Acceptable
Usage Policy
These policies govern how an organization's resources may
be used and includes an employee's responsibility for security.
Some of the areas covered by the acceptable usage policy
will include:
Expectations of Conduct for Accessing
the Internet - This includes inappropriate web sites,
content of email, chat, and file transfer. This includes messages
originating form the employee that utilize company resources.
Copyright Protection - This
includes unlicensed software, music, video, and other types
of copyrighted material. These statements can reduce liability
risks to an organization and can reduce the possibility of
trojan horses and malware.
Employee Security Testing
- This includes password crackers, sniffers, port scanners,
port redirection, firewall configuration utilities, anti-intrusion
detection programs, DNS tools, remote control programs, vulnerability
scanners, and SNMP managers and discovery tools. Most of these
tools have legitimate uses for authorized personnel, but most
of these programs are not appropriate for individual employees.
Network Services - Use of
networks services and resources should be in a prescribe manner,
according to standards. Additionally, web services, email,
Internet access, and other networks services should be centrally
controlled. Unauthorized network servers often introduce security
vulnerabilities into an environment. Without official oversight
and review these resources represent risk to the organization
and unnecessary liabilities.
Employee Monitoring - If
the organization monitors employee phone usage, Internet access,
and customer interaction then it should be stated. Expectations
need to be communicated and training provided.
Other areas include:
Equipment care and handling
Virus Protection
Home workers and telecommuters
Games
Newsgroups
© 2003 Hudson Business Networks
|
