Principles info sys security
Dr. Tung-Shing Lam Security Policies
Security Policies: Rules & Regulations 2013
For the company to be secure it should have a Security Policy, Usage Policy, Acceptable use policy, and Security Awareness Training for all employees. With this being said, system backups need to be performed on a daily basis, with monitoring of network a priority. In the security policy, network login warning screens need to be in place, and all policies documented so all employees, management, and IT departments are all on the same page. Once this is accomplished, then IT can perform their jobs and all employees can do their jobs in a secure, safe environment with the least amount of down time from invasion or infection. In the Security Policy, access controls need to be in place for each employee dependent on departments and usage allowed. Each associate should have individual logins with user names and passwords with a mixture of capitals, numbers, and special characters to be changed monthly. With associates on road and using network from home a secure VPN with secure login also changing monthly. Both of these needing to be monitored regularly to make sure of usage. All users will not be allowed to use personal email or downloads of any kind into work computers, no software installs of any kind except from IT department. Firewalls, antivirus, and malware software to be setup, configured, and ran from IT personnel to keep all computers equal and clean. Web access for associates that need to use it for work related business only.
Unauthorized banners for all other associates setup with only an internal website with weather and work updates accessible. Internal email setup for all associates for sharing of information and documents needed to perform work, to send calendars, and appointments. No sharing of work related information, passwords, policies, or documentation to family or any other users. This should be carefully monitored at all times and will be strictly enforced by company policy. Any visitors needing use of wireless will be setup as needed by IT for specific use and time allowance with temporary passwords. With Secure VPN encryption of passwords, should be used, and financial departments will or should use password keys for security with these changing monthly for security of financial data. Inspections of financial areas should be done according to company policy with IT and accounting firm according to SOX regulations, reports to made available at all times and submitted on time to management and auditors. Use of digital signatures on all documentation that is to be submitted to departments if being sent then encryption will be used. Accounting associates should use 1 week of vacation completely out of work and other trained associates to be in place to do accounting financials to note any discrepancies or inaccuracies. All system updates, system configurations, hardware changes, and new installations to be done only by IT personnel. No use of business computers for own
