Watch videos with subtitles in your language, upload your videos, create your own subtitles! Click here to learn more on "how to Dotsub"


0 (0 Likes / 0 Dislikes)
Introduction to Information Security Policy 60, Access Control Policy Access to classified information must be controlled so that only authorized personnel have access in accordance with Information Security Policy. As such, I.S.P.O.L 60 provides access control expectations within Intel for protecting the confidentiality, integrity, and availability of Intel systems, infrastructure, and information assets. Access must be controlled through managed processes that address authorization, authentication, accountability, modifying and revoking access, and periodic review of access to information. Logical access to Intel systems and information assets must be granted in a controlled manner based on need-to-know and least privilege principles. Access control mechanisms must support the management of information system accounts, separation of duties (SoD), least privilege, limit of invalid access attempts, and information flow. Every user account must have a unique user ID and password for access to Intel systems and data. This reasonably assures that multi-user systems and networks have access control mechanisms that can uniquely identify and restrict the privileges of each user account. Types of accounts and supporting policy details cover Individual, Communal, Service, and Test accounts. Your access management responsibilities are described for many forms of access in Policy 60. These responsibilities include facilitating 3rd parties and Remote Access, as well as approving, granting and revoking user access. A large portion of Policy 60 describes management of Privileged Account access, including management tools, restrictions, and review cycles. It also includes a framework for a formal authorization process for allocation of Privileged Account access rights. Additional Privileged Account policy statements cover authorizing access, use, and limits. Policy 60 establishes a retention period of one rolling year to all System Administrator user access records. Authentication information must be protected from unauthorized disclosure and discovery. To that end, password policy is also discussed in Policy 60. Intel system administrators are responsible for implementing Intel’s password policies in these overall areas: configuration of the systems for which they set, monitor, and/or enforce user password policies, business process compliance on these systems, and their own password-related conduct. Policy 60 outlines the high-level controls that need to be in place to safeguard logical access to and from the Intel network, to safeguard it from malicious intrusion. It defines the system administrator’s responsibility to configure internal network devices to comply with policy requirements, with the goal of preventing unauthorized access to and from related devices. Like network access, policy 60 also describes the requirement to restrict access to information and application system functions. Physical access is also addressed, requiring that it be granted in a controlled manner based on need to know and least privilege in accordance with information security and physical security policy. In summary, Information Security Policy 60 establishes that access must be controlled through managed processes to provide reasonable assurance of access control. This and other updated Information Security Policies, supporting documents, and our improved policy portal should make it easier for you to locate and understand our corporate information security requirements. They can be found on our corporate policy repository, Policy Central. Visit goto/InfoSecPolicies to learn more or ask questions. Thank you for your help to keep Intel secure!

Video Details

Duration: 4 minutes and 20 seconds
Language: English
License: Dotsub - Standard License
Genre: None
Views: 1
Posted by: mikediamond on Jun 12, 2018

Caption and Translate

    Sign In/Register for Dotsub to translate this video.