- Challenges Policy Makers face to Counter Cybercrime
- Cybercrime vs Traditional Crime
- Risks, Threats and Vulnerabilities
- Security Policies
- Cost and Challenges with E-Government
- Cultural Values and Moral Legitimacy
- One audit standard fits all?
- Mobile Security
- Will the Mandiant Report Raise Public Awareness?
- Ethical vs Non-Ethical Hackers
- Motivation and Intent of Hackers
- Hacking as an Addiction
- Online Anonymity: Good or Bad?
- Identity Theft and Inexperienced Internet Users
- Regulation vs Innovation
- 3D Printing, Copyright and Legal Matters
- Software Piracy on an International Scale
- Workplace Monitoring and Blocking Software
Bosworth et al (2009) stress the importance of formality that should be adopted when creating an ethics policy. They emphasize that clear documentation, clear motivation, clear sanctions, and clear management support at every level, including the top, are all important pieces of an effective policy. I work for a management consultancy firm in the Washington DC Metro area that works with many different types of government and commercial projects requiring different levels of security clearance and management of sensitive information.
An acceptable use policy would need to address access level restrictions in terms of both physical and virtual assets. Physical access would involve access badges for appropriate sections of the facilities and specific key cards to gain access to government systems where needed. The policy should enforce strict use of locking down laptop equipment, not leaving mobile equipment unattended such as company phones and tablets, and specific rules on travel with laptop equipment. Virtual access or access to software specifically should address strict password policies, sharing of user credentials should be prohibited, vigilance in protecting personal user credentials, and appropriate locking of the operating system when not in use. The acceptable use policy should also address unacceptable use such as illegal activities, hacking, probing systems or scanning, disabling virus protection or firewalls, installing unlicensed software to name a few.
An Internet policy should let the end users know that all activities are being monitored. “In order to give staff members the feelings of autonomy and ownership, they need to know the rules.“ The policy should be very clear on what is acceptable and non-acceptable behavior online. If there are specific rules for downloading of software, they should be clearly described in the policy.
- Bosworth, S., Kabay, M.E., & Whyne, E. (2009). Computer Security Handbook. Volume 1. Hoboken, NJ: John Wiley & Sons, Inc.
- Komando, K. (2012). Why you need a company policy on Internet use. Microsoft Business. Retrieved from: http://www.microsoft.com/business/en-us/resources/management/employee-relations/why-you-need-a-company-policy-on-internet-use.aspx?fbid=SOWHr6Z3mUe
Image Credits: Photo by Isis França on Unsplash.