Network security management Sample Clauses

Network security management. The Supplier must provide that it has, and maintains throughout the term of this Agreement, a procedure in place to manage network threats, vulnerabilities and risks.

Network security management. DoIT staff routinely become aware of advanced persistent threats (APTs), or generally hostile state actors attacking state and local governments, universities and other ICN constituents. DoIT will provide network security and managed services, including scanning for vulnerabilities on

Network security management. 1. NautaDutilh manages and controls its networks and properly protects them against threats and maintains security for the information assets that use the network, including information assets that are transmitted.

Network security management. The IT Manager is responsible for managing and controlling the computer networks, for ensuring the security of information in networks, and for protecting the services connected to the networks from unauthorized access. It company policy that the network is managed in such a way that the IT Manager is required a. to separate the operational responsibility for networks from the responsibility for sensitive applications and other systems b. to protect sensitive data passing over the public network by protect the data with encryption. c. to protect sensitive data passing over wireless networks by using of WPA2 protocol d. to protect equipment connecting to the network from remote locations by user of VPNs e. to segregate traffic coming in from mobile devices, set up unique firewall policies, static routes, Virtual Local Area Networks, etc. f. to ensure the availability of network services by providing adequate bandwidth and needed bypasses in case of network failure, monitoring all points within the network.

Network security management. Physical Security - The GSP must provide a copy of its policy restricting physical access to all in-house facilities and equipment.

Network security management. The Supplier shall (and shall ensure that its Subcontractors shall) maintain the appropriate confidentiality, integrity, and availability of Lloyd’s Information, by: • utilising secure network architecture and operations; • ensuring that networks carrying Lloyd’s Information are designed, built, monitored, and managed according to industry standards, best practices and frameworks e.g. ISO27001, TOGAF, OWASP ITIL, etc. such that they enforce the required information security policy boundaries. These boundaries must prevent unauthorised access to Systems and Lloyd’s Systems or Lloyd’s Information by default, and allow only explicitly authorised and authenticated access. The Supplier shall (and shall ensure that its Subcontractors shall) ensure that anti-virus and firewall protection systems are implemented in relation to both internal and external traffic and ensure that: • firewall platforms are hardened; • penetration tests of firewall protected network connections are conducted by trained personnel on a regular basis; • firewalls have real-time logging and alerting capabilities; • intrusion detection systems are implemented where Internet connections exist; • access lists are implemented on network routers to restrict access to sensitive internal networks or servers. Remote support access shall be controlled via a secure gateway that implements the following controls: • strong authentication (e.g. two-factor authentication); • access via a secure gateway (e.g. a firewall or the Azure portal); • remote support accounts only enabled for the duration of troubleshooting activity; • all troubleshooting activity is logged and reviewed. The Supplier shall seek prior written Lloyd’s approval to use any Supplier provider of remote support of Supplier systems. Any such approved Subcontractor shall be subject to a contract between the Supplier and such Subcontractor detailing security requirements in relation to such support, and that access granted to the Subcontractor in order to provide such support is given with minimum privileges and revoked on completion. The Supplier shall develop and implement an appropriate internet, email and acceptable use policy and ensure that appropriate controls are in place and documented to prevent unauthorised download of software or web content by Supplier (or Subcontractor) personnel. The Supplier shall ensure that utility programs capable of overriding system and application controls shall be restricted and tightly controlled. T...

Network security management. Overarching policies related to network infrastructure are described in the Oracle Network Security Policy and Oracle Server Security Policy. Oracle employs intrusion prevention and detection systems within the Oracle corporate networks to provide surveillance for intercepting and responding to security events as they are identified. Events are analyzed using signature and anomaly detection and Oracle updates the signature database frequently. Alerts are forwarded to Oracle's IT security for review and response to potential threats. Oracle uses router rules, access control and security lists and segmentation on the Oracle network. Oracle’s Global IT and Cloud DevOps departments manage and monitor routers and firewall logs and network devices are safeguarded via centralized authentication with audited usage.

Network security management. Describe the Supplier network security controls. Include controls relating to network service suppliers, how network service provision is monitored, network access controls, network segregation, visitor ac- cess etc. Describe any extra, or changed, controls for this contract.

Network security management. The data importer will ensure the protection of all data of the data exporter, including personal data, in its networks (and the networks of its service providers), and will ensure the protection of the supporting infrastructure. a. The data importer will maintain protection (including antivirus protection) against malicious code. b. Whenever access is performed through the Internet, communication should be encrypted through cryptographic protocols (TLS/SSL). c. Remote access to the IT system should in general be avoided. In cases where this is absolutely necessary, it should be performed only under the control and monitoring of a specific person from the organization (e.g., IT administrator/security officer) through pre-defined devices. d. Wireless access to the IT system should be allowed only for specific users and processes. It should be protected by encryption mechanisms. e. Traffic to and from the IT system should be monitored and controlled through Firewalls and Intrusion Detection Systems. f. Access to the IT system should be performed only by pre-authorized devices and terminal equipment using techniques such as MAC filtering or Network Access Control (NAC). g. Workstations used for the processing of personal data should preferably not be connected to the Internet unless security measures are in place to prevent unauthorized processing, copying and transfer of personal data on store. h. The network of the information system used to process personal data should be segregated from the other networks of the data importer.