close

What Is Truth to Power?

[+] A research and advisory resource...

dedicated to bridging the gaps between governance and practice, technology and business, regulation and control, risk management and real market pressures, and your own knowledge and the knowledge of your peers.

[+] An open forum and community...

built to create a common pool of knowledge—one big brain—that lets you work more efficiently, build technology and business practices more effectively, and endure audits more effortlessly.

[+] A plexus nexus...

a neutral hub through which you can reach many valuable information nodes, resource collections, and organizations that are helping people like you already, but in fractured ways.

[+] A rebellion...

against the idea that auditors, analysts, and consultancies can control information simply through their ability to collect and distill it. T2P's goal is to unlock the vast body of knowledge, insight, and conventional wisdom that we all have, make it freely available to you, and help you digest and interpret it—without undue cost, bias, or hype.

Top Panel
WHAT IS T2P?
Top Panel
Submit in FaceBook
Submit Acceptable%20Use%2C%20Virtual%20Private%20Network%20%28VPN%29%20%28Policy%29 in Google Bookmarks
Tweet this!
|
Print
E-mail
 
Acceptable Use, Virtual Private Network (VPN) (Policy)
------- INDEX AND GLOSSARY. DO NOT CHANGE OR DELETE! ----------

Open IT Policy Index

-------------------------------------------------------------------------------------------------

Overview and Purpose

[variable: Covered Organization] provides a virtual private network (VPN) that enables users to securely access network resources from computers and devices outside of the [variable: Covered Organization] network. The VPN provides several benefits to the organization and its constituents, including:

  • The protection of communications and transmissions between the user and organizational systems
  • The protection of sensitive organizational systems and information from unauthorized access
  • Greater control by the organization over network traffic access and routing, increasing the efficiency and security of activities performed through the VPN

This policy defines appropriate users and uses for the [variable: Covered Organization] VPN.

Coverage

All employees, contractors, vendors, volunteers and other personnel who use the VPN for remote access to [variable: Covered Organization] protected networks and internal resources.

Definitions

Policy

  • Any machine, personal or otherwise externally owned or operated, that connects to the [variable: Covered Organization] network through the VPN is considered a facto extension of network and is subject to the same standards and rules that cover company-owned equipment.
    • Use of the VPN is subject to [variable: Covered Organization] Acceptably Use policies for Internet use, e0mail, and any other traffic over the protected connection.
    • VPN users must ensure that any computer through which they access the VPN (including personal computers, if applicable) are provisioned with and running antivirus software. Antivirus software should be consistent with the corporate standard and reflect the latest available updates.
    • Any user who accesses the [variable: Covered Organization] internal network through the VPN from a personal computers or any other computer that is not owned by [variable: Covered Organization] must ensure that the external device is configured in compliance with [variable: Covered Organization] VPN and network access policies.
  • Access and authentication
    • The VPN is a secure system. Individuals must be authorized to use the VPN by an appropriate manager or IT representative.
    • VPN access must be controlled through a user authentication mechanism.
    • Users may not share their VPN login credentials and should take all reasonable efforts to avert accidental disclosure of login credentials.
    • Managers may not assign or encourage the use of group login credentials through which more than one individual may access the systems under single user identity.
    • Users may not employ artificial processes to keep VPN connection open during idle periods longer than [variable: Time frame]
    • Only approved clients may be used for VPN access to internal networks. Unapproved and user-created VPN connections will not be permitted on the internal network.
  • VPN configuration and management
    • The VPN will be configured and managed by the [variable: Covered Organization][variable: Operational group responsible for VPN configuration and management].
    • The VPN must be configured to automatically disconnect after [variable: Time period] of inactivity.
    • The VPN must be configured so that, when the user is connected via the VPN to the corporate network, all network traffic to and from the PC will be forced through the VPN tunnel. All other traffic will be dropped.
    • The VPN does not replace general Internet access or ISP-provided services. Users who require Internet service for legitimate work responsibilities must separately manage those services.

Enforcement

Violation of this policy may result in disciplinary action which may include performance sanctions; termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Additionally, individuals are subject to restriction or suspension of [variable: Covered Organization] email privileges, as well as civil and criminal prosecution.

Supporting Documentation

This policy is supported by the following rules, standards, and procedures:

  • [variable: internal documents (with links, if available)]
  • [variable: external documents (with links, if available)]

Policy Support Contact

  • [variable: title (not personal name) of role responsible for overseeing this procedure]
  • [variable: Contact information of office responsible for overseeing this procedure]

Policy Publication Date

[variable: Policy publication date]

Revision(s)

  • [variable: Policy revision date]

References

  • None yet specified

Policy Models
 
Hide comment form

Antispam Refresh image Case sensitive

T2P RECOMMENDS:

AuditNet logo
AuditNet is an online portal for auditors. Created and run by the venerable Jim Kaplan, the organization's mission is to develop a complete "utility" for audit-related information, products, and services.

T2P RECOMMENDS:

The BeyeNETWORK provides resources and professional community support for business intelligence, performance management, data warehousing, data integration and data quality.

T2P RECOMMENDS:

IIA Logo

The Institute of Internal Auditors (IIA) is a powerful research and guidance organization focusing on audit principles and processes for business and IT functions. IIA guidance related to information control includes the Global Technology Audit Guide (GTAG) series and the Guide to the Assessment of IT Risk (GAIT) series.