Security policies and other documents

Security policies
and other
documents.

Instructor, PACE-IT Program – Edmonds Community College
Areas of expertise Industry Certifications
 PC Hardware
 Network Administration
 IT Project Management
 Network Design
 User Training
 IT Troubleshooting
Qualifications Summary
Education
 M.B.A., IT Management, Western Governor’s University
 B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.

PACE-IT.
– Security policies.
– Other documents.

Security policies and other documents.

Policies are a set of
guidelines, established by
management, that are used
to set the expected behavior
in the workplace.
Procedures are different than policies, in that a procedure
is the set of steps required to be taken in a given situation.
Policies and procedures work hand in hand to create a
safe and secure work environment in which employees
know the guidelines and what is expected of them.
Policies and procedures should be given to every person
on the day they start, and periodic training should be
conducted to ensure that they remain fresh in everyone’s
mind.

– Consent to monitoring.
» A policy that establishes the employer’s right to monitor the
employee’s actions and communications. This can include:
• Monitoring emails—if they traverse company equipment in
any way, then the emails are not considered private but are
actually company assets.
• Monitoring or recording of phone conversations.
• Monitoring activities on computers, drives, and phones.
• In highly secure work environments, it may also include the
video monitoring and recording of normal work activities.
– Clean desk policy.
» A policy that is concerned about the handling of sensitive data.
• It should not be left unattended in a workplace and should be
put away when not in use.
• Also includes the computer desktop; sensitive data should not
be left easily accessible on the PC.

– Recording policy.
» A policy that restricts the use of cameras, tape recorders,
portable storage devices, or any other device that may be used
to record or copy sensitive workplace information.
– Equipment access policy.
» A security policy that establishes who has access to which
equipment and when. Could include access to:
• Server rooms.
• Wiring closets.
• Network racks.
– Handling of user or customer information.
» A policy establishes how to secure sensitive employee and
customer information.
• User and customer information is a major target of hackers
when they breach computing systems. The loss of control of
this data can severely damage a company.

Any policy that is used to
help secure the workplace or
company data is, by default,
a security policy.
Approximately 80 percent of all network and data
breaches occur from within the companies that are
attempting to secure the data. Sometimes, they
occur by mistake; however, all too often, they are
intentional.
All policies should have an enforcement aspect to
them that details what employees should expect to
happen if they violate the policy. The range of
actions can be from retraining to termination and
prosecution.

– AUP (acceptable use policy).
» A set of rules and guidelines established by the creator, owner,
or administrator of information systems that detail what users
may or may not do with that information system.
• It is considered to be a part of the security policy.
• It should be fairly detailed in what is allowed or not allowed to
occur.
• All users should be required to sign the policy and these
records should be kept on file.
– Network policies.
» A broad range of policies that establish the guidelines for the
network. They include policies that control the use and
operation of the network, as well as policies on how to
implement changes to it.
• Many security policies may fall under the general network
policies category.

– Standard business documents.
» Memorandum of understanding (MOU): an agreement
between two or more organizations that details how those
organizations are to undertake some common course of action.
• Often used before a legally binding agreement has been
created.
• Sometimes it is called a letter of intent (LOI).
» Statement of work (SOW): a detailed document that specifies
what work is to be performed, the expected outcome or
deliverables, and the timelines to perform the work.
• Plays an important role in project management
documentation.
» Master license agreement (MLA): a legal agreement between
two entities in which one agrees to pay the other for the use of
a specific piece of software (or software package) for a
specified period of time.
» Service level agreement (SLA): an agreement that details the
allowable amount of response time the vendor has to resolve
an issue or problem.
• Most commonly is associated with a service contract.

Policies are guidelines used to establish the expected behavior in the
workplace. Security policies can cover such things as: consent to
monitoring, clean desk, recording, access to equipment, and the handling of
user or customer information. All policies should establish what the results
of disregarding the policy will entail.
Topic
Security policies.
Summary
An AUP establishes what users may or may not do with an information
system and is considered to be part of security policies. Network policies
encompass a broad range of policies that establish the guidelines for the
network. Many security policies fall into the network policy category. Some
standard business documents include: the MOU, the SOW, the MLA, and
the SLA.
Other documents.

This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.

Security policies and other documents

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Security policies and other documents

Similar to Security policies and other documents (20)

More from Pace IT at Edmonds Community College

More from Pace IT at Edmonds Community College (20)

Recently uploaded

Recently uploaded (20)

Security policies and other documents