COMPLIANCE COUNSELOR
Sample security policy for end users, part one
12.05.2001
Rating: -4.00- (out of 5)
Here is the first part of a sample security policy for end users, submitted by searchSecurity member Nap van Zuuren. Give it a read and tell us what you think by rating it at the bottom of the page. And, don't miss the rest of the policy; follow the link below.
DRAFT: Software & Hardware Policy for End Users
I. Introduction
As 's business is security-related and also deals with
Customers' 'secrets', this policy also contains policy and (basic)
procedures on security issues. Specific policies and procedures on information protection, security, backup, recovery, protection
for desktops and portables (boot protection, disk partition, encryption), etc. will follow in due course.
II. Mission Statement
The staff of has the obligation towards
and 's customers to ensure that 's and the
customer's proprietary information is safeguarded and that the existing
files will never be damaged and/or destroyed.
- Thus, access control, antivirus protection, the application of security patches, etc. is part of every employee duty.
III. Acknowledgement of Receipt of this Document
A copy of the Acknowledgment of Software/Hardware Policy - Appendix A -
has to be returned to the assigned Network Administrator (1) and a copy of the Secure ID Receipt document - Appendix B - has to be returned to the assigned staff (2).
- The return of this/these page(s) can also be carried out by
PGP-signing of this/these page(s) and then sending this/these page(s) to the destinees by E-Mail.
Document Version Control on next page.
INDEX: Page
I. Introduction (1)
II. Mission Statement (1)
III. Acknowledgement of Receipt of this document (1)
IV. Document Version Control (2)
V. Acceptable Use (3)
VI. a-f. Software / Purchasing / Licensing / Software Standards /
Installation / Virus Protection (3)
VII. Access control Hardware and Software (4)
VIII. a-b. Hardware / Purchasing / Hardware Standards (4)
IX. Outside Equipment (4)
X. Outside Connections (4)
XI. Presently Assigned Administrators (4)
XII. Violations and penalties (4)
XIII. Additional Policy & (basic) Procedures on Security issues (5)
XIV. Appendix A (to be signed-of) (6)
XV. Appendix B (if token received: to be signed-of) (7)
XVI. Appendix C (if laptop received; to be signed-of) (8)
Notes on this specific Draft (9-10)
IV. Document Version Control
Data Classification - Company Confidential
This document
Document Ref. Number EMEA/YYY/????
Document Generic File Name Policy-XXX-YYY-EndUsers-Initial
Document Issue No 16/06/2001
Date x
Author(s) x
Approved by x
Distribution List All XXX-yyy Employees for Review and Comments
Remarks V.1: Input on xx from xx
History of this document
Document Generic File Name Policy-XXX-YYY-EndUsers-Initial
Document Issue No. 1 Initial Draft
Status DRAFT V.0
Date May 28, 2001
Author(s) Nap van Zuuren
Approved by x
Distribution List All XXX-yyy Employees for Review and Comments
Remarks Input on VI.b from ABC / Input on XIII from DEF
+ Note on Critical Update Internet Explorer
Document Generic File Name
Document Issue No.2
Status
Date
Author(s)
Approved by
Distribution List
Remarks
Document Generic File Name
Document Issue No.3
Status
Date
Author(s)
Approved by
Distribution List
Remarks
Document Generic File Name
Document Issue No.4
Status
Date
Author(s)
Approved by
Distribution List
Remarks
This sample policy is continued in Part Two.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
