HOM/Security Measures: Difference between revisions

From Future Worlds Center Wiki
Jump to navigationJump to search
No edit summary
No edit summary
 
(One intermediate revision by the same user not shown)
Line 9: Line 9:
*Only staff authorized by the Hotline Operator can access the computers, which are used for investigation and processing of reports.
*Only staff authorized by the Hotline Operator can access the computers, which are used for investigation and processing of reports.
*Only staff authorized by the Hotline Operator can perform maintenance tasks on any computers used for investigation and processing reports.
*Only staff authorized by the Hotline Operator can perform maintenance tasks on any computers used for investigation and processing reports.
== Computer ==
*Only staff authorized by the Hotline Operator can access computer for report processing
*All external drivers (CD-ROM, floppy, etc) are disabled
*Computer enclosure must be locked to prevent access to the computer from others
*Computer hard drive is encrypted and password protected
*Computer BIOS is password protected
*Log in is password protected
*Computer for report processing has a minimal configuration and only absolutely necessary software installed
*Network access is limited with a firewall.
== Web/Database Server ==
The database in which reports are stored is located physically on a separate server. The following measures guarantee the safety of this server and its data:
<br>
*The database Server is located within the secure space of the Hotline Operator’s office.
*Only staff authorized by the Hotline Operator can access server for repairs, hardware upgrades, etc
*If any other person needs to access the Hotline database server, s/he must be accompanied by the Hotline Operator, or by a person authorized by the Hotline Operator.
*The Hotline’s database is backed up on a daily basis automatically.
*The Hotline’s database backups are encrypted and stored at a location different from the Hotline Operator’s office secured by the management of the implementing organization.
*All sensitive information stored on the Hotline server’s database is encrypted.
*The server on which the Hotline’s database is hosted has a minimal configuration and only absolutely necessary software installed.
*The Hotline Database includes the following records: Report ID (created automatically by the software); date and time of the reporting; text inserted by the person making the report in the subject line; type of content reported by the person that filed the report.
*Every other record (traceroute, whois, etc.) is stored in database in form of encrypted files.
*Screenshots are not recorded at all; instead a link to those is recorded.
*Site mirror is provided for case of primary server failure.
[[Category:Hotline Manual]]

Latest revision as of 03:34, 12 September 2011

SECURITY MEASURES

Access to Hotline Investigations Office

The following measures guarantee maximum security regarding the access to the office spaces in which investigations and reporting is made.

  • The office must be held locked at all times.
  • The Hotline Operator is in charge of keys to the office and keeps records of who has copies of such keys.
  • Only staff authorized by the Hotline Operator can access the office in which reports are processed.
  • Only staff authorized by the Hotline Operator can access the computers, which are used for investigation and processing of reports.
  • Only staff authorized by the Hotline Operator can perform maintenance tasks on any computers used for investigation and processing reports.

Computer

  • Only staff authorized by the Hotline Operator can access computer for report processing
  • All external drivers (CD-ROM, floppy, etc) are disabled
  • Computer enclosure must be locked to prevent access to the computer from others
  • Computer hard drive is encrypted and password protected
  • Computer BIOS is password protected
  • Log in is password protected
  • Computer for report processing has a minimal configuration and only absolutely necessary software installed
  • Network access is limited with a firewall.

Web/Database Server

The database in which reports are stored is located physically on a separate server. The following measures guarantee the safety of this server and its data:

  • The database Server is located within the secure space of the Hotline Operator’s office.
  • Only staff authorized by the Hotline Operator can access server for repairs, hardware upgrades, etc
  • If any other person needs to access the Hotline database server, s/he must be accompanied by the Hotline Operator, or by a person authorized by the Hotline Operator.
  • The Hotline’s database is backed up on a daily basis automatically.
  • The Hotline’s database backups are encrypted and stored at a location different from the Hotline Operator’s office secured by the management of the implementing organization.
  • All sensitive information stored on the Hotline server’s database is encrypted.
  • The server on which the Hotline’s database is hosted has a minimal configuration and only absolutely necessary software installed.
  • The Hotline Database includes the following records: Report ID (created automatically by the software); date and time of the reporting; text inserted by the person making the report in the subject line; type of content reported by the person that filed the report.
  • Every other record (traceroute, whois, etc.) is stored in database in form of encrypted files.
  • Screenshots are not recorded at all; instead a link to those is recorded.
  • Site mirror is provided for case of primary server failure.