Ian Carnaghan

Security Policies

By Ian Carnaghan
In Cybersecurity
February 17, 2013
2 Min read
Add comment
S
  1. Challenges Policy Makers face to Counter Cybercrime
  2. Cybercrime vs Traditional Crime
  3. Risks, Threats and Vulnerabilities
  4. Security Policies
  5. Cost and Challenges with E-Government
  6. Cultural Values and Moral Legitimacy
  7. One audit standard fits all?
  8. Mobile Security
  9. Will the Mandiant Report Raise Public Awareness?
  10. Ethical vs Non-Ethical Hackers
  11. Motivation and Intent of Hackers
  12. Hacking as an Addiction
  13. Online Anonymity: Good or Bad?
  14. Identity Theft and Inexperienced Internet Users
  15. Regulation vs Innovation
  16. 3D Printing, Copyright and Legal Matters
  17. Software Piracy on an International Scale
  18. Workplace Monitoring and Blocking Software

Bosworth et al (2009) stress the importance of formality that should be adopted when creating an ethics policy.  They emphasize that clear documentation, clear motivation, clear sanctions, and clear management support at every level, including the top, are all important pieces of an effective policy.  I work for a management consultancy firm in the Washington DC Metro area that works with many different types of government and commercial projects requiring different levels of security clearance and management of sensitive information.

An acceptable use policy would need to address access level restrictions in terms of both physical and virtual assets.  Physical access would involve access badges for appropriate sections of the facilities and specific key cards to gain access to government systems where needed.  The policy should enforce strict use of locking down laptop equipment, not leaving mobile equipment unattended such as company phones and tablets, and specific rules on travel with laptop equipment.  Virtual access or access to software specifically should address strict password policies, sharing of user credentials should be prohibited, vigilance in protecting personal user credentials, and appropriate locking of the operating system when not in use.  The acceptable use policy should also address unacceptable use such as illegal activities, hacking, probing systems or scanning, disabling virus protection or firewalls, installing unlicensed software to name a few.

An Internet policy should let the end users know that all activities are being monitored.  “In order to give staff members the feelings of autonomy and ownership, they need to know the rules.“  The policy should be very clear on what is acceptable and non-acceptable behavior online.  If there are specific rules for downloading of software, they should be clearly described in the policy.

References:

  1. Bosworth, S., Kabay, M.E., & Whyne, E. (2009).  Computer Security Handbook.  Volume 1.  Hoboken, NJ: John Wiley & Sons, Inc.
  2. Komando, K.  (2012).  Why you need a company policy on Internet use.  Microsoft Business.  Retrieved from: http://www.microsoft.com/business/en-us/resources/management/employee-relations/why-you-need-a-company-policy-on-internet-use.aspx?fbid=SOWHr6Z3mUe
FacebookX

About the author

Ian Carnaghan

I am a software developer and online educator who likes to keep up with all the latest in technology. I also manage cloud infrastructure, continuous monitoring, DevOps processes, security, and continuous integration and deployment.

View all posts

Read more

Ian Carnaghan

About Author

Ian Carnaghan

I am a software developer and online educator who likes to keep up with all the latest in technology. I also manage cloud infrastructure, continuous monitoring, DevOps processes, security, and continuous integration and deployment.

Follow Me