APPENDIX A: Acceptable Use Security Policy
The following document is a sample Acceptable Use Security Policy using the outline identified in the Security Policy Template. The purpose of this sample document is to aid with the development of your own agency Acceptable Use Security Policy by giving specific examples of what can be performed, stored, accessed and used through the use of your departments computing resources.
Section 1 - Introduction
Information Resources are strategic assets of the and must be treated and managed as valuable resources. provides various computer resources to its employees for the purpose of assisting them in the performance of their job-related duties. State law permits incidental access to state
…show more content…
2. Users must report any incidents of possible misuse or violation of this Acceptable Use Policy through the use of documented Misuse Reporting processes associated with the Internet, Intranet, and Email use standards.
3. Users must not attempt to access any data, documents, email correspondence, and programs contained on systems for which they do not have authorization.
4. Systems administrators and authorized users must not divulge remote connection modem phone numbers or other access points to computer resources to anyone without proper authorization.
5. Users must not share their account(s), passwords, Personal Identification Numbers (PIN), Security Tokens (i.e. Smartcard), or similar information or devices used for identification and authorization purposes.
6. Users must not make unauthorized copies of copyrighted or owned software.
7. Users must not use non-standard shareware or freeware software without the appropriate Management approval.
8. Users must not purposely engage in activity that may harass, threaten or abuse others or intentionally access, create, store or transmit material which may deem to be offensive, indecent or obscene, or that is illegal according to local, state or federal law.
9. Users must not engage in activity that may degrade the performance of Information Resources; deprive an authorized user access to resources; obtain extra resources beyond those allocated; or circumvent computer security
Only authorized personnel are allowed unescorted access to the Computer Room with proper security credentials.
iv. Users of remote workstations must comply with HIPAA Security Policy # 10 - Workstation Use)
4. Please be advised that failure to follow this policy can result in possible criminal, and civil sanctions against the company, and it management and employees, and possible disciplinary action against the responsible individuals, and including termination of
Based on the premises that Richman has 5000 employees throughout the main office and several branch offices, this document dictates research solutions and details the appropriate access controls including policies, standards, and procedures that define who users are, what they can do, which resources they can access, and which operations they can perform on a system. |
Issue one. Based on the premise that Richman has 5,000 employees throughout the main office and several branch offices, you must research solutions and detail the appropriate access controls including policies, standards, and procedures that define who users are, what they can do, which resources they can access, and which operations they can perform on a system.
Formal user access control procedures must be documented, implemented and kept up to date for each application and information system to ensure authorised user access and to prevent unauthorised access. They must cover all stages of the lifecycle of user access, from the initial registration of new users to the final de-registration of users who no longer require access. These must be agreed by IDI. User access rights must be reviewed at regular intervals to ensure that the appropriate rights are still allocated. System administration accounts must only be provided to users that are required to perform system administration tasks.
Remote access – Employees working remotely using laptops may not be given access to sensitive data.
Authentication of an individual to access and use files, systems, and screens is vital to
mandatory and discretionary access control policies. ACM Transactions on Information and System Security, Vol. 3, No. 2.
To fully explain the acceptable use policy would mean to begin from the beginning, the user domain. The user domain is the employee or people within an organization who is granted access to the information system for the organization. There are roles and tasks, responsibility, and accountability that go into an acceptable use policy for the user domain. Within the user domain is the access of LAN to Wan, web surfing, and internet. LAN to Wan is the activities between LAN to Wan and firewalls, routers, intrusion, detection, and workstations. Web surfing determines what a user can do on company time with company resources. Internet
The user may even do rebellious things that can get people around them in trouble. For
Warn users that activities may be monitored and that unauthorized access is prosecutable pursuant to the United States Criminal Code (Title 18 U.S.C. § 1030).
In addition to any agreement which you might have signed, e.g. as a college student or as a library member, you are also subject to a particular piece of legislation. State what it is and detail the responsibility laid down by a piece of legislation put on any user of a PC connected onto an organisation’s network. When using a network PC as an authorised user, in addition to any agreement signed with the network operator, the Computer Misuse Act is legislation designed to protect the integrity of computer systems. The Computer Misuse Act makes the Unauthorised access to computer programs or data, Unauthorised access with further
This policy applies to all Users. It applies to any computing devices owned or leased by the University of Pennsylvania that experience a Computer Security Incident. It also applies to any computing device regardless of ownership, which either is used to store Confidential University Data, or which, if lost, stolen, or compromised, and based on its privileged access, could lead to the unauthorized disclosure of Confidential University Data. Examples of systems in scope include, but are not limited to, a User’s personally owned home computer that is used to store Confidential University Data, or that contains passwords that would give access to Confidential University Data.