Neon-komputadór

Website Content and Design Policy

Purpose

The Ministry of Foreign Affairs and Cooperation will have a website for a centralized, computer-mediated provision of public information for the international community and for the people of East Timor in an accessible format. The website should aim for the highest possible technical standards, accessibility, content and style.

Technical Policy

The website shall be hosted with the Uniform Resource Indicator of http://www.mfac.gov.tp and in the interests of international requests and bandwidth will be physically located with Connect Ireland, with the technical administrators of the country-code top-level domain (ccTLD), Martin Maguire.

The website shall comply with the latest version and standards of Extended Hypertext Markup Language (XHTML) as established by the World Wide Web Consortium (w3c) (http://www.w3c.org). All pages scripted by the Ministry of Foreign Affairs and Cooperation must be tested by the xhtml validator (http://validator.w3c.org). The ‘transitional’ version is used rather than ‘frameset’ or ‘strict’ for browsers that do not read cascading style sheets (CSS). In the interests of speed of access, the homepage of the website and alternate language homepages (http://www.mfac.gov.tp/index.html, indexp.html, indext.html or indexb.html) will be no more than 30K in size.

Any application scripts composed for the website shall be written in public open source code that complies with the Common Gateway Interface (cgi) (http://hoohoo.ncsa.uiuc.edu/cgi/overview.html and http://www.w3.org/CGI/).

Design Policy

The website shall be written in Portuguese, Tetun, English and Bahasa-Malay.

In addition to following XHTML technical standards all information on the website can viewed regardless of the browser used and will follow the “Viewable with Any Browser” style guide (http://www.anybrowser.org/campaign/abdesign.html)

With regards to accessible style, navigation, thematic style, layout, contrast, typography, images and multimedia the Ministry website shall use the Yale Website Style Design Guide (http://info.med.yale.edu/caim/manual).

Each information page (i.e, not including application scripts, linked documents and downloadable files) will contain the national logo as a homepage link, a validation graphic and link for XHTML compatibility, an Any Browser validation graphic and link, the name and email address of the maintainer and the physical address of the Ministry.

Each information page will contain links to the following pages: the Index page, the About page (Ministerial Structure), a Travel Information page, a Foreign Relations page, an Archive page and a Links page.

The About information page will contain links to pages for the Minister, the Vice-Ministers and each Division.

Content Policy

The Index Page will contain the opening paragraph to all press releases or Ministerial speeches and a link to the full document.

The pages for the Senior Minister and Vice-Ministers shall include a biography of each person, staff and contact details, links to staff job descriptions and speeches of the Ministers.

The pages for the Divisions shall include staff and contact details, Articles of Responsibility, links to staff job descriptions and activity statements of the Division.

The pages for Travel Information shall include general travel, visa, and residency content for foreigners visiting East Timor, special relations and benefits for any East Timorese traveling abroad. It shall also contain links to any travel warnings issues by the East Timorese government.

The page for Foreign Relations shall include content for Friendship Cities, International Treaties that East Timor is a signatory to and links to foreign relations policy statements.

The page for the Document Archive shall include the Constitution of East Timor, links to relevant laws to the Ministry published on official government websites, links to policy and activity statements of the Divisions of the Ministry, links to speeches of the Ministers and links to media releases of the Ministry.

The Links page shall provide contact information for the Ministries and Secretaries of State, Foreign Embassies, Missions and Consuls, Accredited Embassies, Missions and Consuls, International Organizations and Embassies, Missions and Consuls of East Timor.

Process and Responsibility Policy

The maintainer of the website will be, as per their job description, the IT Policy Advisor to the Ministry.

The maintainer of the website shall provide content changes to the Technical Administrator of the ccTLD on the 14th and 28th days of each month.

The Director of each Division shall be responsible for providing the required material (cf., content policy) to the maintainer for their page.

The Director of Public Affairs shall also be responsible for providing media releases, Ministerial biographies, Ministerial speeches to the maintainer.

The Directors of Bilateral Affairs shall also be responsible for providing embassy and consular contact information maintainer as well as relevant material for the foreign policy page to the maintainer.

The Director for Regional Affairs shall also be responsible for providing relevant material for the for the foreign relations page to the maintainer.

The Director of Multilateral Affairs shall be responsible for providing contact information for international organisations and relevant material for the foreign policy page to the maintainer.

The Director of Consular Affairs shall be responsible for providing content for the Travel Page and material for Friendship Cities on the Foreign Relations page.

Policy Version 1.0 Last update February 16, 2003

Physical and Data Security Policy

Background

Currently the Ministry of Foreign Affairs and Cooperation has no particular policy concerning the physical or data security, (both in regards to the servers and client machines) with the exception of those that have been introduced by the ICT Policy Advisor through the endorsed "Network Use Policy".

This is totally unacceptable for the Ministry of a nation-state and particularly this Ministry. We desperately need a policy that ensures the physical security of our computers, especially the server, that ensures data integrity and protects our data and systems from those not authorized to access it.

Several matters of implementation result from this document. The Ministry must ensure the security of the server room and install security frames for the windows and doors and an anti-mosquito device for the server room. The Ministry must ensure that cleaning staff clean the server room on a daily basis. The Technical Assistant must set user's default document storage to the File Server and begin data backups on a weekly basis. As ICT Policy Advisor, I will establish the permission settings on the File Server (intradivision can read, but not write, to division member files).

Purpose of the Document

The purpose of this document is to introduce a high level of physical and data security for the Ministry of Foreign Affairs and Cooperation that is appropriate for a nation-state. This is a minimal document with elaborations, but not contradictions, to be determined by system administrators.

Source Material

The material in this policy has been compiled from documentation from National Computer Security Association (United States), and the Network Working Group's RFC 2196 and 2504. Where the terms "must", "should", "must not", "should not" and "may" appear they indicate particular requirements and have the same meaning as these terms appear in the Network Working Group RFC 2119.

This paper uses and does not contract material in the Names Policy document and the Network Use Policy document of the Ministry of Foreign Affairs and Cooperation.

Preventative Maintenance

Harsh climatic conditions and budgetry constrains require preventative hardware and data protection as part of physical and data security. The biggest cause of hardware component damage, and resultant loss in date, is thermal expansion and contraction. This can be prevented by keeping computer systems at a constant temperature. However, budget constraints, power failures, fire risks and data access security mean that user systems cannot be left on at all times. Therefore network users should only turn their systems half and hour after they've been turned off (e.g., due to power failure) and they must be turned off when the user leaves the workplace for the day.

The server room must be cleaned daily. An anti-mosquito device must be installed and maintained in the server room. The air conditioners in the server must not be switched off. The server room must become physically secured from unauthorized entry (i.e, non-employees or non-contractual agents of the Ministry).

Smoking and the consumption of food and drink is prohibited near all computers.

Data Security

The following principles are embodied as action in the Ministry's data security policy:
1) Any service that is not explicitly required by the Ministry will be disabled.
2) Passwords will be set, unique, complex and subject to regular change. Repitition of passwords is prohibited.
3) The System Administrator will apply freely distributable patches from the relevant vendor to the server within two days of their release.
4) User access will be set at the minimum required.
5) Domain trust will be limited to the minimum required.
6) Dial-up access to the server is prohibited.
7) Monitoring, logging and auditing services are enabled.
8) Distribution of passwords is expressly prohibited.
9) There will be only one user per account.

Data Backup Policy

All users must store their Ministry-related documents on the File Server.

The Technical Assistant for the Ministry of Foreign Affairs will be responsible for Ministry data backups and testing the data integrity of such backups. Data backups will occur on a weekly basis and will be stored off-site according to the responsibility of the Technical Assistant. The data backup must include the entirety of the File Server and Directory Services and System Event logs.

Breach of this Policy

This policy is non-negotiable. Breaches of this policy are breaches of national security and employment may be terminated as a result. Breaches must be reported to Information and Communications Technology Policy Advisor who will maintain a log of such events.