Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Where possible boundary protection systems will be configured to protect against<br />
or limit the effects <strong>of</strong> all denial <strong>of</strong> service attacks.<br />
Boundary protection systems are to be deployed internally to create zones <strong>of</strong><br />
security within the network for network segments that host information systems<br />
that are deemed to be <strong>of</strong> a critical or sensitive nature. These zones will be used<br />
wherever segmented networks are deployed.<br />
B. Malware Protection Systems<br />
All information systems and components <strong>of</strong> information systems will be protected<br />
by malware protection systems where such solutions exist for the information<br />
system or information system component. At a minimum malware protection will<br />
be performed at the network boundary, on e-mail and other communications<br />
systems, and on all workstations, servers and other endpoints.<br />
The malware protection system must be centrally managed and must have the<br />
ability to perform automated updates to all protected information systems and<br />
information system components.<br />
By definition, malware includes viruses, worms, spyware, adware, Trojan Horses<br />
and any other unwanted and deleterious s<strong>of</strong>tware that may be installed on an<br />
information system component element as well as spam and other unsolicited<br />
communications.<br />
C. Monitoring and Intrusion Prevention Systems<br />
Each boundary (Internet) network access point will be protected by monitoring<br />
and/or intrusion prevention systems that monitor events, detect attacks and<br />
provide identification <strong>of</strong> unauthorized information system use. These systems will<br />
be configured to monitor both inbound and outbound communications.<br />
Monitoring and intrusion prevention systems may also be deployed internally to<br />
create zones <strong>of</strong> security within the network.<br />
5.3 Data/Media Protection<br />
The State <strong>of</strong> Kansas requires that all privileged information, whether stored in system<br />
or out <strong>of</strong> system (via information media) be protected by data and media protection<br />
mechanisms to ensure the highest levels <strong>of</strong> confidentiality, integrity and availability.<br />
Non-privileged information will be protected to ensure the highest levels <strong>of</strong> integrity<br />
and availability.<br />
Data and media protection mechanisms allow information to be provided a greater<br />
level <strong>of</strong> security than can be achieved with system based protection mechanisms<br />
alone. Without data and media protection mechanisms the potential exists that the<br />
State’s information assets could be exposed to an unnecessarily high level <strong>of</strong> risk,<br />
particularly in circumstances where that information is taken out <strong>of</strong> the information<br />
system.<br />
18