30(a) Security Policy: Summary of the security policy for the proposed registry

Prototypical answer:

Summary of Security Policies
The policies established provides a comprehensive approach as highlight below, to identify and prevent unauthorized access, intrusion, loss of information and software error.
1. Physical Security
Physical security is provided by data center. Only authorized personnel are allowed to enter the premises of the data center. Below are standard policies set:
a) Data Center Access Policy
b) Equipment Policy
c) Site Visits Policy
2. Network Security
This layer protects all equipment in the network from hacker or malicious attack. Another layer of sniffer (IPS) is put in place as second layer of screening. Security alarm will be triggered if there are abnormal activities in the network. Standard policies applied:
a) Firewall Policy
b) Denial of Services Policy
c) System Monitoring Policy
3. Host Security
At the server level, governance policy is required to establish control over access to the servers and movement of servers. Below are the standard policies to achieve control over these parameters:
a) Server Access Policy
4. Application Security
Security is built within the applications running on the servers. The applications are built using the well known OWASP security policy
5. General
Other that the above policies, general policies below applied across the network, server, application and data center to ensure system and registrants are well protected:
a) Password Policy
b) Data Integrity Policy
c) System audit Policy
d) Security Patch Policy
e) Security Response Policy
f) Acceptable Use Policy
g) Registrar Agreement

Similar gTLD applications: (0)