COMPLIANCE COUNSELOR
Sample security policy for end users, part four
Nap van Zuuren
12.05.2001
Rating: --- (out of 5)
Here is the fourth part of a sample security policy for end users, submitted by searchSecurity member Nap van Zuuren. Give it a read and tell us what you think by rating it at the bottom of the page. And, don't miss the rest of the policy; follow the link below.
XIII. Additional Policy & (basic) Procedures on Security Issues
As a (highly necessary) precaution, you should keep your system well
protected.
Keeping your Windows 2000 updated:
Your Windows 2000 should have Service Packs 1 and 2 installed.
- Check Version via Help -> About ->
- It should indicate: Version 5.0 (Build 2195: Service Pack 2)
When connected to the Internet:
In your Programs List activate "Windows Update"
-> windowsupdate.microsoft.com
- Click "Show Installed Updates"
You will be guided on the necessary Updates; many of these Updates are
security related, so take your time for them.
Install "Windows Critical Update Notification"
- If a "flag" is shown in your taskbar, you should act on the required
install of a Critical Update.
When asked: Install "Microsoft Windows Update Active Setup"
Windows Update also provides the Updates for Internet Explorer.
Do NOT change any of the installed security settings!
Keeping your Microsoft Office programs updated:
When you have selected "Windows Update," being at windowsupdate.microsoft.com and selected
"Product Updates," you also have a choice for "Microsoft Office Update," guiding you to office.microsoft.com/ProductUpdates/default.aspx,
in which you will find a choice for "Product Updates."
- You will have the possibility to download and install the "Microsoft
Office Product Updates Detection Engine."
You will be guided on the necessary Updates; many of these Updates are
security related, so take your time with them.
"Windows Update" also provides the updates for Internet Explorer 5.50.
- (last Critical Update: Service Pack 1 of May 24,2001; Version now
5.50.4522.1800)
"Microsoft Office Update" also provides the Updates for Outlook, apart
from the "Office" products.
Note: For these Updates you might need the CD, with which the installed
Office 2000 files were installed on your system. You will have to contact your Network- or Sys-Admin in that case.
If it is impossible for you to get hold of the required CD, the
same Service Packs (SPs) and Service/Security Releases (SRs) can be found via
www.microsoft.com/security
Virus protection
It is the end user's responsibility to keep the antivirus software
updated. is e-mailing the update information, and the updating has then to be carried out right after receipt of the Update E-Mail. It is recommended that, once a week, the end user updates the virus protection by selecting Start -> Programs -> Norton Antivirus and then activating "Live Update."
Please remember, updating your virus protection is your responsibility!
Failure to do so has caused files to be destroyed in the past (losing
literally several years of work) and cost considerably in time and money. Furthermore, you might "open" your system to non-invited "guests."
Password Requirements
As proper password usage is the most efficient way to prevent unauthorized access, the System Administration did set rules for passwords. If you use the wrong combination(s) of Login-ID and related Password, your system with be locked out after five access attempts, and intervention of the SysAdmin is required to get you online again. For the choice of password the following requirements have to be met:
- Minimum length seven characters
- Minimum two of those characters have to be 'special' characters, so non-alphabetical and/or non-numerical
This sample policy is continued in Part Five.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
