Versions Compared

Version Old Version 4 New Version 5
Changes made by

David Garcia [DEISER] (Deactivated)

Leo Díaz Murillo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


 

About this document

This document describes the information security policy including, but not limited to, the following parts:

  • Integrity, confidentiality and availability of the information
  • Safeguarding of data, including:
    • provisions with respect to portable computers and media
    • provisions for the disposal of media
    • provisions for the disposal of equipment
  • Safeguarding of applications
  • Safeguarding of equipment
  • Safeguarding of networks
  • Threat of viruses
  • Threat of intrusion
  • Data classification system, categorizing data and the respective measures according to its importance

...


Definitions

The terms used in this document are the following:

...

NIDS: Network Intrusion Detection Systems (NIDS) are placed at a strategic point or points within the network to monitor traffic to and from all devices on the network. It performs an analysis of passing traffic on the entire subnet, and matches the traffic that is passed on the subnets to the library of known attacks. Once an attack is identified, or abnormal behavior is sensed, the alert can be sent to the administrator. An example of an NIDS would be installing it on the subnet where firewalls are located in order to see if someone is trying to break into the firewall. NID Systems are also capable of comparing signatures for similar packets to link and drop harmful detected packets which have a signature matching the records in the NIDS. 


Overview

Integrity, confidentiality and availability of the information

...

The plugins we provide in the Atlassian Marketplace are hosted in the cloud, specifically in DigitalOcean and Gooogle Cloud Platform. All the data hosted in their data centers is under our control. In addition, DigitalOcean has a code of practice for cloud privacy ISO/IIEC 27018, ISO27001 and SOC1/2/3 certified company. This adherence provides transparency about policies regarding the return, transfer, and deletion of personal information stored in their datacenters.

...

  • Public: Information that may or must be open to the general public. It is defined as information with no existing local, national, or international legal restrictions on access or usage. Public data is available to all Deiser employees and all individuals or entities external to the corporation.
  • Internal: Information that must be guarded due to proprietary, ethical, or privacy considerations and must be protected from unauthorized access, modification, transmission, storage or other use. This classification applies even though there may not be a civil statute requiring this protection. Internal Data is information that is restricted to personnel who have a legitimate reason to access it.
  • Confidential: Highly sensitive data intended for limited, specific use by a workgroup, department, or group of individuals with a legitimate need-to-know. Explicit authorization by the Data Administrator is required for access because of legal, contractual, privacy, or other constraints. Confidential data have a very high level of sensitivity.
  • Regulatory Data Classification: Information protected by statutes and regulations, and governed by a regulatory body or council regarding the investigation, response, reporting and handling of incidents. Regulatory Data is sensitive in nature, and access is restricted. Disclosure is limited to individuals on a need-to-know basis.