ToolBoxSource.com Security Policy

We know security is a concern to you, and our approach will help give you a greater peace of mind. A security policy is what it means to be secure for a system, organization or other entity. For an organization like ours, it addresses the constraints on behavior of its regular ethical visitors, as well as constraints imposed on adversaries like hackers and Internet thieves. For systems, our security policy addresses constraints on functions and flow among them, constraints on access by external systems and adversaries including programs and access to data by people.

Because ToolBoxSource.com's security policy is a high level definition of secure consistent behavior, it is meaningless to claim an entity is "secure" without knowing what "secure" means. The bottom line is simple - what is shared with our company, stays in our company through multiple secure levels.

At ToolBoxSource.com, our security policy is broken down in the following sections:

VIRUS PREVENTION POLICY

The willful introduction of computer viruses or disruptive/destructive programs into ToolBoxSource.com's environment is prohibited, and violators may be subject to prosecution. All desktop systems that connect to ToolBoxSource.com network must be protected with an approved, licensed anti-virus software product that it is kept updated according to the vendor's recommendations. All servers and workstations that connect to the network and that are vulnerable to virus or worm attack must be protected with an approved, licensed anti-virus software product that it is kept updated according to the vendor's recommendations. Headers of all incoming data including electronic mail must be scanned for viruses by the email server where such products exist and are financially feasible to implement. Outgoing electronic mail should be scanned where such capabilities exist. Where feasible, system or network administrators should inform users when a virus has been detected. Virus scanning logs must be maintained whenever email is centrally scanned for viruses.

INTRUSION DETECTION POLICY

Intruder detection must be implemented on all servers and workstations containing data classified as high risk. Operating system and application software logging processes must be enabled on all host and server systems. Where possible, alarm and alert functions, as well as logging and monitoring systems must be enabled. Server, firewall, and critical system logs should be reviewed frequently. Where possible, automated review should be enabled and alerts should be transmitted to the administrator when a serious security intrusion is detected. Intrusion tools should be installed where appropriate and checked on a regular basis.

INTERNET SECURITY POLICY

All connections to the Internet must go through a properly secured connection point to ensure ToolBoxSource.com's network is protected when the data is classified high risk. All connections to the Internet should go through a properly secured connection point to ensure the network is protected when the data is classified confidential.

SYSTEM SECURITY POLICY

All systems connected to the Internet should have a supported version of the operating system installed. All systems connected to the Internet must be current with security patches. System integrity checks of host and server systems housing high risk ToolBoxSource.com data should be performed.

ACCEPTABLE USE POLICY

ToolBoxSource.com must have a policy on appropriate and acceptable use that includes these requirements: ToolBoxSource.com computer resources must be used in a manner that complies with OCG, Inc. policies and State and Federal laws and regulations. It is against ToolBoxSource.com policy to install or run software requiring a license on any ToolBoxSource.com computer without a valid license. Use of the ToolBoxSource.com's computing and networking infrastructure by ToolBoxSource.com employees unrelated to their positions must be limited in both time and resources and must not interfere in any way with ToolBoxSource.com functions or the employee's duties. Use of ToolBoxSource.com resources for personal profit is not permitted except as addressed under other OCG, Inc. policies. Decryption of external or internal passwords is not permitted, except by authorized staff performing security reviews or investigations. Use of network sniffers shall be restricted to system administrators who must use such tools to solve network problems. Auditors or security officers in the performance of their duties may also use them. They must not be used to monitor or track any individual's network activity except under special authorization as defined by campus policy that protects the privacy of information in electronic form.