Sample security policy for end users, part two

Sample security policy for end users, part two



Here is the second part of a sample security policy for end users, submitted by searchSecurity member Nap van Zuuren. Give it a read and tell us what you think by rating it at the bottom of the page. And, don't miss the rest of the policy; follow the link below.

Software/Hardware Policy for End Users within

V. Acceptable use
This section defines the boundaries for the "acceptable use" of the company's electronic resources, including software, hardware devices and network systems. Hardware devices, software programs and network systems purchased and provided by the company are to be used only for creating, researching and processing company-related materials. By using the company's hardware, software and network systems you assume personal responsibility for their appropriate use and agree to comply with this policy and other applicable company policies, as well as applicable laws and regulations.

VI.a. Software
All software acquired for or on behalf of the company or developed by company employees or contract personnel on behalf of the company is and shall be deemed company property. All such software must be used in compliance with applicable licenses, notices, contracts and agreements.

VI.b. Purchasing
All purchasing of company software shall be centralized with 's assigned staff, to ensure that all applications conform to corporate software standards

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

and are purchased at the best possible price and support. All requests for standard and additional software must be submitted to 's assigned staff (3), who will then determine the standard software that best accommodates the desired request.

VI.c. Licensing
Each employee is individually responsible for reading, understanding, and following all applicable licenses, notices, contracts and agreements for software that he or she uses or seeks to use on company computers. Unless otherwise provided in the applicable license, notice, contract, or agreement, any duplication of copyrighted software, except for backup and archival purposes, might be a violation of national law and regulations. In addition to violating such laws, unauthorized duplication of software is a violation of the company's Software/Hardware Policy.

VI.d. Software standards
The following list shows the standard suite of software installed on company computers (excluding test computers) that is fully supported by the Network Administrator:
- Microsoft Windows 2000
- Microsoft Outlook 2000
- Microsoft Office 2000 (Word, Excel, Powerpoint, Access, Image Composer 1.5, Photo Editor 3.01, Publisher)
- Microsoft Internet Explorer
- Adobe Acrobat Reader
- Norton Antivirus Corporate edition
- PGP
- WinZip
* On request: Microsoft Project 2000 and/or Visio 2000
* Laptops only: Dial-up ISP and company VPN access
Employees needing software other than those programs listed above must request such software from 's assigned staff (3). Each request will be considered on a case-by-case basis in conjunction with the software-purchasing section of this policy. For installation of private owned - and private licensed - software on provided hardware, the explicit authorization to install this software has to be obtained from Network Administrator or 's Corporate Helpdesk.

VI.e. Installation of Software
The required software should only be installed by assigned staff (4).

VI.f. Virus protection
It is the End User's responsibility to keep the antivirus software updated. is e-mailing the update information, and the updating has then to be carried out right after receipt of the Update E-Mail. It is recommended that, once a week, the end user updates the virus protection by selecting Start -> Programs -> Norton Antivirus and then activating "Live Update."

This sample policy is continued in Part Three.


This was first published in December 2001

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top