Network Security Policy

Purpose:

The purpose of this policy is to establish guidelines for securing the Pitaka network infrastructure, ensuring the confidentiality, integrity, and availability of data transmitted over the network, in compliance with applicable laws and regulations in the Philippines.

Scope:

This policy applies to all employees, contractors, and third-party users who access the Pitaka network and its associated systems and resources.

Policy

1. Network Access Control:

Access to the Pitaka network must be restricted to authorized users only. All users must authenticate using secure methods, such as PINs and Single Sign-On (SSO), before accessing the network. Network segmentation must be implemented to isolate sensitive data and critical systems from less secure areas of the network.

2. Firewalls and Intrusion Detection:

Firewalls must be deployed at network entry points to filter incoming and outgoing traffic based on security policies. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) must be implemented to monitor network traffic for suspicious activities and potential threats. Regular updates and patches must be applied to firewall and IDS/IPS systems to mitigate vulnerabilities.

3. Secure Configuration:

All network devices (routers, switches, etc.) must be securely configured to minimize vulnerabilities. Default passwords and settings must be changed to unique, strong passwords during initial setup. Unused services and ports must be disabled to reduce the attack surface.

4. Wireless Network Security:

Wireless networks must be secured using encryption protocols such as WPA3. SSIDs must be hidden, and access must be restricted to authorized devices only. Guest access must be isolated from the main network to prevent unauthorized access to sensitive data.

5. Data Encryption:

Sensitive data transmitted over the network must be encrypted using industry-standard encryption protocols (e.g., TLS, VPN). Encryption must be applied to both data in transit and data at rest to protect against unauthorized access and breaches.

6. Remote Access:

Remote access to the Pitaka network must be secured using Virtual Private Networks (VPN) or other secure tunneling protocols. All remote users must authenticate using strong methods and comply with the organization's security policies. Remote access sessions must be monitored and logged for security and compliance purposes.

7. Network Monitoring and Logging:

Continuous monitoring of network traffic must be conducted to detect anomalies and potential security incidents. Logs from network devices and security systems must be collected, reviewed, and retained as per the Logging and Monitoring Policy. Network security incidents must be reported immediately to the IT security team for investigation and remediation.

8. Incident Response:

A formal incident response plan must be established to address network security incidents promptly. The IT security team must conduct regular training and simulations to prepare for potential network security breaches. All incidents must be documented and analyzed to improve future responses and prevent recurrence.

9. Compliance with Legal and Regulatory Requirements:

This policy aligns with the Data Privacy Act of 2012, Cybercrime Prevention Act of 2012, and other relevant regulations in the Philippines. Regular audits must be conducted to ensure compliance with this policy and applicable laws.

10. Policy Enforcement:

Violations of this policy may result in disciplinary actions, including revocation of access, termination of employment, or legal consequences, depending on the severity of the violation. The IT security team is responsible for enforcing compliance with this policy and monitoring adherence to network security practices.