Download pptx - PACE-IT: Security Policies and Other Documents

Security policies and other documents.

Page 2

Instructor, PACE-IT Program – Edmonds Community College

Areas of expertise Industry Certifications

PC Hardware

Network Administration

IT Project Management

Network Design

User Training

IT Troubleshooting

Qualifications Summary

Education

M.B.A., IT Management, Western Governor’s University

B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions.

Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.

Page 3

Security policies and other documents.PACE-IT.

– Security policies.

– Other documents.

Page 4

Security policies.Security policies and other documents.

Page 5

Policies are a set of guidelines, established by management, that are used to set the expected behavior in the workplace.

Procedures are different than policies, in that a procedure is the set of steps required to be taken in a given situation.

Policies and procedures work hand in hand to create a safe and secure work environment in which employees know the guidelines and what is expected of them.

Policies and procedures should be given to every person on the day they start, and periodic training should be conducted to ensure that they remain fresh in everyone’s mind.


Page 6


– Consent to monitoring.» A policy that establishes the employer’s right to

monitor the employee’s actions and communications. This can include:

• Monitoring emails—if they traverse company equipment in any way, then the emails are not considered private but are actually company assets.

• Monitoring or recording of phone conversations.• Monitoring activities on computers, drives, and

phones.• In highly secure work environments, it may also

include the video monitoring and recording of normal work activities.

– Clean desk policy.» A policy that is concerned about the handling of

sensitive data.• It should not be left unattended in a workplace and

should be put away when not in use.• Also includes the computer desktop; sensitive data

should not be left easily accessible on the PC.

Page 7


– Recording policy.» A policy that restricts the use of cameras, tape

recorders, portable storage devices, or any other device that may be used to record or copy sensitive workplace information.

– Equipment access policy.» A security policy that establishes who has access to

which equipment and when. Could include access to:• Server rooms.• Wiring closets.• Network racks.

– Handling of user or customer information.

» A policy establishes how to secure sensitive employee and customer information.

• User and customer information is a major target of hackers when they breach computing systems. The loss of control of this data can severely damage a company.

Page 8

Any policy that is used to help secure the workplace or company data is, by default, a security policy.

Approximately 80 percent of all network and data breaches occur from within the companies that are attempting to secure the data. Sometimes, they occur by mistake; however, all too often, they are intentional.

All policies should have an enforcement aspect to them that details what employees should expect to happen if they violate the policy. The range of actions can be from retraining to termination and prosecution.


Page 9

Other documents.Security policies and other documents.

Page 10


– AUP (acceptable use policy). » A set of rules and guidelines established by the creator,

owner, or administrator of information systems that detail what users may or may not do with that information system.

• It is considered to be a part of the security policy.• It should be fairly detailed in what is allowed or not

allowed to occur.• All users should be required to sign the policy and

these records should be kept on file.

– Network policies.» A broad range of policies that establish the guidelines

for the network. They include policies that control the use and operation of the network, as well as policies on how to implement changes to it.

• Many security policies may fall under the general network policies category.

Page 11


– Standard business documents.» Memorandum of understanding (MOU): an

agreement between two or more organizations that details how those organizations are to undertake some common course of action.

• Often used before a legally binding agreement has been created.

• Sometimes it is called a letter of intent (LOI).» Statement of work (SOW): a detailed document that

specifies what work is to be performed, the expected outcome or deliverables, and the timelines to perform the work.

• Plays an important role in project management documentation.

» Master license agreement (MLA): a legal agreement between two entities in which one agrees to pay the other for the use of a specific piece of software (or software package) for a specified period of time.

» Service level agreement (SLA): an agreement that details the allowable amount of response time the vendor has to resolve an issue or problem.

• Most commonly is associated with a service contract.

Page 12

What was covered.Security policies and other documents.

Policies are guidelines used to establish the expected behavior in the workplace. Security policies can cover such things as: consent to monitoring, clean desk, recording, access to equipment, and the handling of user or customer information. All policies should establish what the results of disregarding the policy will entail.

Topic

Security policies.

Summary

An AUP establishes what users may or may not do with an information system and is considered to be part of security policies. Network policies encompass a broad range of policies that establish the guidelines for the network. Many security policies fall into the network policy category. Some standard business documents include: the MOU, the SOW, the MLA, and the SLA.

Other documents.

Page 13

THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.

PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.