SlideShare a Scribd company logo

Computer Security Policy

Download as DOC, PDF
E
everestsky66

Outline of components needed to develop cyber security procedures for public and private institutions.

TechnologyNews & Politics
1 of 7
COMPUTER SECURITY 1 COMPUTER SECURITY POLICY Ridha Ben Hammouda EVEREST UNIVERSITY-South Orlando Campus
COMPUTER SECURITY 2 Abstract This paper considers many of challenges faced by internet security professionals. The risks are the same around the world. This research paper suggests taking a holistic approach to this huge problem.
COMPUTER SECURITY 3 COMPUTER SECURITY POLICY Computer security policy needs of industry and government have been a priority since the early 1990’s. These policies relate to internet security, firewalls, virus protection and statistical methods of computer security. Internet security professionals around the world face the same risks when it comes to the lack of needed resources to develop and sustain an effective security policy (Waning Security, 1996, p. 3). A holistic approach in computer security policy is needed (Scientists on Cybersecurity, 2002b, p. 38). The National Research Council, which advises the government on technology matter, examines cybersecurity issues including the nature of cybertrheats and common causes of system and network pboblems. The agency has developed some controversial policy recommendations, such as making software and system vendors legally responsible for insecure products and systems (Scientists on Cybersecurity, 2002c, p. 38). The security risks posed by microcomputers need to be controlled because microcomputers are being used more frequently in large financial reporting systems. These risks include threats to data integrity, unauthorized information access, and theft. A cost-effective security plan should first identify business assets that need protection and risks from which the assets need to be safeguarded. Controls can then be designed and based on the level of exposure to loss. Specific security procedures that can be implemented include (1) policy statements on computer security guidelines, (2) locking devices, (3) password protection, (4) security software such as data
COMPUTER SECURITY 4 encryption programs, and (5) data backup procedures to insure against accidental or intentional destruction of data (Herdman & Neary, 1987b, p. 9). Computer security is not always the answer the protecting a computer system. The cost of the system must be weighed against the cost of damages without it. The purposes of security systems, which are to prevent sabotage, protect confidential information and guard against human error or technical failure must also be considered. Apprehensions about sabotage often come from employee-related or company policy-related problems and computer security only convinces a saboteur to harm the company in another way. Security systems to protect confidential information are effective, but cannot protect against individuals intent on getting information. Although human error and technical failure cannot be eliminated, preventive measures can be taken. Adequate employee training can minimize human error while automatic backup of important information is the best safeguard against technical failure (How Much Computer Security, 1992, p. 12). Research shows that corporate losses due to poor computer security are more likely to result from error than from fraud. Further, more fraud losses are caused by employees than by outsiders. A proper corporate computer security program takes a team approach, with components including ongoing design, education and enforcement. It should begin with an examination of the kinds of information the company deals with, and should consider the level of protection appropriate to each during every phase of its life and regardless of is location or form. Separation of functions, access controls, audit trails, and regular backup are all essential to effective computer security. A well-documented, well-publicized security policy can help
COMPUTER SECURITY 5 companies comply with new federal and state laws and prosecute violators more effectively (Thackeray, 1988b, p. 45) Data security across networks is also an important issue for network administrators. To secure intranetworks, some elements to include in a computer security policy are: (1) permission rules, (2) responsibilities, (3) unauthorized access to files and directories, (4) unauthorized use of software, (5) use of the network in for-profit activities, (6) use of electronic mail, (7) harassment, (8) waste, (9) abuse, (10) theft, (11) enforcement, (12) workplace monitoring, (13) network managers’ responsibilities and (14) the use of the network for non-company tasks (Alexander, 1995b, p. 59). Needed computer security procedures should be implemented after and based on results of a preliminary survey, assignment of security project responsibilities, risk analysis, analysis of defenses against security risks, selection of appropriate defenses, implementation of the security measures identified and periodic audit and improvement of the security program, security controls (i.e. detective measures, preventive measures and insurance coverage). The following procedures are recommended for application by all internet security professionals: 1. Permission – Use of computer facilities must be authorized by the owner of the information or by a senior manage. Prior permission to use another user’s computer account or user-ID from the owner of the account should be required. All computer or electronic files are considered private unless the owner has explicitly made them available to others. 2. Responsibilities – The user is owner of their data. It is their responsibility to ensure that it is adequately protected against unauthorized access. Keep passwords and accounts confidential; change passwords frequently. Do not leave terminals unattended without logging out first. Do not engage in any activity that is intended to circumvent computer
COMPUTER SECURITY 6 security controls. Do not acce3ss the accounts of other with the intent to read, browse, modify, copy or delete files and directories without authorization. 3. Unauthorized Use of Software –Users should be prohibited from loading any software on any computer system (i.e. shareware o freeware software) without approval from the system administrator and your supervisor. Users should be expressly prohibited from using company computers to make illegal copies of licensed or copyrighted software. Copyrighted software must only be used in accordance with its license or purchase agreement. 4. Harassment – Company computer systems are not to be used to harass anyone. This includes the use of insulting, sexist, racist, obscene or suggestive electronic mail, tampering with others’ files invasive access to others’ equipment. Etc. 5. Destruction of Records – Instruct employees how to dispose of old manuals, floppy disks. Shredding and thoroughly erasing floppy disks, removing any information that could be used by an outsider to penetrate a company’s computer system. Recycle ink and toner cartridges. 6. Networks – Disallow use of the company-owned network (or other network accessible by company computers) for any activity other than company business. This includes surfing the Internet, online discussions in newsgroups and bulletin board services, attempting to access other computer systems without authorization, posting commercial messages, and transmitting viruses, worms, or other invasive software. 7. Enforcement – Investigate all alleged abuses of computer resources. Each employee must be responsible for their own actions. A company has the obligation to ensure that its computer resources are used properly and within the guidelines established by the company. The company should have access to all electronic files of its employees. Limiting the access of guilty employees is appropriate. Refer flagrant abuses to senior managers or law enforcement authorities. In extreme cases of flagrant abuse or disregard of computer security guidelines, may result in termination of employment 8. Workplace Monitoring – A company must reserve the right to monitor the computer system for signs of illegal or unauthorized activity. (Alexander, 1995b, p. 59) In conclusion, computer security professionals must be highly trained, continuously updating their education, and constantly vigilant in order to protect their company from intruders who would cause them harm. The computer security professional must have integrity and be trustworthy. The demands made on the individuals entrusted with the responsibility of computer security is making that person increasingly valuable as we become a global community and market place.
COMPUTER SECURITY 7 References Alexander, M. (1995b). Make It a Policy to Protect Yourself. Datamation, 41 (22), 59. Retrieved May 19, 2008, from http://find.galegroup.com. Herdman, R. K., & Neary, R. D. (1987a). Planning Your Microcomputer Security Strategy. Financial Executive, 3 (4), 9. Retrieved May 19, 2008, from http://find.galegroup.com. How Much Computer Security. (1992). Across the board, 29 (2), 12. Retrieved May 19, 2008, from http://find.galegroup.com. Scientists on Cybersecurity. (2002a). Security Management, 46 (4), 38. Retrieved May 19, 2008, from http://gind.galegroup.com. Thackeray, G. (1988a). Computer Security: The Manace is From Inside. The Office, 108 (4), 45. Retrieved May 19, 2008, from http://find.galegroup.com.

Recommended

Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses
Wilkins Consulting, LLC
 
12 security policies
12 security policies12 security policies
12 security policies
Saqib Raza
 
Information security policy
Information security policyInformation security policy
Information security policy
BalachanderThilakar1
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security Policy
Robot Mode
 
Information Systems Policy
Information Systems PolicyInformation Systems Policy
Information Systems PolicyAli Sadhik Shaik
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
BPalmer13
 

Recommended

Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses
Wilkins Consulting, LLC
 
12 security policies
12 security policies12 security policies
12 security policies
Saqib Raza
 
Information security policy
Information security policyInformation security policy
Information security policy
BalachanderThilakar1
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security Policy
Robot Mode
 
Information Systems Policy
Information Systems PolicyInformation Systems Policy
Information Systems PolicyAli Sadhik Shaik
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
BPalmer13
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
Pankaj Rane
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Tammy Clark
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
Michael Kaishar, MSIA | CISSP
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Basic Security Requirements
Basic Security RequirementsBasic Security Requirements
Basic Security RequirementsSteven Cahill
 
Computer Security Policy D
Computer Security Policy DComputer Security Policy D
Computer Security Policy Dguest34b014
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Toño Herrera
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012
RECIPA
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
KATHEESKUMAR S
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
Mukesh Chinta
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
ethanBrownusa
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Dhani Ahmad
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
Marneil Sanchez
 
Information security
Information security Information security
Information security
razendar79
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
Evan Francen
 
Computer Security
Computer SecurityComputer Security
Computer Security
Frederik Questier
 
Computer security
Computer securityComputer security
Computer security
Univ of Salamanca
 

More Related Content

What's hot

Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
Pankaj Rane
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Tammy Clark
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
Michael Kaishar, MSIA | CISSP
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Basic Security Requirements
Basic Security RequirementsBasic Security Requirements
Basic Security RequirementsSteven Cahill
 
Computer Security Policy D
Computer Security Policy DComputer Security Policy D
Computer Security Policy Dguest34b014
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Toño Herrera
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012
RECIPA
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
KATHEESKUMAR S
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
Mukesh Chinta
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
ethanBrownusa
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Dhani Ahmad
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
Marneil Sanchez
 
Information security
Information security Information security
Information security
razendar79
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
Evan Francen
 

What's hot (20)

Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Basic Security Requirements
Basic Security RequirementsBasic Security Requirements
Basic Security Requirements
 
Computer Security Policy D
Computer Security Policy DComputer Security Policy D
Computer Security Policy D
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet Security
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
 
Information security
Information security Information security
Information security
 
Information security
Information securityInformation security
Information security
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 

Viewers also liked

Computer Security
Computer SecurityComputer Security
Computer Security
Frederik Questier
 
Computer security
Computer securityComputer security
Computer security
Univ of Salamanca
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
Nagendra Um
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
Damian T. Gordon
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
Arzath Areeff
 
Cryptography
CryptographyCryptography
Cryptography
Darshini Parikh
 
Cryptography
CryptographyCryptography
Cryptography
Shivanand Arur
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
kusum sharma
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
Adam Reagan
 

Viewers also liked (10)

Computer Security
Computer SecurityComputer Security
Computer Security
 
Computer security
Computer securityComputer security
Computer security
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Computer Security 101
Computer Security 101Computer Security 101
Computer Security 101
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
 

Similar to Computer Security Policy

I0516064
I0516064I0516064
I0516064
IOSR Journals
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information Systems
Simeon Ogao
 
Computing safety
Computing safetyComputing safety
Computing safety
titoferrus
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
madunix
 
MIS chap # 9.....
MIS chap # 9.....MIS chap # 9.....
MIS chap # 9.....
Syed Muhammad Zeejah Hashmi
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
IRJET Journal
 
E04 05 2841
E04 05 2841E04 05 2841
E04 05 2841
International Journal of Engineering Inventions www.ijeijournal.com
 
Mis 1
Mis 1Mis 1
Mis 1
Rohit Garg
 
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection SystemIRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET Journal
 
4b - Security Management - Cyber Security Mgt (1).pptx
4b - Security Management - Cyber Security Mgt (1).pptx4b - Security Management - Cyber Security Mgt (1).pptx
4b - Security Management - Cyber Security Mgt (1).pptx
romawoodz
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
Animesh Roy
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
International Journal of Engineering Inventions www.ijeijournal.com
 
ID-20305090 Fahim Montasir.pptx
ID-20305090 Fahim Montasir.pptxID-20305090 Fahim Montasir.pptx
ID-20305090 Fahim Montasir.pptx
FahimMuntasir21
 
Computer Network Security
Computer Network SecurityComputer Network Security
Computer Network Security
Sachithra Gayan
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMChristopher Nanchengwa
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
Online
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ramiro Cid
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
Jazmine Brown
 

Similar to Computer Security Policy (20)

Computer Security Policy D
Computer Security Policy DComputer Security Policy D
Computer Security Policy D
 
I0516064
I0516064I0516064
I0516064
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information Systems
 
Computing safety
Computing safetyComputing safety
Computing safety
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
MIS chap # 9.....
MIS chap # 9.....MIS chap # 9.....
MIS chap # 9.....
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
E04 05 2841
E04 05 2841E04 05 2841
E04 05 2841
 
Mis 1
Mis 1Mis 1
Mis 1
 
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection SystemIRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
 
4b - Security Management - Cyber Security Mgt (1).pptx
4b - Security Management - Cyber Security Mgt (1).pptx4b - Security Management - Cyber Security Mgt (1).pptx
4b - Security Management - Cyber Security Mgt (1).pptx
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
 
ID-20305090 Fahim Montasir.pptx
ID-20305090 Fahim Montasir.pptxID-20305090 Fahim Montasir.pptx
ID-20305090 Fahim Montasir.pptx
 
Forensics
ForensicsForensics
Forensics
 
Computer Network Security
Computer Network SecurityComputer Network Security
Computer Network Security
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
 

Recently uploaded

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 

Recently uploaded (20)

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 

Computer Security Policy

  • 1. COMPUTER SECURITY 1 COMPUTER SECURITY POLICY Ridha Ben Hammouda EVEREST UNIVERSITY-South Orlando Campus
  • 2. COMPUTER SECURITY 2 Abstract This paper considers many of challenges faced by internet security professionals. The risks are the same around the world. This research paper suggests taking a holistic approach to this huge problem.
  • 3. COMPUTER SECURITY 3 COMPUTER SECURITY POLICY Computer security policy needs of industry and government have been a priority since the early 1990’s. These policies relate to internet security, firewalls, virus protection and statistical methods of computer security. Internet security professionals around the world face the same risks when it comes to the lack of needed resources to develop and sustain an effective security policy (Waning Security, 1996, p. 3). A holistic approach in computer security policy is needed (Scientists on Cybersecurity, 2002b, p. 38). The National Research Council, which advises the government on technology matter, examines cybersecurity issues including the nature of cybertrheats and common causes of system and network pboblems. The agency has developed some controversial policy recommendations, such as making software and system vendors legally responsible for insecure products and systems (Scientists on Cybersecurity, 2002c, p. 38). The security risks posed by microcomputers need to be controlled because microcomputers are being used more frequently in large financial reporting systems. These risks include threats to data integrity, unauthorized information access, and theft. A cost-effective security plan should first identify business assets that need protection and risks from which the assets need to be safeguarded. Controls can then be designed and based on the level of exposure to loss. Specific security procedures that can be implemented include (1) policy statements on computer security guidelines, (2) locking devices, (3) password protection, (4) security software such as data
  • 4. COMPUTER SECURITY 4 encryption programs, and (5) data backup procedures to insure against accidental or intentional destruction of data (Herdman & Neary, 1987b, p. 9). Computer security is not always the answer the protecting a computer system. The cost of the system must be weighed against the cost of damages without it. The purposes of security systems, which are to prevent sabotage, protect confidential information and guard against human error or technical failure must also be considered. Apprehensions about sabotage often come from employee-related or company policy-related problems and computer security only convinces a saboteur to harm the company in another way. Security systems to protect confidential information are effective, but cannot protect against individuals intent on getting information. Although human error and technical failure cannot be eliminated, preventive measures can be taken. Adequate employee training can minimize human error while automatic backup of important information is the best safeguard against technical failure (How Much Computer Security, 1992, p. 12). Research shows that corporate losses due to poor computer security are more likely to result from error than from fraud. Further, more fraud losses are caused by employees than by outsiders. A proper corporate computer security program takes a team approach, with components including ongoing design, education and enforcement. It should begin with an examination of the kinds of information the company deals with, and should consider the level of protection appropriate to each during every phase of its life and regardless of is location or form. Separation of functions, access controls, audit trails, and regular backup are all essential to effective computer security. A well-documented, well-publicized security policy can help
  • 5. COMPUTER SECURITY 5 companies comply with new federal and state laws and prosecute violators more effectively (Thackeray, 1988b, p. 45) Data security across networks is also an important issue for network administrators. To secure intranetworks, some elements to include in a computer security policy are: (1) permission rules, (2) responsibilities, (3) unauthorized access to files and directories, (4) unauthorized use of software, (5) use of the network in for-profit activities, (6) use of electronic mail, (7) harassment, (8) waste, (9) abuse, (10) theft, (11) enforcement, (12) workplace monitoring, (13) network managers’ responsibilities and (14) the use of the network for non-company tasks (Alexander, 1995b, p. 59). Needed computer security procedures should be implemented after and based on results of a preliminary survey, assignment of security project responsibilities, risk analysis, analysis of defenses against security risks, selection of appropriate defenses, implementation of the security measures identified and periodic audit and improvement of the security program, security controls (i.e. detective measures, preventive measures and insurance coverage). The following procedures are recommended for application by all internet security professionals: 1. Permission – Use of computer facilities must be authorized by the owner of the information or by a senior manage. Prior permission to use another user’s computer account or user-ID from the owner of the account should be required. All computer or electronic files are considered private unless the owner has explicitly made them available to others. 2. Responsibilities – The user is owner of their data. It is their responsibility to ensure that it is adequately protected against unauthorized access. Keep passwords and accounts confidential; change passwords frequently. Do not leave terminals unattended without logging out first. Do not engage in any activity that is intended to circumvent computer
  • 6. COMPUTER SECURITY 6 security controls. Do not acce3ss the accounts of other with the intent to read, browse, modify, copy or delete files and directories without authorization. 3. Unauthorized Use of Software –Users should be prohibited from loading any software on any computer system (i.e. shareware o freeware software) without approval from the system administrator and your supervisor. Users should be expressly prohibited from using company computers to make illegal copies of licensed or copyrighted software. Copyrighted software must only be used in accordance with its license or purchase agreement. 4. Harassment – Company computer systems are not to be used to harass anyone. This includes the use of insulting, sexist, racist, obscene or suggestive electronic mail, tampering with others’ files invasive access to others’ equipment. Etc. 5. Destruction of Records – Instruct employees how to dispose of old manuals, floppy disks. Shredding and thoroughly erasing floppy disks, removing any information that could be used by an outsider to penetrate a company’s computer system. Recycle ink and toner cartridges. 6. Networks – Disallow use of the company-owned network (or other network accessible by company computers) for any activity other than company business. This includes surfing the Internet, online discussions in newsgroups and bulletin board services, attempting to access other computer systems without authorization, posting commercial messages, and transmitting viruses, worms, or other invasive software. 7. Enforcement – Investigate all alleged abuses of computer resources. Each employee must be responsible for their own actions. A company has the obligation to ensure that its computer resources are used properly and within the guidelines established by the company. The company should have access to all electronic files of its employees. Limiting the access of guilty employees is appropriate. Refer flagrant abuses to senior managers or law enforcement authorities. In extreme cases of flagrant abuse or disregard of computer security guidelines, may result in termination of employment 8. Workplace Monitoring – A company must reserve the right to monitor the computer system for signs of illegal or unauthorized activity. (Alexander, 1995b, p. 59) In conclusion, computer security professionals must be highly trained, continuously updating their education, and constantly vigilant in order to protect their company from intruders who would cause them harm. The computer security professional must have integrity and be trustworthy. The demands made on the individuals entrusted with the responsibility of computer security is making that person increasingly valuable as we become a global community and market place.
  • 7. COMPUTER SECURITY 7 References Alexander, M. (1995b). Make It a Policy to Protect Yourself. Datamation, 41 (22), 59. Retrieved May 19, 2008, from http://find.galegroup.com. Herdman, R. K., & Neary, R. D. (1987a). Planning Your Microcomputer Security Strategy. Financial Executive, 3 (4), 9. Retrieved May 19, 2008, from http://find.galegroup.com. How Much Computer Security. (1992). Across the board, 29 (2), 12. Retrieved May 19, 2008, from http://find.galegroup.com. Scientists on Cybersecurity. (2002a). Security Management, 46 (4), 38. Retrieved May 19, 2008, from http://gind.galegroup.com. Thackeray, G. (1988a). Computer Security: The Manace is From Inside. The Office, 108 (4), 45. Retrieved May 19, 2008, from http://find.galegroup.com.