Podcast
Questions and Answers
What must a machine comply with if VPN access cannot be used?
What must a machine comply with if VPN access cannot be used?
What should be done before providing remote access to system components by vendors?
What should be done before providing remote access to system components by vendors?
What is required before sending data from IndianOil servers to external servers?
What is required before sending data from IndianOil servers to external servers?
Which authority must approve network changes to infrastructure?
Which authority must approve network changes to infrastructure?
Signup and view all the answers
What type of connectivity can be provided if MPLS VPN is absent?
What type of connectivity can be provided if MPLS VPN is absent?
Signup and view all the answers
How should changes to network and infrastructure configurations be managed?
How should changes to network and infrastructure configurations be managed?
Signup and view all the answers
What is required for all servers and critical network equipment in terms of power supply?
What is required for all servers and critical network equipment in terms of power supply?
Signup and view all the answers
Who has the authority to approve network connectivity for business partners?
Who has the authority to approve network connectivity for business partners?
Signup and view all the answers
What must be done before creating a service email account for receiving legal notices?
What must be done before creating a service email account for receiving legal notices?
Signup and view all the answers
Which of the following statements about official email usage is correct?
Which of the following statements about official email usage is correct?
Signup and view all the answers
What happens after 5 unsuccessful login attempts on a user account?
What happens after 5 unsuccessful login attempts on a user account?
Signup and view all the answers
Which practice is explicitly prohibited concerning email usage?
Which practice is explicitly prohibited concerning email usage?
Signup and view all the answers
What must be done if an email redirection request to an outside domain is needed?
What must be done if an email redirection request to an outside domain is needed?
Signup and view all the answers
What type of email content is considered inappropriate?
What type of email content is considered inappropriate?
Signup and view all the answers
Which of the following is NOT a consequence of inappropriate email usage?
Which of the following is NOT a consequence of inappropriate email usage?
Signup and view all the answers
What should users avoid when using multi-factor authentication?
What should users avoid when using multi-factor authentication?
Signup and view all the answers
What is the primary role of the location-in-charge concerning IT equipment?
What is the primary role of the location-in-charge concerning IT equipment?
Signup and view all the answers
Which measure is NOT mentioned as a responsibility of location-in-charge?
Which measure is NOT mentioned as a responsibility of location-in-charge?
Signup and view all the answers
What must be maintained when equipment belonging to the Corporation is taken off-premises?
What must be maintained when equipment belonging to the Corporation is taken off-premises?
Signup and view all the answers
Who must approve the development of any new software or applications intended for enterprise-wide deployment?
Who must approve the development of any new software or applications intended for enterprise-wide deployment?
Signup and view all the answers
What is essential regarding the physical security of areas used for loading and unloading equipment?
What is essential regarding the physical security of areas used for loading and unloading equipment?
Signup and view all the answers
What should be included in the development of software applications?
What should be included in the development of software applications?
Signup and view all the answers
What type of power generators should be deployed to maintain necessary services during outages?
What type of power generators should be deployed to maintain necessary services during outages?
Signup and view all the answers
What is necessary for all equipment regarding coverage?
What is necessary for all equipment regarding coverage?
Signup and view all the answers
What responsibility do users have regarding their IT system accounts and passwords?
What responsibility do users have regarding their IT system accounts and passwords?
Signup and view all the answers
Under what condition can the IS Department deactivate a User's access?
Under what condition can the IS Department deactivate a User's access?
Signup and view all the answers
What is the primary purpose of monitoring and auditing the use of the corporate network?
What is the primary purpose of monitoring and auditing the use of the corporate network?
Signup and view all the answers
What can happen if a User fails to comply with the corporate IT policy?
What can happen if a User fails to comply with the corporate IT policy?
Signup and view all the answers
Which of the following is NOT a permitted use of IndianOil’s IT Resources?
Which of the following is NOT a permitted use of IndianOil’s IT Resources?
Signup and view all the answers
What must every User recognize regarding their activities on IT Resources?
What must every User recognize regarding their activities on IT Resources?
Signup and view all the answers
What is an important measure Users must take to protect their data?
What is an important measure Users must take to protect their data?
Signup and view all the answers
What should Users do if requested by the IS Department?
What should Users do if requested by the IS Department?
Signup and view all the answers
What requirement is stated regarding the use of passwords on devices accessing the corporate network?
What requirement is stated regarding the use of passwords on devices accessing the corporate network?
Signup and view all the answers
What should happen to a device if it remains idle for an extended period?
What should happen to a device if it remains idle for an extended period?
Signup and view all the answers
Which type of devices are strictly forbidden from accessing the corporate network?
Which type of devices are strictly forbidden from accessing the corporate network?
Signup and view all the answers
What is essential before integrating open-source technology with existing infrastructure?
What is essential before integrating open-source technology with existing infrastructure?
Signup and view all the answers
What should be done with open-source products that are currently in use?
What should be done with open-source products that are currently in use?
Signup and view all the answers
What is a requirement for new domain name registration?
What is a requirement for new domain name registration?
Signup and view all the answers
Which guidelines must be followed when hosting websites?
Which guidelines must be followed when hosting websites?
Signup and view all the answers
What should be conducted before a website becomes operational or after a major change?
What should be conducted before a website becomes operational or after a major change?
Signup and view all the answers
Study Notes
VPN Access Control
- Provisions must be established to manage network resource access via VPN, allowing or denying as necessary.
- If VPN is unavailable, devices must join IndianOil Active Directory (AD) and comply with IT requirements regarding Cyber Security and Software Compliance.
- Devices require necessary applications like Anti-Virus and Auto-Patching consistent with corporate machines.
Remote Access for Vendors
- Vendor access for support/maintenance is allowed only during necessary periods, which must be monitored.
- Access should be disabled immediately when not in use.
Data Transfer Protocol
- Transfer of data from IndianOil network to external servers requires prior approval and security assessments from responsible business heads.
Infrastructure Change Management
- Any changes to network configuration must be approved by the appropriate authority and documented formally.
Business Partner Connectivity
- Connectivity to business partners requires approval from department heads (Grade ‘H’ or above) and the Divisional IS head.
- Secured connectivity must be ensured; if MPLS VPN is not available, a temporary VPN with two-factor authentication may be used.
Electrical Security
- Critical network equipment must have conditioned power through Uninterruptible Power Supply (UPS).
- Security responsibilities include protecting user accounts and data backups.
User Responsibilities
- Users must maintain the security of their accounts and passwords and avoid sharing them.
- Users are responsible for backing up data on devices.
- Identification must be produced upon request by the IS Department.
IT Resource Usage
- The corporation reserves the right to access IT systems without user notification.
- Usage of IT resources is a privilege that requires responsible and efficient use.
- Personal use is permitted as long as it does not impact work performance or incur additional costs.
Application Development and Security
- Approval from COIS is necessary for any new application intended for enterprise or that requires additional resources.
- Applications must facilitate access from varied devices (e.g., mobile, tablets).
- Email communication must be conducted through official accounts only, ensuring security through protocols like multi-factor authentication.
Open-Source Technology
- Integration of open-source technology should be evaluated for security vulnerabilities.
- Open-source products must be kept updated and secured, with audits conducted periodically.
Web Hosting Guidelines
- Websites must be hosted on in-house or government-approved servers.
- New domain registration requires COIS approval, following guidelines for security audits and compliance.
Security Audits and Compliance
- Application security audits by CERT-In approved vendors are mandatory before operational deployment or after significant changes.
Equipment Security and Monitoring
- Data center facilities must have periodic tests and audits, with physical security controls in place to monitor equipment loading/unloading.
- Only authorized personnel can remove equipment from premises, ensuring proper documentation.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz covers the key provisions of the IndianOil IT Policy concerning VPN access control and compliance with cyber security standards. Participants will learn about necessary measures for network resource access and the implications of software compliance. Test your knowledge on these essential IT protocols.