Film & TV Production Security Guidelines
Total Page:16
File Type:pdf, Size:1020Kb
Film & TV Production Security Guidelines Developed and Maintained by CDSA’s Production Security Working Group www.CDSAonline.org Table of Contents 2.3.2 SEGREGATION OF ACCESS AND DUTIES...... 24 Table of Contents .............................................. 1 Duties..................................................................... 24 Access .................................................................... 24 INTRODUCTION ................................................ 5 2.3.3 CONTRACTORS AND THIRD-PARTY AUTHORS .................................................................... 6 PERSONNEL ACCESS .............................................. 25 On Premises (Offices, Locations, Stages) ............. 25 PURPOSE .................................................................... 6 Off Premises (Third Parties) ................................. 25 TARGET AUDIENCE ...................................................... 6 2.3.4 TEMPORARY (DAILY) PERSONNEL ACCESS .. 26 2.3.5 VISITOR SUPERVISION .................................. 26 ORGANIZATION .......................................................... 7 2.3.6 COURIERS AND SHIPPERS ............................ 26 THE SECURITY LAYERS.............................................. 7 III. PHYSICAL – BRICK & MORTAR – SECURITY .. 28 APPENDICES: SUMMARIES & REFERENCES ............ 8 KEY TO GUIDELINE FLAGS ........................................ 8 3.1 FACILITY SECURITY .............................................. 29 PERSONS RESPONSIBLE ...........................................8 3.1.1 IDENTIFY PERIMETERS ................................. 29 I. DEFINITIONS .................................................. 9 3.1.2 PERIMETER ................................................... 29 3.1.3 SHARED FACILITIES – RENTAL SPACES ........ 30 II. PEOPLE ....................................................... 15 3.1.4 SHARED FACILITIES – VENDORS .................. 31 2.1 INDIVIDUAL RESPONSIBILITY............................... 16 3.2 PHYSICAL SECURITY & SECURITY GUARDS .......... 31 2.1.1 SECURITY MANAGEMENT TEAM ................. 16 3.2.1 GUARD ASSIGNMENTS & AWARENESS ....... 31 2.1.2 ALL CREW AND CONTRACTORS ................... 17 3.2.2 GUARD PATROL PROCEDURES .................... 31 2.2 ENGAGING EMPLOYEES & CONTRACTORS .......... 18 3.2.3 GUARD AUTHORITY ...................................... 32 2.2.1 BACKGROUND CHECKS, REFERENCES & 3.2.4 GUARD KEYS AND ACCESS CODES ............... 32 CERTIFICATIONS ..................................................... 18 3.3 FACILITY AUTHORIZED ACCESS ........................... 33 Background Checks & References ....................... 18 Third Party Certifications & Warranties .............. 19 3.3.1 AUTHORIZED ACCESS CONTROL PROCEDURES ......................................................... 33 2.2.2 CONFIDENTIALITY ......................................... 19 Non-Disclosure Agreements ................................ 20 3.3.2 PHYSICAL ACCESS CONTROLS ...................... 33 Social Media Awareness ....................................... 20 3.3.3 ACCESS POINTS OF ENTRY – CHECK- 2.2.3 SECURITY REQUIREMENTS ........................... 20 IN/CHECK-OUT ....................................................... 34 2.2.4 SECURITY AWARENESS TRAINING ............... 21 3.3.4 PHYSICAL ACCESS LOGGING ........................ 34 2.2.5 DAILY HIRES AND EXTRAS MANAGEMENT .. 22 3.3.5 VISITOR ACCESS LOGS .................................. 35 2.2.6 EXIT PROCESS UPON COMPLETION OF 3.3.6 TEMPORARY HIRE ACCESS LOGS ................. 35 SERVICES OR TERMINATION.................................. 22 3.3.7 ELECTRONIC ACCESS (KEY-LESS) .................. 35 3.3.8 PHYSICAL KEY MANAGEMENT ..................... 36 2.3 ACCESS CONTROLS .............................................. 23 3.3.9 LOCK MAINTENANCE ................................... 37 2.3.1 IDENTIFICATION ............................................ 23 3.3.10 USE OF PORTABLE DIGITAL DEVICES WITHIN Enforcement of Identification Cards Use ............ 23 RESTRICTED AREAS ................................................ 37 Temporary & Visitor IDs ....................................... 23 CDSA-PSWG-FTVPSG 01-19 v1 1 3.4 LOCKED STORAGE AND SAFES ............................. 38 4.8 COMPANY COMMUNICATIONS .......................... 51 3.4.1 LOCK-UPS, VAULTS AND SAFES .................... 38 4.8.1 E-CORRESPONDENCE ................................... 51 3.4.2 SAFE SPECIFICATIONS ................................... 39 Email ...................................................................... 51 Instant Messaging ................................................. 52 IV. ASSET MANAGEMENT ................................ 40 4.8.2 COMMUNICATION DISTRIBUTION LISTS ..... 52 4.1 PSEUDONYMIZED SECURITY TITLE ....................... 41 4.9 SECURE ASSET & DATA DESTRUCTION ................ 53 4.1.1 USE OF ALIAS TEMPORARY TITLES ............... 41 4.9.1 DAMAGED STOCK CONTAINING CONTENT 53 4.2 HIGH VALUE/CONFIDENTIAL SECURITY 4.9.2 DESTRUCTION OF CONTENT ........................ 53 DESIGNATION ....................................................... 41 4.9.3 FINISHED ELEMENTS .................................... 54 4.9.4 STAGING FOR RECYCLING & DESTRUCTION 54 4.2.1 ASSET SECURITY DESIGNATION ................... 41 4.9.5 THIRD PARTY DESTRUCTION OF CONTENT . 55 4.3 INVENTORY POLICIES .......................................... 42 4.9.6 DESTRUCTION OF ASSETS LOGGING ........... 55 4.3.1 RECORDING CHAIN OF CUSTODY ................ 42 V. VIRTUAL – DATA – SECURITY ........................ 56 4.3.2 INVENTORY MAINTENANCE ......................... 43 4.3.3 INVENTORY PIPELINE & LOG ACCESS .......... 43 5.1 LOCAL AREA NETWORK (LAN), WIDE AREA NETWORK (WAN) AND INTEROFFICE CONNECTIONS 4.4 ASSET TRACKING ................................................. 44 ............................................................................. 57 4.4.1 LOGGING & TRACKING ................................. 44 5.1.1 NETWORK DIAGRAMS .................................. 57 4.4.2 DIGITAL ASSETS ON PORTABLE OR LOCAL 5.1.2 POINT-TO-POINT CONNECTIONS (DATA DEVICES (THEIR PHYSICAL FORM) ......................... 44 TRANSFER CHANNELS) .......................................... 57 4.5 PEOPLE ARE ASSETS ............................................ 45 5.2 FIREWALL AND SECURITY SERVICES .................... 58 4.5.1 SECURITY FOR THE TEAM ............................. 45 5.2.1 FIREWALL GUIDELINES ................................. 58 4.6 PHYSICAL ASSETS – SECURING, STORAGE, 5.2.2 FIREWALL MANAGEMENT ........................... 58 SHIPPING .............................................................. 46 5.2.3 SEGREGATION .............................................. 59 4.6.1 SHIPPING AND RECEIVING POLICIES ............ 46 5.2.4 EMAIL FILTERING .......................................... 59 4.6.2 SHIPPING PACKAGING .................................. 46 5.2.5 WEB FILTERING ............................................ 60 4.6.3 SHIPPING PACKAGE LABELING ..................... 46 5.2.6 DNS POLICIES ................................................ 60 4.6.4 STAGING AREA MONITORING ...................... 47 5.2.7 LAN SECURITY ............................................... 61 4.6.5 DAMAGES, LOSSES & DISCREPANCIES OF 5.2.8 SIMPLE NETWORK MANAGEMENT SHIPPED ASSETS ..................................................... 47 PROTOCOL (SNMP) ................................................ 61 4.6.6 COURIER AND SHIPPING RECEIPTS/LOGS ... 48 5.3 PRODUCTION NETWORKS ................................... 62 4.6.7 CLOSED OFFICE HOURS / OVERNIGHT DELIVERIES ............................................................. 48 5.3.1 PRODUCTION NETWORK RESTRICTIONS .... 62 4.6.8 PORTABLE AND LOCAL DEVICES & 5.3.2 INTERNET ACCESS RESTRICTIONS ............... 63 COMPUTERS ........................................................... 48 5.3.3 CONTENT TRANSFER NETWORK ................. 64 4.6.9 INVENTORY COUNT PROCEDURE ................ 49 5.3.4 DATA I/O (INBOUND/OUTBOUND) ACCESS 64 5.3.5 SWITCHING ................................................... 65 4.7 DIGITAL ASSETS ................................................... 50 5.3.6 DUAL-HOMING / BRIDGING SEGREGATED 4.7.1 DIGITAL ASSET MANAGEMENT (DAM) POLICY NETWORKS ............................................................ 65 ................................................................................ 50 5.4 WIRELESS NETWORKS ......................................... 65 4.7.2 DIGITAL ASSET COPIES .................................. 51 CDSA-PSWG-FTVPSG 01-19 v1 2 5.4.1 WIRELESS NETWORKS GENERAL.................. 65 5.9.1 SECURING COMPUTER AND MOBILE DEVICES 5.4.2 PRODUCTION WIRELESS NETWORKS .......... 66 ................................................................................ 77 Company provided devices .................................. 77 5.4.3 PRE-SHARED KEY (PSK) USAGE AND Managed employee owned devices: Bring Your AUTHENTICATION IN PRODUCTION WI-FI Own “BYOD”s ........................................................ 78 NETWORKS ............................................................. 67 Unsupervised BYODs (NOT RECOMMENDED) ..... 79 5.5 SHARED STORAGE, SAN AND NAS SERVERS ........ 67 5.9.2 COMPUTERS STORING 5.5.1 LOCAL DATA STORAGE - SAN / NAS SECURITY CONTENT/CONFIDENTIAL DATA ........................... 79 ................................................................................ 67 5.9.3 I/O DEVICES AND DATA TRANSFER PORTS 5.5.2 SEGREGATION OF STORAGE ........................ 68 (E.G. USB PORTS) ..................................................