Policies and Procedures
  • Kredit Policies and Procedures
  • Human Resources Policies
    • Background Screening Policy
    • Hiring Policy
    • Training Policy
  • Information Security Policies
    • Acceptable Use Policy
    • Access Control Policy
    • Anti-Virus & Malware Guidelines
    • Asset Inventory and Management Policy
    • Business Continuity and Disaster Recovery Plan
    • Data Governance & Classification Guidelines
    • End User Encryption Key & Storage Guidelines
    • Firewall Guidelines and Policy
    • Internal Use of Email Policy
    • Incident Response Plan
    • Information Security Policy
    • Password Construction & Security Policy
    • Password Protection Policy
    • System & Network Monitoring and Filtering Policy
    • Vulnerability and Threat Management Policy Policy
    • Large Language Model Policy
  • Operations Policies
    • Inquiry Handling Policy and Procedure
    • Operations Security Policy
  • Regulatory Policies
    • Anti-Money Laundering & Know Your Customer Screening Policy & Procedure
    • Electronic Fund Transfer Act, Regulation E, Nacha Operating Rules, & E-Sign Act Policy & Procedure
    • Electronic Communications Policy
    • Equal Credit Opportunity Act and UDAAP Policy & Procedure
    • Fair Credit Reporting Act Permissible Purpose Policy
    • Fraud Monitoring Policy
    • Gramm-Leach Bliley Act – Safeguards Rule Policy
    • Web Content Accessibility Guidelines Policy
  • Vendor Management Policies
    • Service Provider Oversight Policy
Powered by GitBook
On this page
  • SYSTEM & NETWORK MONITORING AND FILTERING POLICY
  • PURPOSE
  • SCOPE
  • POLICY
  • POLICY COMPLIANCE
  • CHANGE SUMMARY

Was this helpful?

Export as PDF
  1. Information Security Policies

System & Network Monitoring and Filtering Policy

SYSTEM & NETWORK MONITORING AND FILTERING POLICY

PURPOSE

The purpose of this policy is to define standards for systems that monitor and limit web use from any host within Kredit's network. These standards are designed to ensure employees use the Internet in a safe and responsible manner, and ensure that employee web use can be monitored or researched during an incident.

SCOPE

This policy applies to all Kredit employees, contractors, vendors and agents with a Kredit-owned or personally-owned computer or workstation connected to the Kredit network.

This policy applies to all end user initiated communications between Kredit’s network and the Internet, including web browsing, instant messaging, file transfer, file sharing, and other standard and proprietary protocols. Server to Server communications, such as SMTP traffic, backups, automated data transfers or database communications are excluded from this policy.

POLICY

WEBSITE MONITORING:

The Information Technology Department shall monitor Internet use from all computers and devices connected to the corporate network. For all traffic the monitoring system must record the source IP Address, the date, the time, the protocol, and the destination site or server. Where possible, the system should record the User ID of the person or account initiating the traffic. Internet Use records must be preserved for 180 days.

ACCESS TO WEBSITE MONITORING REPORTS

General trending and activity reports will be made available to any employee as needed upon request to the Information Technology Department. Computer Security Incident Response Team (CSIRT) members may access all reports and data if necessary to respond to a security incident. Internet Use reports that identify specific users, sites, teams, or devices will only be made available to associates outside the CSIRT upon written or email request to Information Systems from a Human Resources Representative.

INTERNET USE FILTERING SYSTEM

The Information Technology Department shall block access to Internet websites and protocols that are deemed inappropriate for Kredit’s corporate environment. The following protocols and categories of websites should be blocked:

  • Adult/Sexually Explicit Material

  • Advertisements & Pop-Ups

  • Chat and Instant Messaging

  • Gambling

  • Hacking

  • Illegal Drugs

  • Intimate Apparel and Swimwear

  • Peer to Peer File Sharing

  • Personals and Dating

  • Social Network Services

  • SPAM, Phishing and Fraud

  • Spyware

  • Tasteless and Offensive Content

  • Violence, Intolerance and Hate

  • Web Based Email

INTERNET USE FILTERING RULE CHANGES

The Information Technology Department shall periodically review and recommend changes to web and protocol filtering rules. Human Resources shall review these recommendations and decide if any changes are to be made. Changes to web and protocol filtering rules will be recorded in the Internet Use Monitoring and Filtering Policy.

INTERNET USE FILTERING EXCEPTIONS

If a site is mis-categorized, employees may request the site be un-blocked by submitting a ticket to the Information Technology help desk. An IT employee will review the request and un-block the site if it is mis categorized.

Employees may access blocked sites with permission if appropriate and necessary for business purposes. If an employee needs access to a site that is blocked and appropriately categorized, they must submit a request to their Human Resources representative. HR will present all approved exception requests to Information Technology in writing or by email. Information Technology will unblock that site or category for that associate only. Information Technology will track approved exceptions and report on them upon request

POLICY COMPLIANCE

COMPLIANCE MEASUREMENT

The Infosec team will verify compliance to this policy through various methods, including but not limited to, periodic walk-throughs, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner.

EXCEPTIONS

Any exception to the policy must be approved by the Infosec team in advance.

NON-COMPLIANCE

An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

CHANGE SUMMARY

Purpose: Internal Policy

Category: Information Security Policy

Policy Name: System & Networking Monitoring and Filtering Policy

Event
Event Date
Event By
Date Reviewed
Reviewed By
Version

Creation and Implementation

01/10/2022

Kenny Lai, CTO

01/10/2022

Dave Hanrahan, CEO

1.0

PreviousPassword Protection PolicyNextVulnerability and Threat Management Policy Policy

Last updated 2 years ago

Was this helpful?