Information Security Policy Essay

1790 words - 8 pages

Introduction
Computer information systems and networks are an integral part of business at Hano Document Printers. The company has made a substantial investment in human and financial resources to create these systems.
The enclosed policies and directives have been established in order to:
• Protect this investment.
• Safeguard the information contained within these systems.
• Reduce business and legal risk.
• Protect the good name of the company.
Violations
Violations may result in disciplinary action in accordance with company policy. Failure to observe these guidelines may result in disciplinary action by the company depending upon the type and severity of the violation, whether ...view middle of the document...

The Internet and e-mail
The Internet is a very large, publicly accessible network that has millions of connected users and organizations worldwide. One popular feature of the Internet is e-mail.
Policy
Access to the Internet is provided to employees for the benefit of Hano Document Printers and its customers. Employees are able to connect to a variety of business information resources around the world.
Conversely, the Internet is also replete with risks and inappropriate material. To ensure that all employees are responsible and productive Internet users and to protect the company’s interests, the following guidelines have been established for using the Internet and e-mail.
Acceptable use
Employees using the Internet are representing the company. Employees are responsible for ensuring that the Internet is used in an effective, ethical, and lawful manner. Examples of acceptable use are:
• Using Web browsers to obtain business information from commercial Web sites.
• Accessing databases for information as needed.
• Using e-mail for business contacts.
Unacceptable use
Employees must not use the Internet for purposes that are illegal, unethical, harmful to the company, or nonproductive. Examples of unacceptable use are:
• Sending or forwarding chain e-mail, i.e., messages containing instructions to forward the message to others.
• Broadcasting e-mail, i.e., sending the same message to more than 10 recipients or more than one distribution list.
• Conducting a personal business using company resources.
• Transmitting any content that is offensive, harassing, or fraudulent.
Downloads
File downloads from the Internet are not permitted unless specifically authorized in writing by the IS manager.
Employee responsibilities
An employee who uses the Internet or Internet e-mail shall:
1. Ensure that all communications are for professional reasons and that they do not interfere with his/her productivity.
2. Be responsible for the content of all text, audio, or images that (s)he places or sends over the Internet. All communications should have the employee’s name attached.
3. Not transmit copyrighted materials without permission.
4. Know and abide by all applicable Hano policies dealing with security and confidentiality of company records.
5. Run a virus scan on any executable file(s) received through the Internet.
6. Avoid transmission of nonpublic customer information. If it is necessary to transmit nonpublic information, employees are required to take steps reasonably intended to ensure that information is delivered to the proper person who is authorized to receive such information for a legitimate use.
Copyrights
Employees using the Internet are not permitted to copy, transfer, rename, add, or delete information or programs belonging to others unless given express permission to do so by the owner. Failure to observe copyright or license agreements may result in disciplinary action by the company and/or legal action by the...

Other Papers Like Information Security Policy

Linux Security Essay

448 words - 2 pages Data Security Standard (PCI DSS), Federal Information Security Management Act of 2002, Control Objectives for Information and Related Technology (COBIT). Many or part of these and more must be taken into consideration while putting this project in play. There are a couple of documents: ISO\IEC 17799 and ISO\IEC 27001. The ISO\IEC 17799 IT security technique is the policy for information security management, guidelines, principles for implementing

Introduction to Information Security Student Essay

1249 words - 5 pages and fast rules regulating the installation of various security mechanisms, nor are there many universally accepted complete solutions. While there are many manuals to support individual systems, there is no manual for implementing security throughout an entire interconnected system. This is especially true given the complex levels of interaction among users, policy, and technology controls. Information Security: Security as Science There are

Security Breach

1832 words - 8 pages potential customers and communicate with them effectively. Security policy and Response of firm on Security breach To secure the data of customers and software information of the firm, Sony group privacy policy is used by Sony Corporation. In this, to win confidence and trust of the customers, appropriate use and security control tools are focused by the firm under this security policy. Management of the firm believes to give priority to

Course Discription

968 words - 4 pages : Wiley. Article References Barr, J. G. (2012). Business continuity for web sites. Faulkner Information Services, 1-9. Barr, J. G. (2012). Identity management market trends. Faulkner Information Services, 1-10. Barr, J. G. (2013). Common criteria overview. Faulkner Information Services, 1-10. Barr, J. G. (2013). Biometrics market trends. Faulkner Information Services, 1-7. Week One: IT Security Overview Details Due Points

Top 10 Laws of Security

1706 words - 7 pages efforts of correct security implementation, causing end users to neglect their responsibility on securing their environments. For that, Bruce emphasizes on this law to extend our view to security to cover managerial and administrative process to take its right place to enforce and strengthen level of security in the perimeters, throwing part of the responsibility on managers and end users in security. This can be realized using Information

Title Is Awesome

1179 words - 5 pages IS 471 Policy Development and Security Issues Lab 4 (Due October 22, 2014) Introduction In any company, a security policy helps to mitigate the risks and threats the business encounters. However, unless a company happens to be in the information security industry, the task of identifying, assessing, and categorizing the myriad of risks can be an overwhelming one. Thankfully, a company’s IT infrastructure can be divided in a logical manner to

Cap Study Guide

5295 words - 22 pages CAP study guide – 1. Who is responsible for establishing the rules for appropriate use and protection of the subject information (e.g. rules of behavior)? a. System owner 2. Who has the authority to formally assume responsibility for operating an information system at an acceptable level of risk? a. Accrediting Authority 3. Who is responsible for ensuring that the appropriate operational security posture is

It Audit Guide

4838 words - 20 pages 2.4. Selecting an Information System’s Security Controls 7 3. Purpose of the Checklist 8 4. How to Use the Checklist 8 4.1. The Checklist Structure 8 4.2. Security Objectives 9 4.3. Guidance for IRAP Assessors 9 4.4. Information System Compliance 10 5. Guidance for IRAP Assessors 10 6. The Checklist 11 6.1. The Information Security Policy & Risk Management 11 6.2. Information Security Organisation 14 6.3

Security Policy Document

2165 words - 9 pages 1.0 Purpose The purpose of this policy is to describe the security requirements for Global Distribution, Inc. (GDI). It is important that GDI protects the confidentiality, integrity and availability of information that is essential for day-to-day business operations. This policy will apply to all information that is electronically stored, received, typed, printed, filmed, and generated. Information technology systems are critical for Global

Cyberlaw Tft Task 1

971 words - 4 pages New Policy Statements for the Heart-Healthy Information Security Policy New User Policy Statement The current New Users section of the policy states: “New users are assigned access based on the content of an access request. The submitter must sign the request and indicate which systems the new user will need access to and what level of access will be needed. A manager’s approval is required to grant administrator level access.” There are

Chapter 1-Introduction to Information Security: Principles of Information Security

979 words - 4 pages science? How does security as a social science influence its practice? Art because there are no hard and fast rules especially with users and policy. Security as a social science influences its practice because the software is developed by computer scientists and engineers. Faults are a precise interaction of hardware and software that can be fixed given enough time. 15. Who is ultimately responsible for the security of information in

Related Essays

Heart Healthy Information Security Policy Essay

540 words - 3 pages Introduction to Policy Augmentation Process Due to the fact that both HIPAA and HITECH are non-prescriptive security frameworks HITRUST common security framework (CSF) was leveraged to augment the Heart-Healthy Insurance Information Security Policy. Moreover, HITRUST CSF was chosen as it maps to various other information security frameworks applicable to Heart-Healthy Insurance Company (i.e. HIPAA, HITECH, PCI, ISO 27000-series, etc

Cmgt400 Week 4 Individual Essay

1359 words - 6 pages The Role of Information Security Policy A successful Information Security Program is determined by how the security policy for an organization is developed, how it is implemented, and maintained. An effective sound security policy creates a solid foundation for an information system. The policy makers must emphasize that within the organization, the role played by information security is of paramount importance. The system administrator is

Is4550 Week 5 Lab Essay

1642 words - 7 pages assess and audit an IT security policy framework definition by performing a gap analysis with remediation. Lab Assessment Questions & Answers 1. What is the purpose of having a policy framework definition as opposed to individual policies? The Policy Framework for Information and Technology provides the strategic context for the Policy on Information Management and the Policy on the Management of Information Technology. It also

Beth A Grillo It540 Management Of Information Security Assignment Unit 2

297 words - 2 pages Unit 2 Assignment: Security Policy Implementation Beth A. Grillo, MHA, CPC-A July 19th, 2016 IT540-01: Management of Information Security Dr. Kenneth Flick Kaplan University Table of Contents Unit Two Assignment: Security Policy Implementation 3 Part 1: Step 29 3 Part 1: Step 36 3 Part 3: Step 33 4 Part 3: Significance of Strict Password Policy 5 Reference 6 Unit Two Assignment: Security Policy Implementation Part 1