Problem solve Get help with specific problems with your technologies, process and projects.

Sample security policy for end users, part four

Here is the fourth part of a sample security policy for end users that can be customized to fit your needs.

Here is the fourth part of a sample security policy for end users, submitted by searchSecurity member Nap van Zuuren. Give it a read and tell us what you think by rating it at the bottom of the page. And, don't miss the rest of the policy; follow the link below.

XIII. Additional Policy & (basic) Procedures on Security Issues
As a (highly necessary) precaution, you should keep your system well protected.

Keeping your Windows 2000 updated:
Your Windows 2000 should have Service Packs 1 and 2 installed.
- Check Version via Help -> About ->
- It should indicate: Version 5.0 (Build 2195: Service Pack 2)

When connected to the Internet:
In your Programs List activate "Windows Update"
- Click "Show Installed Updates"
You will be guided on the necessary Updates; many of these Updates are security related, so take your time for them.
Install "Windows Critical Update Notification" - If a "flag" is shown in your taskbar, you should act on the required install of a Critical Update.
When asked: Install "Microsoft Windows Update Active Setup"
Windows Update also provides the Updates for Internet Explorer.

Do NOT change any of the installed security settings!

Keeping your Microsoft Office programs updated:
When you have selected "Windows Update," being at and selected "Product Updates," you also have a choice for "Microsoft Office Update," guiding you to, in which you will find a choice for "Product Updates."
- You will have the possibility to download and install the "Microsoft Office Product Updates Detection Engine."
You will be guided on the necessary Updates; many of these Updates are security related, so take your time with them.

"Windows Update" also provides the updates for Internet Explorer 5.50. - (last Critical Update: Service Pack 1 of May 24,2001; Version now 5.50.4522.1800)
"Microsoft Office Update" also provides the Updates for Outlook, apart from the "Office" products.
Note: For these Updates you might need the CD, with which the installed Office 2000 files were installed on your system. You will have to contact your Network- or Sys-Admin in that case.
If it is impossible for you to get hold of the required CD, the same Service Packs (SPs) and Service/Security Releases (SRs) can be found via

Virus protection
It is the end user's responsibility to keep the antivirus software updated. is e-mailing the update information, and the updating has then to be carried out right after receipt of the Update E-Mail. It is recommended that, once a week, the end user updates the virus protection by selecting Start -> Programs -> Norton Antivirus and then activating "Live Update."

Please remember, updating your virus protection is your responsibility! Failure to do so has caused files to be destroyed in the past (losing literally several years of work) and cost considerably in time and money. Furthermore, you might "open" your system to non-invited "guests."

Password Requirements

As proper password usage is the most efficient way to prevent unauthorized access, the System Administration did set rules for passwords. If you use the wrong combination(s) of Login-ID and related Password, your system with be locked out after five access attempts, and intervention of the SysAdmin is required to get you online again.

For the choice of password the following requirements have to be met:
- Minimum length seven characters
- Minimum two of those characters have to be 'special' characters, so non-alphabetical and/or non-numerical

This sample policy is continued in Part Five.

This was last published in December 2001

Dig Deeper on Information security policies, procedures and guidelines

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.