Sample security policy for end users, part four

Here is the fourth part of a sample security policy for end users, submitted by searchSecurity member Nap van Zuuren. Give it a read and tell us what you think by rating it at the bottom of the page. And, don't miss the rest of the policy; follow the link below.

XIII. Additional Policy & (basic) Procedures on Security Issues
As a (highly necessary) precaution, you should keep your system well protected.

Keeping your Windows 2000 updated:
Your Windows 2000 should have Service Packs 1 and 2 installed.
- Check Version via Help -> About ->
- It should indicate: Version 5.0 (Build 2195: Service Pack 2)

When connected to the Internet:
In your Programs List activate "Windows Update"
-> windowsupdate.microsoft.com
- Click "Show Installed Updates"
You will be guided on the necessary Updates; many of these Updates are security related, so take your time for them.
Install "Windows Critical Update Notification" - If a "flag" is shown in your taskbar, you should act on the required install of a Critical Update.
When asked: Install "Microsoft Windows Update Active Setup"
Windows Update also provides the Updates for Internet Explorer.

Do NOT change any of the installed security settings!

Keeping your Microsoft Office programs updated:
When you have selected "Windows Update," being at windowsupdate.microsoft.com and selected "Product Updates," you also

    Requires Free Membership to View

have a choice for "Microsoft Office Update," guiding you to office.microsoft.com/ProductUpdates/default.aspx, in which you will find a choice for "Product Updates."
- You will have the possibility to download and install the "Microsoft Office Product Updates Detection Engine."
You will be guided on the necessary Updates; many of these Updates are security related, so take your time with them.

"Windows Update" also provides the updates for Internet Explorer 5.50. - (last Critical Update: Service Pack 1 of May 24,2001; Version now 5.50.4522.1800)
"Microsoft Office Update" also provides the Updates for Outlook, apart from the "Office" products.
Note: For these Updates you might need the CD, with which the installed Office 2000 files were installed on your system. You will have to contact your Network- or Sys-Admin in that case.
If it is impossible for you to get hold of the required CD, the same Service Packs (SPs) and Service/Security Releases (SRs) can be found via www.microsoft.com/security

Virus protection
It is the end user's responsibility to keep the antivirus software updated. is e-mailing the update information, and the updating has then to be carried out right after receipt of the Update E-Mail. It is recommended that, once a week, the end user updates the virus protection by selecting Start -> Programs -> Norton Antivirus and then activating "Live Update."

Please remember, updating your virus protection is your responsibility! Failure to do so has caused files to be destroyed in the past (losing literally several years of work) and cost considerably in time and money. Furthermore, you might "open" your system to non-invited "guests."

Password Requirements

As proper password usage is the most efficient way to prevent unauthorized access, the System Administration did set rules for passwords. If you use the wrong combination(s) of Login-ID and related Password, your system with be locked out after five access attempts, and intervention of the SysAdmin is required to get you online again.

For the choice of password the following requirements have to be met:
- Minimum length seven characters
- Minimum two of those characters have to be 'special' characters, so non-alphabetical and/or non-numerical

This sample policy is continued in Part Five.

This was first published in December 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.