chances of unauthorized access.
Information can be of any form like physical. tangible, intangible, or electronic. Information
security thrives on protecting the confidentiality of any such data in an organization. The
process involves identifying the information and the linked assets, possible threats, liabilities,
calculating the risk related to the asset, making plans about how to address and mitigate the
risk, plan about undertaking appropriate security control measures and implementing them.
The information security policy should be flexible to make necessary changes whenever it is
necessary. The networks installed in the educational campus often face unique problems in
the cases of information security. The Information security system of an educational
institution gets attacked by different viruses like worms, ransomware, malware, adware, and
trojan. The burden to protect all that information is on the shoulders of the IT team.
Basic principles of information security:
A principle that is the foundation prerequisite of an information security system for
the secured flow of data and storage of information is the CIA triad (AlHogail 2015). The full
form of CIA stands for confidentiality, integrity, and availability, and these three are the main
ideas of information security (Qadir and Quadri 2016). The CIA triad mainly consists of four
information security layers. These layers denote the data communication and data flow
process of the system and are discussed below;
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Application Access
The application access layer indicates that access to user applications must be limited on a
need-to-know basis.
Infrastructure Access
The infrastructure access cover describes the access to various mechanisms of the
information infrastructure that must be controlled on a need-to-know basis.
Physical Access:
The physical access sheet denotes the notion that physical access to systems, servers, data
centers, which usually store vital information, must be regulated on a need-to-know basis.
Data-in-Motion:
The data-in-motion coat indicates that access to data transfer must be limited while it is in
motion.
Confidentiality:
The principle of confidentiality denotes that every information must be protected
from the unauthorized access of the person who is not allowed to use it. This principle
commands that information must essentially be used by people who are authorized to do it or
has the privilege to access it. The challenge that comes with data is that it can easily lose its
confidential nature by unauthorized access. It happens, particularly with a weak information
security system. Therefore, all people associated with the data must be attentive about their
duty and responsibility to protect the confidentiality of the information shared with them in
the regular course (Aldossary and Allen 2016).
Integrity:
Every data must have a glass of integrity that protects the easy disclosure. For this
data, encryption is needed. Encryption is a commonly accepted technique for protecting data
Application Access
The application access layer indicates that access to user applications must be limited on a
need-to-know basis.
Infrastructure Access
The infrastructure access cover describes the access to various mechanisms of the
information infrastructure that must be controlled on a need-to-know basis.
Physical Access:
The physical access sheet denotes the notion that physical access to systems, servers, data
centers, which usually store vital information, must be regulated on a need-to-know basis.
Data-in-Motion:
The data-in-motion coat indicates that access to data transfer must be limited while it is in
motion.
Confidentiality:
The principle of confidentiality denotes that every information must be protected
from the unauthorized access of the person who is not allowed to use it. This principle
commands that information must essentially be used by people who are authorized to do it or
has the privilege to access it. The challenge that comes with data is that it can easily lose its
confidential nature by unauthorized access. It happens, particularly with a weak information
security system. Therefore, all people associated with the data must be attentive about their
duty and responsibility to protect the confidentiality of the information shared with them in
the regular course (Aldossary and Allen 2016).
Integrity:
Every data must have a glass of integrity that protects the easy disclosure. For this
data, encryption is needed. Encryption is a commonly accepted technique for protecting data
5INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
inflow, but now it is also used as a mode to conserve the integrity of the data in-store. The
process of encryption usually applies to decode the data that is there in a file into bits of
illegible character or impossible to be decoded except a decoding key. In the case of the
manual data encryption process, the user installs a software program to start data encryption.
In the case of transparent data encryption, the data automatically gets encrypted without the
user's help. In the symmetric encryption process, the key is the only means to decrypt data
and substitute characters. When proper data encryption is ensured, then a third party can't
access the data (Pachghare, 2015).
Availability:
The availability principle ensures the weight of safeguarding information in a position
where illegal users can't access it. (Mijnhardt, Baars and 2016).
The fundamentals of CIA principles remain the same, but the compliance methods for
the application of these guidelines keep on changing from time to time.
Role of training and periodic awareness
As per the Symantec Internet Security Threat Report published in 2016, data security
breach incidents in the educational sector ranked as the third most emerging risk issue (Teoh
and Mahmood 2017). The personal data of college students get compromised with the
unsecured use of networks in the libraries and cafeteria (Weiss et al. 2015). To mitigate this
type of probable risk, security awareness training (SAT) is of top importance for every
educational institution dealing with some data. In this program, all the students, teachers, and
staff of an institution, including management and other facilities, get a proper understanding
of the IT governance matters, and also they learn how to keep it in control in their daily
dealing (Farooq et al. 2015). This automatically reduces the risk of information getting
violated. It is important to understand different IT threats and respond accordingly.
inflow, but now it is also used as a mode to conserve the integrity of the data in-store. The
process of encryption usually applies to decode the data that is there in a file into bits of
illegible character or impossible to be decoded except a decoding key. In the case of the
manual data encryption process, the user installs a software program to start data encryption.
In the case of transparent data encryption, the data automatically gets encrypted without the
user's help. In the symmetric encryption process, the key is the only means to decrypt data
and substitute characters. When proper data encryption is ensured, then a third party can't
access the data (Pachghare, 2015).
Availability:
The availability principle ensures the weight of safeguarding information in a position
where illegal users can't access it. (Mijnhardt, Baars and 2016).
The fundamentals of CIA principles remain the same, but the compliance methods for
the application of these guidelines keep on changing from time to time.
Role of training and periodic awareness
As per the Symantec Internet Security Threat Report published in 2016, data security
breach incidents in the educational sector ranked as the third most emerging risk issue (Teoh
and Mahmood 2017). The personal data of college students get compromised with the
unsecured use of networks in the libraries and cafeteria (Weiss et al. 2015). To mitigate this
type of probable risk, security awareness training (SAT) is of top importance for every
educational institution dealing with some data. In this program, all the students, teachers, and
staff of an institution, including management and other facilities, get a proper understanding
of the IT governance matters, and also they learn how to keep it in control in their daily
dealing (Farooq et al. 2015). This automatically reduces the risk of information getting
violated. It is important to understand different IT threats and respond accordingly.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Nowadays, many educational institutions invest huge money in cybersecurity education
programs to make the students knowledgeable about the use of computers in the campus area
and teach them about how to be aware of malfunctioning of their data or how to stop the
hacking of their data from their computer system. While awaking the students about possible
information security threats, the process of avoiding phishing scams should be given top
priority in the training checklist. Phishing cons attempt to ask about different pieces of
information like login details, bank account numbers, Social Security numbers, and other
personally identifiable information. In addition to this, it tries to generate a sense of panic in
the user by informing that there is some unauthorized activity in the user account which
needs immediate action. Students need to be aware of this kind of threat. To make them
understand this threat, the IT team can conduct an online phishing quiz to explain what a
student should look in both fake and legitimate emails (Perrault 2018). The It team can also
guide the student by recommending them to use proper password format while creating any
password. The training should also include information about those situations where a student
must not leave their computer unattended while working on it, as this can prevent the stealing
of important data. Another important fact that can be recommended in training is the
browsing of secured sites. The security of a site can be detected by looking at the padlock
icon and “https” in front of the website address. Using a proper firewall and proxy serves
while internet access is another thing that an academic user must know. The students must
also have proper training on the use of the unsecured network as that can be accessed by a
third party, and sensitive information can be collected by them (Frost and Hamlin 2017).
Educating students and other people can help in minimizing the chance to become a victim of
a cybercrime invasion that targets the information of the academic users.
Nowadays, many educational institutions invest huge money in cybersecurity education
programs to make the students knowledgeable about the use of computers in the campus area
and teach them about how to be aware of malfunctioning of their data or how to stop the
hacking of their data from their computer system. While awaking the students about possible
information security threats, the process of avoiding phishing scams should be given top
priority in the training checklist. Phishing cons attempt to ask about different pieces of
information like login details, bank account numbers, Social Security numbers, and other
personally identifiable information. In addition to this, it tries to generate a sense of panic in
the user by informing that there is some unauthorized activity in the user account which
needs immediate action. Students need to be aware of this kind of threat. To make them
understand this threat, the IT team can conduct an online phishing quiz to explain what a
student should look in both fake and legitimate emails (Perrault 2018). The It team can also
guide the student by recommending them to use proper password format while creating any
password. The training should also include information about those situations where a student
must not leave their computer unattended while working on it, as this can prevent the stealing
of important data. Another important fact that can be recommended in training is the
browsing of secured sites. The security of a site can be detected by looking at the padlock
icon and “https” in front of the website address. Using a proper firewall and proxy serves
while internet access is another thing that an academic user must know. The students must
also have proper training on the use of the unsecured network as that can be accessed by a
third party, and sensitive information can be collected by them (Frost and Hamlin 2017).
Educating students and other people can help in minimizing the chance to become a victim of
a cybercrime invasion that targets the information of the academic users.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Information security standard and guideline:
The term "standard" in information security thrives on distinguishing between written
policies, standards, and procedures. Every academic institution’s IT department should
follow a strict policy to reduce the risk of a security breach. A fundamental aspect of the
growth of the economy and society is data, and it is necessary to protect the same from
cybercriminals. For this purpose, it is necessary to create information security protection
guidelines to ensure the safety of the data. In gulf countries, there are some existing
information security standards and policies that every educational institution needs to follow.
For the security of the students, teachers, and other people, it is important to secure data
connecting them. The information technology department of an organization needs to ensure
internationally recognized information security standards while planning about structured
information security management. The information security standards provide information
about the goal of an institution in the field of protecting and securing data of their students.
Every institution needs to decide about data storage software while making guidelines for
information security. Such software act like a locker for all the files containing personal
information and other vital information that can be subject to breach. It will be important for
students, faculties, and others who have the authority to access those files to use their
credentials while using or working on any data. Every information security policy must
ensure the Data Protection policy of the governing country. As per one of the survey reports,
the majority of the college and offices in the UAE lack an adequate process of detecting and
monitoring data breaches (Kshetri 2016). Every information security protection team needs to
comply with the CIA triad while ensuring their security guidelines. Every data must be
treated as confidential, and it must have the integrity of not to be disclosed easily and, also,
every data must not be subject to unauthorized access outside its permissible location. It is the
Information security standard and guideline:
The term "standard" in information security thrives on distinguishing between written
policies, standards, and procedures. Every academic institution’s IT department should
follow a strict policy to reduce the risk of a security breach. A fundamental aspect of the
growth of the economy and society is data, and it is necessary to protect the same from
cybercriminals. For this purpose, it is necessary to create information security protection
guidelines to ensure the safety of the data. In gulf countries, there are some existing
information security standards and policies that every educational institution needs to follow.
For the security of the students, teachers, and other people, it is important to secure data
connecting them. The information technology department of an organization needs to ensure
internationally recognized information security standards while planning about structured
information security management. The information security standards provide information
about the goal of an institution in the field of protecting and securing data of their students.
Every institution needs to decide about data storage software while making guidelines for
information security. Such software act like a locker for all the files containing personal
information and other vital information that can be subject to breach. It will be important for
students, faculties, and others who have the authority to access those files to use their
credentials while using or working on any data. Every information security policy must
ensure the Data Protection policy of the governing country. As per one of the survey reports,
the majority of the college and offices in the UAE lack an adequate process of detecting and
monitoring data breaches (Kshetri 2016). Every information security protection team needs to
comply with the CIA triad while ensuring their security guidelines. Every data must be
treated as confidential, and it must have the integrity of not to be disclosed easily and, also,
every data must not be subject to unauthorized access outside its permissible location. It is the
8INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
question of credibility of the information security software installed in a security system to
work on the CIA triad.
Fig: Three main components of information security standard
(Teoh and Mahmood 2017)
Suitable security standard:
It noted that cybersecurity problems in the UAE are rising, and every educational
institution and organization should better be prepared for protecting data from malicious
attacks. Recently, a British school in Dubai has reported about a cyber attack on its network.
It is one of the incidents of phishing attacks where hackers used certain software to detect the
weak password of a student and hacked the entire system. To ensure the non-happening of
this type of risk, it is necessary to make the student understand the usage of a password. It is a
very important security standard that must be ensured in every educational institution as well
as organization, bank, and other places. A strong password must be comprised of alphabets,
numbers, lower and upper case characters. It must not comprise any part of the student name,
date of birth, or any personal information. Password is the key to open the lock of every
question of credibility of the information security software installed in a security system to
work on the CIA triad.
Fig: Three main components of information security standard
(Teoh and Mahmood 2017)
Suitable security standard:
It noted that cybersecurity problems in the UAE are rising, and every educational
institution and organization should better be prepared for protecting data from malicious
attacks. Recently, a British school in Dubai has reported about a cyber attack on its network.
It is one of the incidents of phishing attacks where hackers used certain software to detect the
weak password of a student and hacked the entire system. To ensure the non-happening of
this type of risk, it is necessary to make the student understand the usage of a password. It is a
very important security standard that must be ensured in every educational institution as well
as organization, bank, and other places. A strong password must be comprised of alphabets,
numbers, lower and upper case characters. It must not comprise any part of the student name,
date of birth, or any personal information. Password is the key to open the lock of every
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
confidential data, so it is necessary to make it strong and change it randomly for its protection
(Jarecki et al. 2016). Also, a student or other people of the institution must not use the same
password for different devices. The information security team of an institution must take
steps to monitor the right use of a password and in this way, eliminates the risk factor related
to a data breach.
Design anti-virus and remote access policy:
Anti-virus policy:
Every user of computers in an institution must know and follow the anti-virus policy of
that particular institution.
Definition: Anti-virus policies help in preventing damages of computer systems and
also ensure the protection of data, files, and hardware stored in it. Anti-virus policies
alert users about the upcoming threat and minimize the future risk that can arise while
accessing any dangerous or malicious data (Safa et al. 2015).
Scope: An anti-virus policy must contain a scope of the policy by mentioning that the
policy applies to all the computers used by the employees, faculty, vendors,
contractors, partners, students, collaborators, and others interested in the business or
research of the organization or not. It must be mentioned if any other party has the
authority to use the computers of a respected institution (Garba, Armarego and
Murray 2015).
Policy statement: Policy statement in an anti-virus policy must mention the
following;
1. Every anti-virus policy statement must contain the headline of the policy.
2. The reason for implementing the policy must be mentioned in the policy
statement.
confidential data, so it is necessary to make it strong and change it randomly for its protection
(Jarecki et al. 2016). Also, a student or other people of the institution must not use the same
password for different devices. The information security team of an institution must take
steps to monitor the right use of a password and in this way, eliminates the risk factor related
to a data breach.
Design anti-virus and remote access policy:
Anti-virus policy:
Every user of computers in an institution must know and follow the anti-virus policy of
that particular institution.
Definition: Anti-virus policies help in preventing damages of computer systems and
also ensure the protection of data, files, and hardware stored in it. Anti-virus policies
alert users about the upcoming threat and minimize the future risk that can arise while
accessing any dangerous or malicious data (Safa et al. 2015).
Scope: An anti-virus policy must contain a scope of the policy by mentioning that the
policy applies to all the computers used by the employees, faculty, vendors,
contractors, partners, students, collaborators, and others interested in the business or
research of the organization or not. It must be mentioned if any other party has the
authority to use the computers of a respected institution (Garba, Armarego and
Murray 2015).
Policy statement: Policy statement in an anti-virus policy must mention the
following;
1. Every anti-virus policy statement must contain the headline of the policy.
2. The reason for implementing the policy must be mentioned in the policy
statement.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
3. It must also contain a precise definition of various devices that comes under
the purview of the information security protection for that institution and state
restricted devices particulars.
4. In addition to this, proper mention of the anti-virus software and limitation of
its usage within the organization by the users should be declared.
5. An anti-virus policy statement must also mention things like, the name of the
network that is going to be used in the university area and restrictions of its
use, whether anti-virus software to detect threat of the network is installed in
such network or not, frequency of software update for the requirement of the
computer systems, if there is any automatic software is installed in the
network to detect virus corrupted devices, files and restrict the same.
6. A policy shall also properly mention the permission granting authority that is
going to restrict such access (Farooq 2015).
7. It must also mention whether there is going to be a different user name and
password for the visitor's access to the restricted network in the policy.
8. In some cases, policy statement also mentions about the remedies available in
case of violation of the policy like what actions can be taken and what are the
preventive measure that is available for unknowingly violating the policy.
Remote access policy:
Definition: Remote access policy provides frameworks and describes acceptable modes when
it is necessary to connect to the internal network remotely. It also provides ranges within
which range connecting devices to the institution’s internal network is accessible (Freeman et
al. 2019). It is permissible in such scenarios when a teacher or student is not physically
present on the campus, but they need to access the internal networks for their work (Peltier
2016).
3. It must also contain a precise definition of various devices that comes under
the purview of the information security protection for that institution and state
restricted devices particulars.
4. In addition to this, proper mention of the anti-virus software and limitation of
its usage within the organization by the users should be declared.
5. An anti-virus policy statement must also mention things like, the name of the
network that is going to be used in the university area and restrictions of its
use, whether anti-virus software to detect threat of the network is installed in
such network or not, frequency of software update for the requirement of the
computer systems, if there is any automatic software is installed in the
network to detect virus corrupted devices, files and restrict the same.
6. A policy shall also properly mention the permission granting authority that is
going to restrict such access (Farooq 2015).
7. It must also mention whether there is going to be a different user name and
password for the visitor's access to the restricted network in the policy.
8. In some cases, policy statement also mentions about the remedies available in
case of violation of the policy like what actions can be taken and what are the
preventive measure that is available for unknowingly violating the policy.
Remote access policy:
Definition: Remote access policy provides frameworks and describes acceptable modes when
it is necessary to connect to the internal network remotely. It also provides ranges within
which range connecting devices to the institution’s internal network is accessible (Freeman et
al. 2019). It is permissible in such scenarios when a teacher or student is not physically
present on the campus, but they need to access the internal networks for their work (Peltier
2016).
11INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Scope: In a remote access policy, the scope of the policy must mention about the
devices to which this particular policy is going to be applicable and also designations
of the specific person who will fall under the purview of the remote-access policy.
Policy statement: A policy statement mentions permissible manners and behaviors in
cases of a remote access policy. The following things must be mentioned in cases of
remote access policy statement;
1. A remote access policy must mention the definition of accessible devices, the
purpose of the policy.
2. It must mention about all available methods to remotely connect with internal
resources like dial-in, Integrated Services Digital Networks or Frame Relay,
telnet, Cable modem.
3. The remote access policy statement must specify that users, while using
networks outside the institution area, must comply with other institutional
policies
4. The policy should mention some requisite guidelines about the usage of those
devices which are going to be used externally.
5. It must also mention about whether devices which going to be used from
outside by connecting through the internal networks, needs to go through a
prior quality check or not by the information security team of an institution to
minimize data violation risk.
6. Other important things like duration till when one user can be connected with
the remote networks must be mentioned.
7. A remote access policy statement must also mention the restrictions about
downloading and transferring confidential data on remote devices, dropbox
and google drive and in cases loss of remote devices connected with the
Scope: In a remote access policy, the scope of the policy must mention about the
devices to which this particular policy is going to be applicable and also designations
of the specific person who will fall under the purview of the remote-access policy.
Policy statement: A policy statement mentions permissible manners and behaviors in
cases of a remote access policy. The following things must be mentioned in cases of
remote access policy statement;
1. A remote access policy must mention the definition of accessible devices, the
purpose of the policy.
2. It must mention about all available methods to remotely connect with internal
resources like dial-in, Integrated Services Digital Networks or Frame Relay,
telnet, Cable modem.
3. The remote access policy statement must specify that users, while using
networks outside the institution area, must comply with other institutional
policies
4. The policy should mention some requisite guidelines about the usage of those
devices which are going to be used externally.
5. It must also mention about whether devices which going to be used from
outside by connecting through the internal networks, needs to go through a
prior quality check or not by the information security team of an institution to
minimize data violation risk.
6. Other important things like duration till when one user can be connected with
the remote networks must be mentioned.
7. A remote access policy statement must also mention the restrictions about
downloading and transferring confidential data on remote devices, dropbox
and google drive and in cases loss of remote devices connected with the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 19
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.