{"id":4479,"date":"2023-04-19T13:54:11","date_gmt":"2023-04-19T13:54:11","guid":{"rendered":"http:\/\/asnet-multisite.local\/security-policy\/"},"modified":"2023-05-17T14:56:05","modified_gmt":"2023-05-17T14:56:05","slug":"security-policy","status":"publish","type":"page","link":"https:\/\/asnetla.com\/en\/security-policy\/","title":{"rendered":"SECURITY POLICY"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"4479\" class=\"elementor elementor-4479 elementor-4233\" data-elementor-post-type=\"page\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d12cd84 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d12cd84\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-85795fb\" data-id=\"85795fb\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6972c67 elementor-widget elementor-widget-heading\" data-id=\"6972c67\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">INFORMATION SECURITY AND CYBERSECURITY POLICY<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eddeca0 elementor-widget elementor-widget-text-editor\" data-id=\"eddeca0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><strong>SCOPE<br \/><\/strong>This policy applies to the entire Organization, its employees, contractors and third parties of <strong>AS-NET<\/strong>.<\/p>\n<p style=\"padding-left: 40px;\"><strong style=\"color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif; background-color: transparent; font-size: 1rem;\">DEFINITIONS<\/strong><\/p>\n<ul>\n<li><strong>Information asset: <\/strong>Anything that has value to the organization. It is also understood by any information or system related to the treatment of the same that has value for the organization. It is any asset that stores, processes or transmits information, which has a value and is necessary to carry out AS-NET&#8217;s mission and operational processes.<\/li>\n<li><strong>Cybersecurity.  <\/strong>AS-NET capabilities to defend against and anticipate cyber threats in order to protect and secure data, systems and applications in cyberspace that are essential to the entity&#8217;s operation.<\/li>\n<li><strong>Cyberspace.  <\/strong>Complex environment resulting from the interaction of people, software and services on the Internet through technological devices connected to this network, which does not exist in any physical form.<\/li>\n<li><strong>Cyberattack.  <\/strong>Organized or premeditated criminal action by one or more agents using or targeting cyberspace services or applications or where cyberspace is a source or tool for the commission of a crime.<\/li>\n<li><strong>Confidentiality.  <\/strong>Ownership of information that makes it unavailable or disclosed to unauthorized individuals, entities or processes.<\/li>\n<li><strong>Availability: <\/strong>Property of being accessible and usable on demand by an authorized entity.<\/li>\n<li><strong>Integrity.  <\/strong>Property of accuracy and completeness.<\/li>\n<li><strong>Social Engineering.  <\/strong>Social engineering involves manipulation to obtain sensitive information, such as personal or financial data. Therefore, social engineering can also be defined as a type of cybercrime.<\/li>\n<li><strong>Critical Information.  <\/strong>Critical information is information that is indispensable for the proper functioning of the organization and its operations. Critical information is the information that establishes the organization&#8217;s medium and long term benefits, as it will facilitate sales and service.<\/li>\n<li>  to the customer.<\/li>\n<li><strong>Valuable Information.  <\/strong>It is the information the organization needs to move forward. It has a highly subjective component and what is valuable information for one organization may not be so for another, as it depends on the activity and the sector.<\/li>\n<li><strong>Sensitive Information<\/strong>. Sensitive information in the sense that it is private information of the organization&#8217;s customers and, therefore, should only be accessible to the same authorized persons. Information security systems must ensure the protection of customer data.<\/li>\n<li><strong>Risk<\/strong>. Effect of uncertainty on objectives. <strong>ISMS<\/strong>. Information Security Management System<\/li>\n<li>&#8211; <strong>SIEM<\/strong>. Information system that provides real-time analysis of security alerts generated by applications, security devices and network elements. They are usually log centralization systems.<\/li>\n<\/ul>\n<p><strong> <\/strong><\/p>\n<p><strong>POLICIES<\/strong><\/p>\n<p>The address of <strong>AMERICAN SMART SYSTEMS &amp; NETWOKS <\/strong>(hereinafter referred to as <strong>AS-NET<\/strong>), understanding the importance of proper information management, is committed to the implementation of an Information Security Management System &#8211; ISMS based on NTC-ISO-IEC 27001:2013 and the PCI DSS standard, seeking to establish a framework of trust in the exercise of their duties with stakeholders, all framed in strict compliance with the laws and regulations, in accordance with the mission and vision of the Organization.<\/p>\n<p>The management of  <strong>AS-NET  <\/strong>also considers crucial the implementation of procedures for the protection of devices that are interconnected for the processing of digital information stored in cyberspace, so that cybersecurity will help the human and technical resources available for the processing of digital information stored in cyberspace.  <strong>AS-NET  <\/strong>to mitigate cyber attacks that may alter the organization&#8217;s mission and vision.<\/p>\n<p>For <strong>AS-NET<\/strong>The protection of information and the devices that contain it, aims to reduce the impact generated on its information assets by the risks identified systematically in order to maintain the integrity, confidentiality and availability of the same, in accordance with the needs of the different stakeholders identified. In accordance with the above, this policy applies to the entire organization, which includes its employees, third parties, trainees, interns, suppliers and interested parties in general, taking into account that the principles on which the development of the actions or decision making is based around the  <strong>ISMS <\/strong>will be determined by the following premises:<\/p>\n<ul>\n<li>Minimize risk in the Organization&#8217;s mission processes.<\/li>\n<li>Comply with the principles of information security and cybersecurity. &#8211; Maintain the trust of its customers, partners and collaborators.<\/li>\n<li>Support technological innovation.<\/li>\n<li>Protect information assets.<\/li>\n<li>Establish information security and cybersecurity policies, procedures, configuration standards and instructions.<\/li>\n<li>Strengthen the information security culture among <strong>AS-NET<\/strong>&#8216;s employees, third parties, trainees, interns and customers.<\/li>\n<li>Ensure business continuity in the event of incidents.<\/li>\n<li>Maintain an updated inventory of information assets, including the programs managed by the company.<\/li>\n<li>Classify the different threats in the environment according to the technological platforms managed in <strong>AS-NET <\/strong>.  <\/li>\n<\/ul>\n<p><strong>AS-NET <\/strong>has decided to define, implement, operate and continuously improve an Information Security Management System, supported by clear guidelines aligned to business needs and regulatory requirements.<\/p>\n<p>The following are 12 security principles that support <strong>AS-NET<\/strong>&#8216;s <strong>ISMS <\/strong>:<\/p>\n<ul>\n<li>The responsibilities regarding information security shall be known, understood, accepted and fulfilled by each of the collaborators, suppliers, strategic allies or third parties.<\/li>\n<li><strong>AS-NET <\/strong>shall protect the information generated, processed or safeguarded by the business processes, its technological infrastructure and information assets from the risk generated by access granted to third parties (e.g., suppliers or customers), or as a result of an internal outsourcing service.<\/li>\n<li><strong>AS-NET <\/strong>shall protect the information created, processed, transmitted or safeguarded by its business processes, in order to minimize financial, operational or legal impacts due to its incorrect use. To this end, it is essential to apply controls according to the classification of the information owned or in custody.<\/li>\n<li><strong>AS-NET <\/strong>will protect your information from threats originating from personnel.<\/li>\n<li><strong>AS-NET <\/strong>will control the operation of your business processes guaranteeing the security of your information assets.<\/li>\n<li><strong>AS-NET <\/strong>will implement access controls to information assets.<\/li>\n<li><strong>AS-NET <\/strong>will strive to make security an integral part of the information systems life cycle.<\/li>\n<li><strong>AS-NET <\/strong>will ensure through proper management of security events and weaknesses associated with information systems, an effective improvement of the ISMS.<\/li>\n<li><strong>AS-NET <\/strong>will ensure the availability of your business processes and the continuity of your operation based on the impact that incidents can generate.<\/li>\n<li><strong>AS-NET <\/strong>will comply with its legal, regulatory and contractual obligations.<\/li>\n<\/ul>\n<p><strong>3.1 INFORMATION SECURITY AND CYBERSECURITY OBJECTIVES  <\/strong><\/p>\n<ul>\n<li>Ensure compliance with the requirements that make up the information security management system.<\/li>\n<li><span style=\"background-color: transparent; color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif; font-weight: var( --e-global-typography-text-font-weight );\">Maintain the integrity and reserve the confidentiality of the information, ensuring its accuracy and completeness, and avoiding its deterioration.<\/span><\/li>\n<li><span style=\"background-color: transparent; color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif; font-weight: var( --e-global-typography-text-font-weight );\">Ensure the availability of information on all storage media and backup media for when it is required.<\/span><\/li>\n<li><span style=\"background-color: transparent; color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif; font-weight: var( --e-global-typography-text-font-weight );\">Identify risks and establish controls, limiting and preventing the consequences of different incidents, to ensure the immediate recovery of operations and minimize damage to the organization.<\/span><\/li>\n<li><span style=\"background-color: transparent; color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif; font-weight: var( --e-global-typography-text-font-weight );\">Continuously train and raise awareness among personnel on information security issues.<\/span><\/li>\n<li><span style=\"background-color: transparent; color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif; font-weight: var( --e-global-typography-text-font-weight );\">To guarantee the protection and security of the information provided to us by our clients for the development of projects.<\/span><\/li>\n<li><span style=\"background-color: transparent; color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif; font-weight: var( --e-global-typography-text-font-weight );\">Manage information security incidents, using the guidelines established by <\/span><strong style=\"background-color: transparent; color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif;\">AS-NET<\/strong><span style=\"background-color: transparent; color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif; font-weight: var( --e-global-typography-text-font-weight );\">.<\/span><\/li>\n<li><span style=\"background-color: transparent; color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif; font-weight: var( --e-global-typography-text-font-weight );\">Ensure business continuity, minimizing possible impacts to the services provided.<\/span><\/li>\n<li><span style=\"background-color: transparent; color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif; font-weight: var( --e-global-typography-text-font-weight );\">Protect information assets and manage vulnerabilities.<\/span><\/li>\n<li>Continuously improve the <strong>ISMS<\/strong>, reviewing its performance and effectiveness.<\/li>\n<li>Implement a monitoring system<strong>(SIEM<\/strong>) to obtain a follow-up alert in case of cyber-attacks.<\/li>\n<\/ul>\n<div> <\/div>\n<p><strong>3.2 LEVEL OF COMPLIANCE  <\/strong><\/p>\n<p>All employees, suppliers, strategic allies and third parties must comply with the policies described in this document and in all manuals, procedures and other documents that make up the ISMS.<\/p>\n<p>Failure to comply with this policy will result in the corresponding sanctions and in accordance with the provisions of document <strong>P-Disciplinary Procedure_GHP-04<\/strong>, internal work regulations or Colombian labor legislation in force.<\/p>\n<p><strong>3.3 POLICY REVIEW  <\/strong><\/p>\n<p>This policy is available to interested parties on the intranet of the company.  <strong>AS-NET  <\/strong>and on the WEB page, it will also be updated at least once a year or when significant changes occur in the internal or external context of the company.  <strong>AS-NET  <\/strong>or upon the occurrence of Information Security incidents that merit updating.<\/p>\n<p><span style=\"background-color: transparent; color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif;\">4. <\/span><strong style=\"background-color: transparent; color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif;\">REFERENCE DOCUMENTS<\/strong><\/p>\n<p><strong style=\"background-color: transparent; color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif;\">Procedure:<\/strong><\/p>\n<ul>\n<li>P-Disciplinary Proceedings_GHP-04<\/li>\n<\/ul>\n<p><strong>Standards:  <\/strong><\/p>\n<ul>\n<li><strong>PCI DSS 3.2.1 <\/strong>Data Security Standard. Safety assessment requirements and procedures.<\/li>\n<li><strong>ISO-IEC 27000:2014 <\/strong>Information Security Management Systems &#8211; Vocabulary<\/li>\n<li><strong>NTC-ISO-IEC 27001:2013 <\/strong>Information Technology. Security Techniques. Information Security Management Systems. Requirements<\/li>\n<\/ul>\n<ul>\n<li><strong>GTC-ISO-IEC 27002:2015.  <\/strong>Information Technology. Security Techniques, Code of Practice for Information Security Controls.<\/li>\n<\/ul>\n<ul>\n<li><strong>ISO\/IEC 27032:2012: <\/strong>Information technology &#8211; Security techniques &#8211; Guidelines for cybersecurity.<\/li>\n<\/ul>\n<ul>\n<li><strong>External Circular 007 of 2018.  <\/strong>Financial Superintendency of Colombia. Imparts instructions related to the minimum requirements for cybersecurity risk management.<\/li>\n<\/ul>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>INFORMATION SECURITY AND CYBERSECURITY POLICY SCOPEThis policy applies to the entire Organization, its employees, contractors and third parties of AS-NET. DEFINITIONS Information asset: Anything that has value to the organization. It is also understood by any information or system related to the treatment of the same that has value for the organization. It is any [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-4479","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/asnetla.com\/en\/wp-json\/wp\/v2\/pages\/4479","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/asnetla.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/asnetla.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/asnetla.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/asnetla.com\/en\/wp-json\/wp\/v2\/comments?post=4479"}],"version-history":[{"count":0,"href":"https:\/\/asnetla.com\/en\/wp-json\/wp\/v2\/pages\/4479\/revisions"}],"wp:attachment":[{"href":"https:\/\/asnetla.com\/en\/wp-json\/wp\/v2\/media?parent=4479"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}