Information Security Policy
Information Security Policy:
Information is one of the most important elements of business management at the Central Bank of Libya. Information systems, databases, and communication networks of the world have become the basis for the banking sector from the industrial age to the new current age of technology. Information security is at the core of the Central Bank which plays an important role in the protection of assets, interests and information. Initiated by the Governor of the Central Bank of Libya in 2008, the CBL has adopted a plan based on international standards to upgrade the protection of privacy information and assets using technical and human resources.
The terms of the security plan consists of the following:
- To determine the responsibilities and duties towards information security concerning employees, managers, and contractors.
- Classification of the assets of the bank and determine the required levels of protection using international standards. Item No.
- Upgrade security access to bank facilities: Implement additional security protocols of entry and access to bank facilities, including sensitive equipment, information systems and databases.
- Password Management: The establishment of the passwords and other security related responsibilities.
- Physical and environmental security: Identifying facilities to protect and prevent unauthorized access, information theft, equipment theft and disruption of work or eavesdropping. Also, protecting infrastructure equipment such as fire equipment and air conditioners.
- E-Mail Security: The establishment of protocols to protect E-mails and databases. Email is the largest distributor of viruses and spam which needs mechanisms and procedures to make sure data is not corrupted or stolen. Item No.
- Personal security: Introduction of mechanisms to reduce human error, theft, embezzlement and corruption.
- Upgrade Encryption: To upgrade and maintain the confidentiality, creditability, and integrity of the information using the latest encryption software.
- Remote Access: Establishment of security precautions and mechanisms to be taken to prevent access to the bank’s internal network using remote access.
- Systems development and maintenance: Analyze, maintain and upgrade the current system in place to ensure building security. The mechanisms focus on peacekeeping, security, encryption, data and configuration.
- Antivirus: Analyze the procedures and software for anti-virus and anti-spam software.
- Backup: Establish procedures to backup copies of data, storage media and information security.
- Incident Response: Procedure to learn, monitor and reduce time of security breaches and breakdowns in the system operations to reduce direct or indirect damage to the CBL and the public.
- Security of networks and facilities: Protect networks from eavesdropping, spying, theft, disruption, and unwanted modification.
- Continuity of workflow management: Protection of sensitive business tasks and information in the event of a crisis or disaster such as fires or earthquakes.
- Security of wireless communications: Emphasis on proper mobile network encryption.
- Network Security Monitoring: Allow limited access to the information network through the development of a separate network to the public. This network is separated from the internal network to help protect it from malicious attacks.