Select Page

Security Policies

Security Policies

Bosworth et al (2009) stress the importance of formality that should be adopted when creating an ethics policy.  They emphasize that clear documentation, clear motivation, clear sanctions, and clear management support at every level, including the top, are all important pieces of an effective policy.  I work for a management consultancy firm in the Washington DC Metro area that works with many different types of government and commercial projects requiring different levels of security clearance and management of sensitive information.

An acceptable use policy would need to address access level restrictions in terms of both physical and virtual assets.  Physical access would involve access badges for appropriate sections of the facilities and specific key cards to gain access to government systems where needed.  The policy should enforce strict use of locking down laptop equipment, not leaving mobile equipment unattended such as company phones and tablets, and specific rules on travel with laptop equipment.  Virtual access or access to software specifically should address strict password policies, sharing of user credentials should be prohibited, vigilance in protecting personal user credentials, and appropriate locking of the operating system when not in use.  The acceptable use policy should also address unacceptable use such as illegal activities, hacking, probing systems or scanning, disabling virus protection or firewalls, installing unlicensed software to name a few.

An Internet policy should let the end users know that all activities are being monitored.  “In order to give staff members the feelings of autonomy and ownership, they need to know the rules.“  The policy should be very clear on what is acceptable and non-acceptable behavior online.  If there are specific rules for downloading of software, they should be clearly described in the policy.

References:

  1. Bosworth, S., Kabay, M.E., & Whyne, E. (2009).  Computer Security Handbook.  Volume 1.  Hoboken, NJ: John Wiley & Sons, Inc.
  2. Komando, K.  (2012).  Why you need a company policy on Internet use.  Microsoft Business.  Retrieved from: http://www.microsoft.com/business/en-us/resources/management/employee-relations/why-you-need-a-company-policy-on-internet-use.aspx?fbid=SOWHr6Z3mUe

Related Articles

Series Navigation<< Risks, Threats and VulnerabilitiesCost and Challenges with E-Government >>

About The Author

Ian Carnaghan

I am a software developer and online educator who likes to keep up with all the latest in technology. I also manage cloud infrastructure, continuous monitoring, DevOps processes, security, and continuous integration and deployment. In my spare time I teach undergraduate classes in web development.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.