The ARNO Security Policy for this Web Site

ARNO Members are requested to comply with the following policy and their duty to other Members.

Members will be aware that security always costs time and effort to establish and also needs constant monitoring. This security policy is intended to limit exposure and risk and is the basis for applying appropriate security to the ARNO Members Only Web Site. It is not intended to be too onerous – any questions to the Secretary.

This Security Policy addresses the following key aspects:

• Security Awareness
• Access Control and Monitoring
• Routine Backups
• Password Management
• Mobile Security
• Physical Security

1. Security Awareness
ARNO members are requested to be security aware and ensure that their close family – advice and guidance are provided on this web site – please contact the Secretary is your require help regarding the security of your computer or for more information.

2. Access Control and Monitoring
Be sure you to only inform people about the ARNO Members Only Web Site on a ‘need to know’ basis. If your computer is used by others (say family members) then be sure that you know who, when, why, and how they are accessing your system. Do not leave your computer unattended once you have logged on to the ARNO Members Only Web Site – log off before if not actually using.

3. Routine Backups
It is good practise to routinely back up all systems, store backups in a separate place, and test the backups.

4. Password Management
To maintain maximum security, please use the following guidelines:
• Change your password regularly – if you make regular changes to your entry then we recommend once a month (for others once every 6 months or so) – there is an option in the Member Update section to do this.
• Do not choose easily to guess words. i.e. your name, or organisational name
• Use a mix of letters and numbers.
• Avoid storing your passwords on your computer
• Ensure that your PC cannot be observed through an external window
• Avoid using the same password to access more than one system
• Do not tell others your ARNO Password or Membership Number

5. Mobile Security
Encrypt all data on laptops if leaving secure premises or your home. Do not keep information from the ARNO Membership List on your laptop. Avoid logging onto the Membership List via your mobile phone linked to your laptop. Secure your laptop with something like a wire strop if leaving it unattended. Ensure that your screen display ‘times out’ after 2 minutes and is password protected.

6. Physical Security
Physically secure all laptops, desktops, servers, and peripherals when not in use. Avoid storing copies of the Membership List on Floppy Disk or other media – if need to keep locked up when not in use.