HOM/Security Measures

From Future Worlds Center Wiki
Jump to navigationJump to search

SECURITY MEASURES

Access to Hotline Investigations Office

The following measures guarantee maximum security regarding the access to the office spaces in which investigations and reporting is made.

  • The office must be held locked at all times.
  • The Hotline Operator is in charge of keys to the office and keeps records of who has copies of such keys.
  • Only staff authorized by the Hotline Operator can access the office in which reports are processed.
  • Only staff authorized by the Hotline Operator can access the computers, which are used for investigation and processing of reports.
  • Only staff authorized by the Hotline Operator can perform maintenance tasks on any computers used for investigation and processing reports.

Computer

  • Only staff authorized by the Hotline Operator can access computer for report processing
  • All external drivers (CD-ROM, floppy, etc) are disabled
  • Computer enclosure must be locked to prevent access to the computer from others
  • Computer hard drive is encrypted and password protected
  • Computer BIOS is password protected
  • Log in is password protected
  • Computer for report processing has a minimal configuration and only absolutely necessary software installed
  • Network access is limited with a firewall.

Web/Database Server

The database in which reports are stored is located physically on a separate server. The following measures guarantee the safety of this server and its data:

  • The database Server is located within the secure space of the Hotline Operator’s office.
  • Only staff authorized by the Hotline Operator can access server for repairs, hardware upgrades, etc
  • If any other person needs to access the Hotline database server, s/he must be accompanied by the Hotline Operator, or by a person authorized by the Hotline Operator.
  • The Hotline’s database is backed up on a daily basis automatically.
  • The Hotline’s database backups are encrypted and stored at a location different from the Hotline Operator’s office secured by the management of the implementing organization.
  • All sensitive information stored on the Hotline server’s database is encrypted.
  • The server on which the Hotline’s database is hosted has a minimal configuration and only absolutely necessary software installed.
  • The Hotline Database includes the following records: Report ID (created automatically by the software); date and time of the reporting; text inserted by the person making the report in the subject line; type of content reported by the person that filed the report.
  • Every other record (traceroute, whois, etc.) is stored in database in form of encrypted files.
  • Screenshots are not recorded at all; instead a link to those is recorded.
  • Site mirror is provided for case of primary server failure.