Case Firewall
Policy
Overview
Version 0.7 DRAFT
Last Revision Date: April 15, 2008
Approval Date: DRAFT
Approval Authority: Case Chief Information Security Officer
Purpose
The Case firewall policy defines where and when
firewall
implementations are made in the Case network.
Scope
This policy applies to all information technology
systems that use the Case network infrastructure.
Cancellation
Not applicable.
General
All network infrastructure on the Case campus are installed and
maintained by Case IT
Services. All hardware firewalls shall be operated and
maintained exclusively by Case IT Services (Technical
Infrastructure Services). Written exceptions are granted by on a
case-by-case basis based on an assessment of security risk and
operational necessity. In general any partitioning of Case
networks by users or user groups is prohibited.
Firewall Changes
Operational firewall changes shall be
implementeded by the ITS
Technical Infrastructure Services (TIS) group in accordance with
Procedure II-5a Firewall Change Procedure.
Departments with operational needs and IT implementations that require
firewall-based security provisions are encouraged to communicate
business needs to the TIS group in the earliest phase of project
implementation.
Software Firewalls
Software firewalls, also known as personal
firewalls, are encouraged to
enhance the security posture of hosts connected to Case networks.
Responsibility
Chief Information Architect: Defines overall nework architecture
and design.
Chief Information Security Officer: The authority for defining
security posture and acceptable level of risk.
Standards Review Cycle
This standard will be reviewed every two years on the anniversary of
the
policy effective date, at a minimum. The standard may be reviewed on a
more frequent basis depending on changes of risk exposure.
|
