Sample security policy for end users, part three

Sample security policy for end users, part three



Here is the third part of a sample security policy for end users, submitted by searchSecurity member Nap van Zuuren. Give it a read and tell us what you think by rating it at the bottom of the page. And, don't miss the rest of the policy; follow the link below.

VII. Access control hardware and software
The remote access control to the -Intranet (Internal Network) is controlled by provided SecurID tokens and SecuRemote Software, thus a VPN (Virtual Private Network) connection. The administration of the tokens is under control of assigned staff (3). A secure ID receipt document has to be returned to the assigned staff (3) after receipt of the token. See Appendix B.

VIII. Hardware
All hardware devices acquired for or on behalf of the company or developed by company employees or contract personnel on behalf of the company is, and shall be, deemed company property. All such hardware devices must be used in compliance with applicable licenses, notices, contracts and agreements.

VIII.a. Purchasing
All purchasing of company computer hardware and software shall be centralized with the assigned staff (3) to ensure that all equipment conforms to corporate hardware and software standards and is purchased at the best possible price and support.

VIII.b. Hardware standards
The following list shows the standard hardware configuration for company

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

computers (excluding test computers) that are fully supported by the assigned staff:
1) Desktop equipment
1a) Peripheral equipment, such as (Network) Printer(s)
2) Laptops
TBD
IX. Outside equipment
No outside equipment may be plugged into the company's network without the express authorization of the Network Administrator (1).

X. Outside connections
It is the end user's responsibility to disconnect any type of modem connection when also having an activated -LAN connection.

XI. Presently Assigned Administrators:
(1) Assigned Network Administrator: x
(2) Administration of the staff tokens: x
(3) Purchasing Hardware & Software: x
(4) Installation of Software: x

XII. Violations and penalties
Penalties for violating the Software/Hardware Policy will vary depending on the nature and severity of the specific violation. Any employee who violates the Software/Hardware Policy will be subject to: (i) Disciplinary action as described in the company's employee handbook, including but not limited to reprimand, suspension and/or termination of employment. (ii) Civil or criminal prosecution under applicable law(s).

This sample policy is continued in Part Four.


This was first published in December 2001

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top