Network Security is an ever-growing threat to our organization and as such we must be prepared to handle any situation that may arise. Below is a set of standards that at minimum must be configured in order to assure that the storage of data is compliant with local laws and meets governance standards, as well as ensuring the safety and security of each individual location.
The purpose of this policy is to define Network security assessments within The Diocese of Paterson. Network security assessments should be performed to identify potential or realized weaknesses as a result of inadvertent misconfiguration, weak authentication, insufficient error handling, sensitive information leakage, etc. Discovery and subsequent mitigation of these issues will limit the attack surface of The Diocese of Paterson’s services available both internally and externally as well as satisfy compliance with any relevant policies in place.
This policy covers all Network assessments requested by any individual, group or department for the purposes of maintaining the security stance, compliance, risk management, and change control of technologies in use at The Diocese of Paterson where the entity is insured by the diocese and are working with large amounts of user data or work with any of the following types of information (Protected Health Information [PHI], Personally Identifiable Information [PII], Payment Card Information [PCI-DSS]), FERPA, CIPA, COPPA, HIPAA.
Network Management, Physical Security and Licensed Hardware must follow these specific standards in order to ensure compliance with our insurance as well as ensure the confidentiality, integrity and availability within the network. As such the following baseline standards must be held in order to make sure that minimum satisfactory levels of security are upheld and user data is protected.