Name:
IT 255
Unit 3 Assignment 1: Remote Access Control Policy Definition

Remote Access Control Policy
I. Technician responsible for: - Remote Access will be controlled. Control will be enforced one time via password authentication. - Richman’s employees shouldn’t provide their login or email password to any one even their family members. - Richman’s employees with remote access privileges must ensure that their workstation or personal computer. Which is remotely connect to Richman’s company network - All hosts that are connecting to Richman internal network via remote access must use the most up to date antivirus software. This includes personal computers. - All confidential and personal information transmitted via a remote access connection must be encrypted prior to transmission or sent through an encrypted tunnel, except for where the remote connection forms a direct part of the Richman network. - Remote access connections must only be used for approved Richman company purposes in a lawful and ethical manner. - All passwords used to access remote access connections must be created and managed in accordance with the Richman password standards policy. - Remote access user must force to change their password at their first logon. - All remote access sessions which are inactive for more than 30 minutes must be automatically ‘locked’ or logged out. - All remote access sessions must be monitored and logged.
II. Users responsible for: - Ensuring they only use remote access accounts and passwords which have been assigned to them. - Ensuring all remote access account passwords assigned to them are kept confidential at all times and not shared with others. - Changing their passwords at least every 90 days or when instructed to do so by designated system administrators, network administrators. - Respecting and protecting the privacy and confidentiality of the information they process at all times. - Ensuring they use their remote access connection in a lawful and ethical manner at all times.
III. Rationale for using this policy - The purpose of this policy is to define secure standards for connecting to the Richman network from a computer or device located outside of the Richman network - The Richman reserves the right to take such action against users who breach the conditions of this policy. Richman employees who breach this policy may be denied access to the organizations information technology resources, and maybe subject to disciplinary action. Including suspension and dismissal as provided for in the Richman disciplinary procedure.

- The Richman Company will refer any use of its I.T. resources for illegal activities to the appropriate law enforcement agencies.

Reference: http://www.hse.ie/eng/services/Publications/pp/ict/Remote_Access_Policy.pdf http://www.sans.org/security-resources/policies/Remote_Access_Policy.pdf