Policies for Blanco Wireless
The fictitious company Blanco Wireless will serve as a platform to illustrate the stages and techniques of implementing policy monitoring. As part of account administration, Blanco must store sensitive information such as Social Security numbers and direct billing details. Due to the sensitive nature of such information, Blanco has developed several policies to protect itself and its customers’ data.
Policies
Blanco employs the following policies to maintain compliance with government regulations, safeguard its most sensitive data, and provide investigative support should any of the data be compromised. These are, of course, not exhaustive. Rather, they serve as illustrations for how to apply policy monitoring.
Data Protection Policy
In keeping with California law and Blanco Wireless’s commitment to customer privacy, employees are required to maintain strict confidentiality of all personally identifiable information (PII):
- Scope
This applies to all PII stored on production servers in the Blanco Wireless network.
- Configuration requirements
- Storage
PII must be encrypted in storage and transmitted only over encrypted network connections.
- Access
Databases containing PII must be accessed only via an approved method:
An application whose purpose is to broker such access.
An approved database management server. Direct database access via desktop programs such as TOAD is strictly prohibited.
- Database security
Databases storing PII must be configured according to Blanco Wireless’s ...
Get Security Monitoring now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
