Sample security policy for end users, part four

Here is the fourth part of a sample security policy for end users that can be customized to fit your needs.



Here is the fourth part of a sample security policy for end users, submitted by searchSecurity member Nap van Zuuren. Give it a read and tell us what you think by rating it at the bottom of the page. And, don't miss the rest of the policy; follow the link below.

XIII. Additional Policy & (basic) Procedures on Security Issues
As a (highly necessary) precaution, you should keep your system well protected.

Keeping your Windows 2000 updated:
Your Windows 2000 should have Service Packs 1 and 2 installed.
- Check Version via Help -> About ->
- It should indicate: Version 5.0 (Build 2195: Service Pack 2)

When connected to the Internet:
In your Programs List activate "Windows Update"
-> windowsupdate.microsoft.com
- Click "Show Installed Updates"
You will be guided on the necessary Updates; many of these Updates are security related, so take your time for them.
Install "Windows Critical Update Notification" - If a "flag" is shown in your taskbar, you should act on the required install of a Critical Update.
When asked: Install "Microsoft Windows Update Active Setup"
Windows Update also provides the Updates for Internet Explorer.

Do NOT change any of the installed security settings!

Keeping your Microsoft Office programs updated:
When you have selected "Windows Update," being at windowsupdate.microsoft.com and selected "Product Updates," you also have a choice for "Microsoft Office Update," guiding you to office.microsoft.com/ProductUpdates/default.aspx, in which you will find a choice for "Product Updates."
- You will have the possibility to download and install the "Microsoft Office Product Updates Detection Engine."
You will be guided on the necessary Updates; many of these Updates are security related, so take your time with them.

"Windows Update" also provides the updates for Internet Explorer 5.50. - (last Critical Update: Service Pack 1 of May 24,2001; Version now 5.50.4522.1800)
"Microsoft Office Update" also provides the Updates for Outlook, apart from the "Office" products.
Note: For these Updates you might need the CD, with which the installed Office 2000 files were installed on your system. You will have to contact your Network- or Sys-Admin in that case.
If it is impossible for you to get hold of the required CD, the same Service Packs (SPs) and Service/Security Releases (SRs) can be found via www.microsoft.com/security

Virus protection
It is the end user's responsibility to keep the antivirus software updated. is e-mailing the update information, and the updating has then to be carried out right after receipt of the Update E-Mail. It is recommended that, once a week, the end user updates the virus protection by selecting Start -> Programs -> Norton Antivirus and then activating "Live Update."

Please remember, updating your virus protection is your responsibility! Failure to do so has caused files to be destroyed in the past (losing literally several years of work) and cost considerably in time and money. Furthermore, you might "open" your system to non-invited "guests."

Password Requirements

As proper password usage is the most efficient way to prevent unauthorized access, the System Administration did set rules for passwords. If you use the wrong combination(s) of Login-ID and related Password, your system with be locked out after five access attempts, and intervention of the SysAdmin is required to get you online again.

For the choice of password the following requirements have to be met:
- Minimum length seven characters
- Minimum two of those characters have to be 'special' characters, so non-alphabetical and/or non-numerical


This sample policy is continued in Part Five.


This was first published in December 2001

Dig deeper on Security Resources

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close