Security Policy

Security Policy

• Print

Template for Security Implementation at GIC Re

• GIC Re Website/Portal/Web Application has been placed in protected zones with the implementation of firewalls, IDS (Intrusion Detection System), and high-availability solutions.
• Before the launch of the GIC Re Website/Portal/Web Application, simulated penetration tests were conducted. Post-launch, penetration testing is conducted periodically.
• The GIC Re Website/Portal/Web Application underwent audits for known application-level vulnerabilities before the launch, and all identified vulnerabilities were addressed.
• Server hardening has been performed per the Cyber Security Division’s guidelines before launching the GIC Re Website/Portal/Web Application.
• Access to web servers hosting the GIC Re Website/Portal/Web Application is restricted both physically and through the network.
• Logs are maintained at different locations to record authorized physical access to the GIC Re Website/Portal/Web Application servers.
• Web servers hosting the GIC Re Website/Portal/Web Application are configured behind IDS, IPS (Intrusion Prevention System), and system firewalls.
• Development work is performed in a separate development environment and thoroughly tested on a staging server before deployment to the production server.
• Applications are uploaded to the production server using SSH and VPN through a single point after successful testing on the staging server.
• Content contributed from remote locations undergoes an authentication process and is not published directly on the production server. Content is moderated before final publication.
• All web page content is verified for malicious code before final upload to the web server.
• Audit logs and system activity logs are maintained and archived. Rejected accesses and services are logged and reviewed in exception reports.
• The Help Desk staff at GIC Re IT Monitoring Team monitors the GIC Re Website/Portal/Web Application at intervals to ensure pages are operational, unauthorized changes are absent, and no unauthorized links are established.
• System software patches, bug fixes, and upgrades are regularly reviewed and installed on production web servers.
• Internet browsing, email, and other desktop applications are disabled on production web servers. Only server administration tasks are permitted.
• Server passwords are changed every month and shared among administrators.
• <Insert Administrator Name(s)> are designated as administrators for the GIC Re Website/Portal/Web Application and are responsible for implementing this policy and coordinating with the audit team.
• After major modifications in application development, the GIC Re Website/Portal/Web Application is re-audited for application-level vulnerabilities.

Compliance Audit

The GIC Re Website/Portal/Web Application has been audited before launch and complies with all policies outlined by the Cyber Security Group.

The GIC Re Website/Portal/Web Application has also undergone automated risk assessment through vulnerability identification software both before and after launch, with all identified vulnerabilities addressed.