Time
2 hours 23 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:02
Hello and welcome to I t. Security Policy Training on Cyber Eri.
00:06
This is part of module to the acceptable use policy
00:10
being taught by myself. Troy Lemaire
00:13
Learning objective for this module
00:15
is general use and ownership of systems
00:18
security, proprietary information of systems and the unacceptable use of systems inside of an organization.
00:29
If we look at the acceptable use policy,
00:32
this is a sands template, which allows you to look at the information in it and modify it for your needs within your organization
00:40
in the first section. The overview.
00:42
It speaks about the intent of publishing an acceptable use policy. It's not imposing restrictions,
00:47
but to establish a culture of openness, trust and integrity
00:53
list Internet, Internet and extra net related systems and other types of
00:58
systems that are used. Our software being used, such as the operating system, storage media,
01:03
email an FTP
01:06
modify these things as needed for your organization
01:10
and states that the systems are to be used for business purposes in serving the interests of the company
01:15
and our clients and customers in the course of normal operations
01:19
does that effective security is a team effort involving the participation on and support of every employee and affiliate who deals with information and or information systems
01:27
is the responsibility of every computer user to know that a guy lines and conduct activities accordingly.
01:37
Purpose of the policy to outline except we use of computer equipment.
01:40
These rules are in place to protect employees and the company. Inappropriate use exposes the company to risk, including viruses, compromise of network systems and legal issues.
01:51
Scope of the policy plots use of information Elektronik in computing device and network resource to conduct business are interact with internal networks and business systems owned or leased by the company.
02:05
Policy applies to employees, contractors, consultants, temporaries and other workers.
02:08
Modify this section. If you don't have any contractors and consultant or temporary workers, you want to make the policy fit to what is the way that your organization works.
02:17
We look at the body of the policy itself. The general use an ownership. Proprietary information is stored on Elektronik in computing devices owned or leased by the company, and you must ensure through legal or technical means that the proprietary information is protected in accordance with the data protection standard.
02:34
You have a responsibility to promptly report the theft loss are unauthorized disclosure of proprietary information,
02:40
and you may access user share the information on Lee to extent that it's authorized a necessary to fulfill your job duties.
02:47
Employees responsible for exercising good judgment regarding the reasonableness of personal use.
02:53
Individual departments responsible creating guidelines concerning personal use.
02:57
In the absence of such policies, employees should be guided by department of policies and personal use.
03:01
And if there's any uncertainty, employees should consult their supervisors Are managers
03:07
security network maintenance purposes. Authorized individuals may monitor equipment,
03:13
and also the company reserves the right to audit any network Our systems on a periodic basis. To ensure compliance,
03:20
we look at security and proprietary information. All mobile computing devices that connect to the network must comply with the minimum access policy
03:28
system level and user level passwords must comply with the password policy, which we will cover MAWR in this side. Very training.
03:37
All devices must be secured with a password protected screen saver with automatic activation set to 10 minutes or less. If in your organization you use a 15 minute lockout, which is
03:46
one of the more common time frames, you can modify this policy for that
03:51
most in my employees, from a company email address to any type of news groups or any type of message boards would need to contain a disclaimer stating that ist opinion of their the use of themselves and not of the company.
04:03
And you. You must use extreme caution when opening email attachments received from unknown senders because they can contain malware or viruses or other things.
04:14
Now get into the UN except that we use portion of this policy. This portion is something that you might need a modify based on the needs of your organization whenever it comes to specific things inside of it. If, for example, you say we do not allow you to, because you two eats up a lot of band with and can affect the network
04:32
and the Internet usage of employees that wood might want to be spelled out to where you will put
04:36
videos are. If it's Netflix, it will be streaming media something to that effect, so that you can specifically state those things within the policy it's known that is unacceptable. Use of a system
04:50
says that under no circumstances should employees
04:55
engage in any activity that's illegal,
04:58
and the listing below is not exhaustive, but it is an attempt to provide some type of framework of activities that or unacceptable
05:09
sistema network activities. Violations of the rights of any person,
05:13
unauthorized copying of copyrighted material.
05:15
Accessing data on account for any purpose other than conducting normal business
05:20
exporting of software, technical information, encryption software technology,
05:26
introduction of malicious programs into the network or the server
05:30
Revealing your account password to others are allowing others to use your account
05:34
using company computing device to active. Engage procuring a transmitter material that is in violation of sexual harassment and hostile workplace laws.
05:43
Making fraudulent offers of products, items or service is from the company.
05:46
Making statements about warranties expresses our implied unless it is part of your normal job duties
05:53
affecting security breaches Are disruptions of networking
05:56
medication
05:58
lists out the types of security breaches that you have accessing the data, which is not
06:03
or the intended recipient are long into server on account that employees not expressly authorized to access.
06:11
Looking at port skinny or security scanning of any type. Execute any form of network monitoring that will intercept data is not part of your job role.
06:19
They're convening user authentication or security
06:23
introducing honey pots,
06:25
interfering with her, denying service to the user,
06:29
using any program scripts or commands, or sending messages with intent of Interfere Disabled users
06:33
session or their communication on the network.
06:38
Providing information about our list of company employees to parties outside of the company,
06:44
we look into the email and communication activities,
06:48
anything that includes sending of unsolicited email messages such as junk mail, any type of harassment,
06:56
unauthorized use of email headers,
06:59
solicitation of emails for any other email addresses other than that of the posters. Account with the intent to harass or collect replies.
07:05
Any type of change. The letter or policy schemes are forbidden
07:11
use of unsolicited email originating from the company's On the behalf of the company advertised any service hosted by the company. You're connected with the company's network
07:19
saying same or similar non business related messages to the large number of use that newsgroups.
07:26
Though we didn't get into the blogging and social media portion, this is the part that you will definitely need to look at on an annual basis because social media changes so quickly now.
07:35
But basically what is trying to say is blogging by employees need to be known that it is not the opinion of the employees and that it doesn't violate any of the company's policies.
07:46
Any type of confidential information about the company posted to any type of blogging site.
07:50
And she's not engaging the blogging that may harm or tarnished image or reputation of the company
07:58
get attributed. Any type of personal statements are opinions on to the company
08:03
depart from following all laws handling and disclosure copyrighted or export controlled materials such as the company's trademarks or logo's. Anything like that would not be used with any type of blogging activity
08:16
if we look at the compliance of it. This is where you will definitely need to work with your HR department, especially in regards to the social media things to make sure that whatever their policies are fit in line with your policies.
08:28
But the Info SEC team is gonna verify compliance through various methods,
08:33
such as business to reports, audits and feedback.
08:37
Exceptions to the policy must be approved ahead of time by the Info SEC team and then any employee found to have violated this policy may be subject to disciplinary action up to and including termination of employment. And again, this is gonna be something that is handled by the HR departments who would want to definitely work with them.
08:56
So, in summary in today's reflector, we discussed
08:58
general use in ownership, security, proprietary information and unacceptable use.
09:05
Except we use recap question employees responsible Exercising good judgment according the personal use.
09:11
What are individual departments responsible for?
09:15
And that would be individual departments responsible. Creating guidelines starting personal use of Internet, Internet and extra net systems.
09:22
Another policy recap. Question. Employees must use extreme caution when opening email attachments received from whom
09:31
that would be unknown. Senders, which could provide some type of malicious software inside of that email,
09:37
looking forward in the next lecture will start looking at encryption and the decryption policy.
09:43
If you have any questions or clarification,
09:46
as always, you can reach me on Cyberia message. My user name is that Troy Lemaire and thank you for attending this cyber every training

Up Next

Introduction to IT Security Policy

Introduction to IT Security Policy, available from Cybrary, can equip you with the knowledge and expertise to be able to create and implement IT Security Policies in your organization.

Instructed By

Instructor Profile Image
Troy LeMaire
IT Security Officer at Acadian Ambulance
Instructor