Web usage policy
If organisations allow users to access the web they should define the extent of access that is granted. This can be achieved through a web usage policy and education of users.
Security Control: 0258; Revision: 3; Updated: Aug-19; Applicability: O, P, S, TS
A web usage policy is developed and implemented.
Using web proxies
Web proxies are a key component in enforcing web usage policies and preventing cyber security incidents.
Security Control: 0260; Revision: 2; Updated: Sep-18; Applicability: O, P, S, TS
All web access, including that by internal servers, is conducted through a web proxy.
Web proxy authentication and logging
Thorough web proxy logs are a valuable asset when responding to cyber security incidents and user violation of web usage policies.
Security Control: 0261; Revision: 4; Updated: Sep-18; Applicability: O, P, S, TS
A web proxy authenticates users and provides logging that includes the following details about websites accessed:
- address (uniform resource locator)
- amount of data uploaded and downloaded
- internal and external IP addresses.