Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.

Slides:



Advertisements
Similar presentations
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Advertisements

Northside I.S.D. Acceptable Use Policy
Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Policy 6460 Staff Use of Computerized Information Resources Regulation 6460 R-Staff Use of Computerized Information Resources Regulation 6460 R.2 Staff.
Appendix B: Designing Policies for Managing Networks.
Information Security Policies and Standards
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Security+ Guide to Network Security Fundamentals
Access to Electronic Media Acceptable Use Policy August 8, 2011 Meece Middle School.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.
Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Charlotte Greene EDTC 630 A document of set rules by the school district that explains what you can and cannot do with district owned information systems.
The Microsoft Baseline Security Analyzer A practical look….
CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor:
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.
Desktop computer security policies Applies to ALL computers connecting to the PathStone network irrespective of device ownership.
Appendix C: Designing an Operations Framework to Manage Security.
Note1 (Admi1) Overview of administering security.
Database Role Activity. DB Role and Privileges Worksheet.
KELLY Technology Department Proven EXPERIENCE of Yesterday Creative SOLUTIONS for Today Innovative VISION for Tomorrow Corporate Policy and Procedures.
Chapter 2 Securing Network Server and User Workstations.
Small Business Security Keith Slagle April 24, 2007.
Topic 5: Basic Security.
Module 11: Designing Security for Network Perimeters.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Module 2: Designing Network Security
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Module 7: Designing Security for Accounts and Services.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Kaspersky Small Office Security INTRODUCING New for 2014!
Implementing a Security Policy JISC – ICT Security Threats & Promises, April 2002 Mick Ismail ICT Services Manager City of Wolverhampton College.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Jeff Warnock COSC 352 Indiana University of Pennsylvania Spring 2010.
Information Systems Security
Information Security Policy
Enabling Secure Internet Access with TMG
Secure Software Confidentiality Integrity Data Security Authentication
Understanding HIPAA Dr. Jennifer Lu.
Answer the questions to reveal the blocks and guess the picture.
Year 10 ICT ECDL/ICDL IT Security.
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Malware, Phishing and Network Policies
Chapter 27: System Security
Information Security Session October 23, 2006
Lesson 16-Windows NT Security Issues
Information Security Awareness
Intrusion Detection system
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Steppa Cyber Security Training Tips Your Business Was Seeking For With Cyber Security Training!
General Data Protection Regulation Q & A Session
Chapter # 3 COMPUTER AND INTERNET CRIME
Designing IIS Security (IIS – Internet Information Service)
Anuj Dube Jimmy Lambert Michael McClendon
Personal Mobile Device Acceptable Use Policy Training Slideshow
Presentation transcript:

Appendix A: Designing an Acceptable Use Policy

Overview Analyzing Risks That Users Introduce Designing Security for Computer Use

Lesson 1: Analyzing Risks That Users Introduce What Is an Acceptable Use Policy Why An Acceptable Use Policy Is Important Common Vulnerabilities That Users Introduce

An acceptable use policy regulates how users may use a network. It determines: What Is an Acceptable Use Policy? User behavior Computers and applications usage Network resource usage User behavior Computers and applications usage Network resource usage Policy Users Computers Applications Network and Internet Resources

Why an Acceptable Use Policy Is Important External Attacker Internal Attacker AttackerThreatExample External User indiscretion An employee leaves her portable computer at home unattended and unlocked. Her child deletes critical files from the corporate network. Internal Unsupported application An employee installs an unauthorized application with known vulnerabilities on a computer that is connected to the corporate network. An attacker exploits the vulnerability to attack the network.

Common Vulnerabilities That Users Introduce AreaVulnerabilities Confidential information Public discussion of confidential data Weak passwords Computers and applications Theft or loss of computer Unsupported or unapproved applications Network Personal use of network Misuse of remote access accounts Internet access Personal use of the Internet Exposure of the network to malicious, offensive, or illegal content

Lesson 2: Designing Security for Computer Use Process for Designing an Acceptable Use Policy Guidelines for Acceptable Use for Users Guidelines for Acceptable Use of Computers and Applications How to Design Acceptable Use of a Network How to Design Acceptable Use of Internet Access Security Policy Checklist

When planning an audit policy, you must: Identify vulnerabilities to that users introduce. Determine how much access to grant users. Create clear and concise acceptable use policies. Gather feedback on proposed policies. Revise policies based on feedback and create detailed procedures before implementing the policies. Identify vulnerabilities to that users introduce. Determine how much access to grant users. Create clear and concise acceptable use policies. Gather feedback on proposed policies. Revise policies based on feedback and create detailed procedures before implementing the policies Process for Designing an Acceptable Use Policy 5 5

The following guidelines help create an acceptable use policy: Define how users share and discuss information. Educate users about how to create strong passwords. Limit the use of an account to one individual. Grant local administrator rights only when necessary. Prohibit users from sharing accounts and passwords. Define how users share and discuss information. Educate users about how to create strong passwords. Limit the use of an account to one individual. Grant local administrator rights only when necessary. Prohibit users from sharing accounts and passwords. Guidelines for Acceptable Use for Users

Guidelines for Acceptable Use of Computers and Applications ResourceDefine Computers Intended and prohibited use of workstations Authorized operating systems and necessary patches Baseline security measures for workstations Guidelines for physical security of workstations Data that can be stored on workstations Applications Required applications Optional applications Prohibited applications

For network resources, define: Computers that can access the network. Rules that determine user access to internal resources. Methods and restrictions to storing data. Use of remote access. Computers that can access the network. Rules that determine user access to internal resources. Methods and restrictions to storing data. Use of remote access. How to Design Acceptable Use of a Network

How to Design Acceptable Use of Internet Access Define policies for how users use Internet services, such as: Web browsing Instant messaging File sharing programs Web browsing Instant messaging File sharing programs

Security Policy Checklist Create policies and procedures for acceptable use of: Computers and applications. Access to the network. Internal network applications and resources. Internet applications and resources. Computers and applications. Access to the network. Internal network applications and resources. Internet applications and resources.