Computer Network and Communication Security Sample Clauses

Computer Network and Communication Security. This section identifies requirements for the protection of sensitive or confidential information on computer networks. The organization must: Document network security controls; Ensure security features are implemented in their networks; Document, implement, and manage changes to network security controls and security management practices to protect information systems from security threats; Ensure segregation of services, information systems, and users to support business requirements based on the principles of least privilege, management of risk and segregation of duties; Ensure implementation of network controls to prevent unauthorized access or bypassing of security control; Ensure electronic messaging services are protected commensurate to the value and sensitivity of message content, and approved for use by the Government Chief Information Officer; and, Ensure information transfers between government and external parties are protected using industry standard tools. This section addresses the response and management of information incidents, including privacy breaches, in order to take the appropriate steps to mitigate the risk of harm. The organization must establish information incident management policies and procedures, as appropriate, to ensure quick, effective and orderly response to information incidents. Employees must immediately report suspected or actual information incidents in accordance with the organization’s Information Incident Management Policy.