psjenkins/ISMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
881b2bf2bcd7b1053d66f58e0fb522118a672f19
ISMS/01-policies/network-and-infrastructure-security-policy.md
Paul Jenkins 5eade2d99b Initial commit
2026-03-26 09:35:22 +00:00

2.4 KiB
Raw Blame History

Title: Network and Infrastructure Security Policy Document ID: [POL-NETINFRA-001] Version: 0.1 Draft Status: Draft Owner: CISO (Paul Jenkins) Approver: CEO (Paul Hague) Classification: Internal Effective date: [DD Month YYYY] Review date: [DD Month YYYY]

Network and Infrastructure Security Policy

Purpose

This policy defines BlackDice's expectations for securing networks, infrastructure components, and supporting platform services.

Scope

This policy applies to cloud networking, connectivity, infrastructure services, administrative access paths, supporting compute resources, and related management components within the ISMS scope.

Objectives

  • protect infrastructure and network pathways from unauthorised access or misuse
  • support segmentation, resilience, and controlled administration
  • reduce exposure from insecure configurations and unmanaged services

Principles / Policy Statements

Infrastructure and network services must be designed and operated according to approved security requirements.

Administrative interfaces and management paths must be restricted, monitored, and protected with stronger controls.

Network exposure should be minimised according to business need, and externally accessible services must receive appropriate protection and review.

Infrastructure security arrangements must consider cloud-native service patterns, container orchestration dependencies, and operator-facing deployment requirements where applicable.

Changes to network and infrastructure controls must be subject to defined assessment and approval.

Roles and Responsibilities

  • [Role] must define infrastructure and network security expectations.
  • Platform and infrastructure owners must maintain secure configurations and access controls.
  • Operational teams must monitor and manage infrastructure risks.

Compliance / Exceptions

Exceptions must be documented and approved where baseline infrastructure or network requirements cannot be met.

Monitoring and Review

This policy should be reviewed through configuration reviews, vulnerability management, incident analysis, and audit.

Related Documents

  • Information Security Policy
  • Cloud Security Policy
  • Secure Configuration Standard
  • Change Management Policy

Version Control

Version Date Description of Change Author
0.1 Draft [DD Month YYYY] Initial draft. [Name or Role]
Reference in New Issue View Git Blame Copy Permalink