Web Application Security Policy

1. Scope and Objectives

1.1 Definition: This policy governs the security practices and measures implemented within medd.com.au’s web applications. It includes all components, technologies, and personnel associated with the web application infrastructure. 1.2 Objectives: The primary goals of this policy are to:
  • Protect sensitive data and information.
  • Mitigate the risk of unauthorized access and data breaches.
  • Ensure the availability, integrity, and confidentiality of web applications.
  • Comply with relevant regulatory requirements.

2. Roles and Responsibilities

2.1 Application Security Team:
  • The Application Security Team is responsible for implementing and maintaining security measures for web applications.
  • Conduct regular security assessments and audits.
2.2 Development Team:
  • Develop secure code following best practices.
  • Participate in security training programs.
2.3 IT Operations Team:
  • Ensure secure deployment and configuration of web application infrastructure.
  • Monitor and respond to security incidents promptly.
2.4 Management:
  • Provide resources and support for security initiatives.
  • Approve security policies and standards.

3. Standards and Procedures

3.1 Encryption Standards:
  • All data transmitted over the network must be encrypted using industry-standard protocols.
3.2 Authentication Mechanisms:
  • Implement multi-factor authentication for access to sensitive systems.
  • Regularly review and update user access privileges.
3.3 Code Development:
  • Follow secure coding practices.
  • Conduct regular code reviews and static code analysis.
3.4 Application Backups:
  • Perform regular backups of web applications to ensure data integrity and availability.
  • Store backups in secure, offsite locations.
  • Test backup restoration procedures periodically to verify their effectiveness.
3.5 Web Application Firewall (WAF):
  • Deploy a Web Application Firewall to monitor, filter, and block malicious traffic.
  • Regularly update WAF rules and configurations to adapt to emerging threats.
3.6 Enforcing Strong Passwords:
  • Enforce the use of strong passwords for all user accounts.
  • Implement password policies, including regular password updates.
3.7 Control of Data Access:
  • Define and enforce access controls based on the principle of least privilege.
  • Regularly review and update user access rights to align with job responsibilities.
  • Monitor and audit data access to detect and respond to unauthorized activities.
3.8 Control of Stored Data:
  • All web applications hosted on Australian servers.
  • Data is only used to complete the web application functionality.
  • Certified third-party applications are used to process financial and/or identification data.

4. Incident Response Plan

4.1 Detection:
  • Implement monitoring systems to detect potential security incidents.
  • Establish anomaly detection mechanisms.
4.2 Response:
  • Designate a response team to investigate and mitigate security incidents.
  • Communicate with stakeholders and regulatory bodies as necessary.
4.3 Recovery:
  • Develop a recovery plan to restore systems to normal operation.
  • Conduct post-incident analysis and implement improvements.

5. Review and Updates

5.1 Regular Assessments:
  • Conduct regular security assessments and audits of web applications.
  • Identify and address emerging threats.
5.2 Policy Updates:
  • Review and update the web application security policy annually or as needed.
  • Ensure alignment with changes in technology and organizational structure.
>

We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By using MEDD, you consent to our use of cookies. To find out more about the cookies we use, please see our Privacy Policy