croc logo


Computer Users Manual, Ministry of Foreign Affairs and Cooperation, Democratic Republic of East Timor




Chapter I: Hardware and Software
Chapter II: Networks and Communications
Chapter III: Operating Systems
Chapter IV: Applications
Chapter V: Basic Coding and Programming
Chapter VI: Basic Systems Administration


Network Use Policy
Website Content and Design Policy
Physical and Data Security Policy
Computer, Account and Email Naming Policy
Computer Knowledge and Skills Evaluation

Ministry Hompage

Physical and Data Security Policy


Currently the Ministry of Foreign Affairs and Cooperation has no particular policy concerning the physical or data security, (both in regards to the servers and client machines) with the exception of those that have been introduced by the ICT Policy Advisor through the endorsed "Network Use Policy".

This is totally unacceptable for the Ministry of a nation-state and particularly this Ministry. We desperately need a policy that ensures the physical security of our computers, especially the server, that ensures data integrity and protects our data and systems from those not authorized to access it.

Several matters of implementation result from this document. The Ministry must ensure the security of the server room and install security frames for the windows and doors and an anti-mosquito device for the server room. The Ministry must ensure that cleaning staff clean the server room on a daily basis. The Technical Assistant must set user's default document storage to the File Server and begin data backups on a weekly basis. As ICT Policy Advisor, I will establish the permission settings on the File Server (intradivision can read, but not write, to division member files).

Purpose of the Document

The purpose of this document is to introduce a high level of physical and data security for the Ministry of Foreign Affairs and Cooperation that is appropriate for a nation-state. This is a minimal document with elaborations, but not contradictions, to be determined by system administrators.

Source Material

The material in this policy has been compiled from documentation from National Computer Security Association (United States), and the Network Working Group's RFC 2196 and 2504. Where the terms "must", "should", "must not", "should not" and "may" appear they indicate particular requirements and have the same meaning as these terms appear in the Network Working Group RFC 2119.

This paper uses and does not contract material in the Names Policy document and the Network Use Policy document of the Ministry of Foreign Affairs and Cooperation.

Preventative Maintenance

Harsh climatic conditions and budgetry constrains require preventative hardware and data protection as part of physical and data security. The biggest cause of hardware component damage, and resultant loss in date, is thermal expansion and contraction. This can be prevented by keeping computer systems at a constant temperature. However, budget constraints, power failures, fire risks and data access security mean that user systems cannot be left on at all times. Therefore network users should only turn their systems half and hour after they've been turned off (e.g., due to power failure) and they must be turned off when the user leaves the workplace for the day.

The server room must be cleaned daily. An anti-mosquito device must be installed and maintained in the server room. The air conditioners in the server must not be switched off. The server room must become physically secured from unauthorized entry (i.e, non-employees or non-contractual agents of the Ministry).

Smoking and the consumption of food and drink is prohibited near all computers.

Data Security The following principles are embodied as action in the Ministry's data security policy:
1) Any service that is not explicitly required by the Ministry will be disabled.
2) Passwords will be set, unique, complex and subject to regular change. Repitition of passwords is prohibited.
3) The System Administrator will apply freely distributable patches from the relevant vendor to the server within two days of their release.
4) User access will be set at the minimum required.
5) Domain trust will be limited to the minimum required.
6) Dial-up access to the server is prohibited.
7) Monitoring, logging and auditing services are enabled.
8) Distribution of passwords is expressly prohibited.
9) There will be only one user per account.

Data Backup Policy

All users must store their Ministry-related documents on the File Server.

The Technical Assistant for the Ministry of Foreign Affairs will be responsible for Ministry data backups and testing the data integrity of such backups. Data backups will occur on a weekly basis and will be stored off-site according to the responsibility of the Technical Assistant. The data backup must include the entirety of the File Server and Directory Services and System Event logs.

Breach of this Policy

This policy is non-negotiable. Breaches of this policy are breaches of national security and employment may be terminated as a result. Breaches must be reported to Information and Communications Technology Policy Advisor who will maintain a log of such events.

Ministry of Foreign Affairs and Cooperation, GPA Building #1, Ground Floor, Dili, East Timor

valid XHTML 1.0! valid CSS Level2! Level Triple-A conformance icon, W3C-WAI Web Content Accessibility Guidelines 1.0 Unicode encoded use any browser!

Website code and design by Lev Lafayette. Last update August 20, 2003