Premium Essay

Information Systems Security Policy

In:

Submitted By Jenn294133
Words 4971
Pages 20
micros

®

MICROS Systems, Inc.
Enterprise Information
Security Policy
(MEIP)

Revision 8.0

August, 2013

________________________________________________________________________
1
MICROS Systems, Inc.
Enterprise Information Security Policy

Version 8.0
Public

Table of Contents
Overview – Enterprise Information Security Policy/Standards:
I.

Information Security Policy/Standards – Preface……………....5

I.1

Purpose …………….……………………………………………...5

I.2

Security Policy Architecture ………………….………………….6

I.3

Relation to MICROS Systems, Inc. Policies……………………..6

I.4

Interpretation………………………………………………….…..7

I.5

Violations…………………………………………………….….....7

I.6

Enforcement…………………………………………….................7

I.7

Ownership………………………………………………................7

I.8

Revisions…………………………………………………………..7

II.

Information Security Policy - Statement………………………..8

MICROS Enterprise Information Security Policy (MEIP):
1. Information Security Organization Policy (MEIP-001)...……....9
2. Access Management Policy (MEIP-002)…………………………10
3. Systems Security Policy (MEIP-003)...…….…………………......11
4. Network Security Policy (MEIP-004)…………………………….12
________________________________________________________________________
2
MICROS Systems, Inc.
Enterprise Information Security Policy

Version 8.0
Public

5. Application Security Policy (MEIP-005)…..………………………13
6. Data Security/Management Policy (MEIP-006)……………….14-15
7. Security Incident Handling Policy (MEIP-007)..………………....16
8. Security Operations Policy (MEIP-008)..…………………….…...17

9. Personal Information Protection Policy (MEIP-009)…………….18
10. Medical Information Privacy Policy (MEIP-010)…………..........19

11. Personnel Security Policy (MEIP-012) ……..……......................20

12. Physical & Environmental Security Policy (MEIP-013)..............21

13.

Similar Documents

Premium Essay

Human Resources Security Information

...Human Resources Information Security Standards Human Resources Information Security Standards Standards August 2009 Project Name Product Title Version Number Human Resources Information Security Standards Standards 1.2 Final V1.2 Final Page 1 of 10 Human Resources Information Security Standards Document Control Organisation Title Author Filename Owner Subject Protective Marking Review date Wokingham Borough Council Human Resources Information Security Standards Steve Adamek, Head of Business Systems G\Government Connect\WBC Policies Head of Business Systems IT Policy Internal Public April 2010 Revision History Revision Date Revisor Previous Version Description of Revision V2.1 V2.2 V2.3 V2.4 V1.0 V1.1 V1.2 Laura Howse Laura Howse Steve Adamek Laura Howse Laura Howse Laura Howse Laura Howse 2.0 2.1 2.2 2.3 2.4 1 1.1 Updated to include WBC references Updated to incorporate WBC changes Updated to incorporate Unison changes Updated to incorporate Unison changes Final Version Updated to include feedback from Human Resources Updated to include feedback from Human Resources Document Approvals This document requires the following approvals: Sponsor Approval Name Date Director of Transformation General Manager for Business Services & Section 151 Officer Head of Business Systems Deputy Head of Human Resources Computacenter Service Manager (Outsourced IT Provider) Document Distribution Andrew Moulton Graham Ebers Steve Adamek Maureen Vaughan-Dixon...

Words: 2757 - Pages: 12

Premium Essay

Password Guidance

...cy/index.html Retrieved on February 27, 2014 nist.gov. (2011).NIST Policy on Information Technology Resources Access and Use. Retrieved from http://www.nist.gov/director/oism/itsd/policy_accnuse.cfm Retrieved on February 27, 2014 HHS, 2007. HIPAA Security Series. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/adminsafeguards.pdf Retrieved on March 8, 2014Task 1Heart Healthy Information Security Policy:The information security policy is divided into two major parts – the policy for any new user entering the organization and the password management:New Users:All the new users will get appropriate access and rights, which will be reflective of their responsibilities in the organization. These accesses will enable the user to access all the required data files and information to complete their tasks. While assigning the rights and accesses to the new user a a document should be signed between the new user and the supervisor which will detail all the roles and responsibilities that the user will perform and also the corresponding access and rights. In case the user requires any administrator access then signature of the respective manager will be required. All the new users will have to undergo an orientation program and some additional training which will tell them about the work place, work culture, security policies, information security policies etc. The additional trainings will focus on password management, remote device protection, file downloads...

Words: 283 - Pages: 2

Premium Essay

Maintaining Information Systems Security

...Maintaining Information Systems Security Akilah S. Huggins University Of Phoenix CMGT/400 August 11, 2014 Maintaining Information Systems Security Introduction With the growing development of information systems and networks, security is a main concern of organizations today. The fundamental objectives of information systems security are privacy, integrity, and accessibility. The foundation of organization's security lies in planning, creating and actualizing proper information systems' frameworks' security strategy that adjusts security objectives with the organization's requirements. In this paper the objective is to describe the importance of policies and standards for maintaining information systems security. Specifically, the paper include the discussion of the role employees—and others working for the organization to maintain the information systems security. Also the position paper aim to examine the different levels of security and how an organization can provide the proper level of effort to meet each information security need and how this relates to what is in an organization’s information security policy. Thesis Statement The aim and objective of the underlying paper is to analyze and evaluate the phenomena of maintaining information system security. Importance of Policies and Standards for Maintaining Information Systems Security. Information system security policies primarily address threats. The...

Words: 1235 - Pages: 5

Premium Essay

Term

...Information Security Program Guide For State Agencies April 2008 Table of Contents INTRODUCTION .......................................................................................................................................................3 A SUGGESTED IMPLEMENTATION STRATEGY .............................................................................................5 SECURITY COMPONENTS ...................................................................................................................................12 RISK MANAGEMENT ................................................................................................................................................12 POLICY MANAGEMENT ............................................................................................................................................14 ORGANIZING INFORMATION SECURITY ....................................................................................................................16 ASSET PROTECTION .................................................................................................................................................18 HUMAN RESOURCES SECURITY ...............................................................................................................................20 PHYSICAL AND ENVIRONMENTAL SECURITY ...........................................................................................................22 COMMUNICATIONS...

Words: 14063 - Pages: 57

Premium Essay

Network Security Policy

...July-December 2008 p. 7-21 Network Security: Policies and Guidelines for Effective Network Management Jonathan Gana KOLO, Umar Suleiman DAUDA Department of Electrical and Computer Engineering, Federal University of Technology, Minna, Nigeria. jgkolo@gmail.com, usdauda@gmail.com Abstract Network security and management in Information and Communication Technology (ICT) is the ability to maintain the integrity of a system or network, its data and its immediate environment. The various innovations and uses to which networks are being put are growing by the day and hence are becoming complex and invariably more difficult to manage by the day. Computers are found in every business such as banking, insurance, hospital, education, manufacturing, etc. The widespread use of these systems implies crime and insecurity on a global scale. In addition, the tremendous benefits brought about by Internet have also widened the scope of crime and insecurity at an alarming rate. Also, ICT has fast become a primary differentiator for institution/organization leaders as it offers effective and convenient means of interaction with each other across the globe. This upsurge in the population of organizations depending on ICT for business transaction has brought with it a growing number of security threats and attacks on poorly managed and secured networks primarily to steal personal data, particularly financial information and password. This paper therefore proposes some policies and guidelines that should...

Words: 3892 - Pages: 16

Premium Essay

It Ceo

...System Security Plan University of Texas Health Science Center School of Public Health Note: This is simply a template for a NIH System Security Plan. You will need to complete, or add content, to many of the sections depending on your specific project with NIH. We have highlighted all the instruction areas in yellow. Please review each section carefully and contact SPH IT Services for any additional details. 1. Information System Name/Title [Enter the name of the system (or systems)] 2. Information System Owner [Enter the name and contact information for the system owner] Derek Drawhorn Asst Dean, Information Technology Services University of Texas Health Science Center Houston School of Public Health 1200 Herman Pressler Suite RAS E-17 Houston, TX 77030 (713) 500-9533 Derek.d.drawhorn@uth.tmc.edu 3. Other Designated Contacts, Including Those with “root” Access. [Enter the names and contact information for any other critical technical or administrative contacts for this system. This should include the IT (policy) director, system administrators, data center contacts, etc] Chris Harvey Asst Director, Information Technology Services University of Texas Health Science Center Houston School of Public Health 1200 Herman Pressler Suite RAS E-17 Houston, TX 77030 (713) 500-9544 Christopher.m.harvey@uth.tmc.edu 4. Assignment of Security Responsibility [Who is responsible for implementing security policy? Enter the name and contact information...

Words: 2842 - Pages: 12

Premium Essay

Nt1310 Unit 9 Paper

... Include the documentation that would be required to prove compliance and describe in detail how you would review the documentation, conduct interviews and system demonstrations. Answer: Section 12 of PCI DSS audit deals with the maintaining a policy that addresses information security for all personnel, a strong policy helps the organization to ensure information security and through the awareness and dissemination of policies to the employees we can ensure that everyone is aware of their responsibilities and we can ensure sense of responsibility for securing the cardholder data. It has 11 major requirements, under the process which I will...

Words: 1569 - Pages: 7

Premium Essay

The Term Paper

...Course: Name INFORMATION SECURITY...

Words: 2530 - Pages: 11

Premium Essay

Alternating State Government It Security Policies

...Alternating State Government IT Security Policies University of Maryland University College Europe Instructor: Professor Cybersecurity in Government Organizations CSIA 360 24 April 2016 The purpose of IT Security Policies within the state governments IT security policies are the foundation that any business or government should have implemented with their IT systems before the systems are going to be accessed or in other terms used by users and or customers. The successful implementation of such IT security policies are necessary for the infrastructure of IT systems that are going to be operated safely. IT security policies normally are papers that address the requirements of the system’s rules that are to be fulfilled, which usually is a defined set of rules. The individual IT security policy addresses a specific area in detail like such as an acceptable user policy that outlines how the system is to be used with what each user can perform on the system (SANS, 2016). Each individual state is responsible for implementing its own IT security policy because there is no precise must do practice in place when it comes to fulfilling IT security policies for the state governments. State agencies and offices are responsible for their own IT security policies. Each state addresses IT security policies and the associated problems with implementing these, but two states barely mention the topic, which reflects with rare information concerning their cybersecurity plans...

Words: 1515 - Pages: 7

Premium Essay

Information Security for Managers

... Information Security for Managers Submitted By: Student Number: Submitted Date: January 22, 2009 Table of Contents 1. Information Security Policy (Word Count = approx. 1000) 3 1.1 Security: 3 1.2 Policy: 3 1.3 Information Security Policy and its importance: 4 1.4 Policies, Procedures, Practices, Guidelines 5 1.5 Example of good policy statement 6 1.6 Possible structure of information security policy documents 7 1.7 Strategies and techniques to implement information security policies 8 2. Developing the Security Program(Word Count = approx. 500) 9 3. Security Management Models and Practices (Word Count = approx. 500) 11 A. ISO/IEC Model 11 B. NIST Security Model 11 C. RFC 2196 11 D. COBIT 11 E. COSO 12 4. List of References: 13 1. Information Security Policy 1.1 Security: Security has been a real issue for this century. Due to the new emerging technology like RFID and wireless devices there have been various issues regarding privacy and security of person and an enterprise. Security can be understood as a condition to protect against unauthorized access. In terms of IT, security can be categorized into application security, computing security, data security, information security, and network security. Source: (Whitman & Mattord 2007, p.5) Even though all of these security fields need to be monitored in an enterprise, for instance in this document we are concerned only with information security. Information security...

Words: 2401 - Pages: 10

Premium Essay

Cmgt400 Week 4 Individual

...The Role of Information Security Policy A successful Information Security Program is determined by how the security policy for an organization is developed, how it is implemented, and maintained. An effective sound security policy creates a solid foundation for an information system. The policy makers must emphasize that within the organization, the role played by information security is of paramount importance. The system administrator is responsible for setting employees’ roles, authenticating the identities of employees, setting access levels, logging security-relevant transactions, initiating awareness efforts, and ensuring that the information security objectives are met. In addition, the security policy for the organization must entail reduced risks to the system, comply with laws and regulations, ensure essential content and operational continuity, information integrity, and maintain confidentiality. The importance of policies and standards for maintaining information systems security The security goals and policies of an organization are best implemented by the organization’s management through their ability to create an effective work environment for the employees. Information security policies are often the most difficult to implement yet they are the least expensive means of control. Whitman (2011) referenced Charles C. Wood who stated that, “Policies are important reference documents for internal audits and resolution of legal disputes about an organization’s...

Words: 1329 - Pages: 6

Free Essay

Upload

...Fundamentals of Information Systems Security Lesson 1 Information Systems Security Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 1 Learning Objective  Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn Page 2 Key Concepts  Confidentiality, integrity, and availability (C-I-A) concepts  Layered security solutions implemented for the seven domains of a typical IT infrastructure  Common threats for each of the seven domains  IT security policy framework  Impact of data classification standard on the seven domains Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn Page 3 DISCOVER: CONCEPTS Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn Page 4 Introducing ISS ISS Information Systems Information Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn Page 5 The C-I-A Triad Fundamentals of Information Systems Security - Contact: hieuld2@fpt.edu.vn Page 6 Confidentiality Personal Data and Information • Credit card account numbers and bank account numbers • Social security numbers and address information Intellectual Property • Copyrights, patents, and secret formulas • Source code, customer databases...

Words: 1090 - Pages: 5

Premium Essay

Policy

...Information Security Policy Best Practice Document Produced by UNINETT led working group on security (No UFS126) Authors: Kenneth Høstland, Per Arne Enstad, Øyvind Eilertsen, Gunnar Bøe October 2010 © Original version UNINETT 2010. Document No: Version / date: Original language : Original title: Original version / date: Contact: © English translation TERENA 2010. All rights reserved. GN3-NA3-T4-UFS126 October 2010 Norwegian “UFS126: Informasjonsikkerhetspolicy” July 2010 campus@uninett.no UNINETT bears responsibility for the content of this document. The work has been carried out by a UNINETT led working group on security as part of a joint-venture project within the HE sector in Norway. Parts of the report may be freely copied, unaltered, provided that the original source is acknowledged and copyright preserved. The translation of this report has received funding from the European Community's Seventh Framework Programme (FP7/2007-2013) under grant agreement n° 238875, rel ating to the project 'Multi-Gigabit European Research and Education Network and Associated Services (GN3)'. 2 Table of Contents EXECUTIVE SUMMARY INTRODUCTION 1 1.1 1.2 4 5 6 6 6 INFORMATION SECURITY POLICY Security goals Security strategy 2 3 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 ROLES AND AREAS OF RESPONSIBILITY PRINCIPLES FOR INFORMATION SECURITY AT Risk management Information security policy Security organization Classification and control...

Words: 6043 - Pages: 25

Premium Essay

Cmgt 582 Team Paper

...Hospital Risk Assessment & Security Audit Patton-Fuller Community Hospital Risk Assessment & Security Audit Risk assessment and threat assessment should go hand-in-hand.The outcome of the risk assessment and threat assessment should provide recommendations that maximize the protection of confidentiality, integrity and availability while still providing functionality and usability. The purpose of a risk assessment is to ensure sensitive data and valuable assets are protected. An organization should take a hard look at who has access to sensitive data and if those accesses are required. The security audit should monitor the companies systems and users to detect illicit activity.The security audit should include searches for security events and the abuse of user privileges, along with a review of directory permissions, payroll controls, accounting system configurations, ensure backup software is configured, and backups are completed as required, review network shares for sensitive information with wide-open permissions. During the security audit, a report of offices should be conducted to ensure security policies and procedures are followed. Security Management Currently, PFCH has a Chief Compliance Officer in place to ensure the hospital meets all laws and regulations regarding patient privacy. The CCO is responsible for developing, implementing, and maintaining a system-wide Corporate Compliance program. The COO also oversees the Security Officer, the Director of Medical...

Words: 3451 - Pages: 14

Free Essay

Pci Dss Security Policy Template

...P01 - Information Security Policy Document Reference Date Document Status Version Revision History P01 - IS Policy Final 1.0 Table of Contents 1. 2. 3. 4. 5. 5.1. 5.2. 5.3. 5.4. 5.5. 5.6. 5.6.1. 5.6.2. 5.6.3. 5.6.4. 6. 6.1. 6.2. Policy Statement ....................................................................................................................... 3 Review and Update of the Policy Statement .......................................................................... 3 Purpose ...................................................................................................................................... 3 Scope.......................................................................................................................................... 3 Information Security Framework ........................................................................................... 3 Reporting Structure for the Business .......................................................................................... 3 Associated Teams....................................................................................................................... 4 Annual Policy Review................................................................................................................ 4 Policy Breaches .......................................................................................................................... 4 Individual Policies ......................

Words: 1892 - Pages: 8