Presentation is loading. Please wait.

Presentation is loading. Please wait.

Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.

Similar presentations


Presentation on theme: "Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use."— Presentation transcript:

1 Appendix A: Designing an Acceptable Use Policy

2 Overview Analyzing Risks That Users Introduce Designing Security for Computer Use

3 Lesson 1: Analyzing Risks That Users Introduce What Is an Acceptable Use Policy Why An Acceptable Use Policy Is Important Common Vulnerabilities That Users Introduce

4 An acceptable use policy regulates how users may use a network. It determines: What Is an Acceptable Use Policy? User behavior Computers and applications usage Network resource usage User behavior Computers and applications usage Network resource usage Policy Users Computers Applications Network and Internet Resources

5 Why an Acceptable Use Policy Is Important External Attacker Internal Attacker AttackerThreatExample External User indiscretion An employee leaves her portable computer at home unattended and unlocked. Her child deletes critical files from the corporate network. Internal Unsupported application An employee installs an unauthorized application with known vulnerabilities on a computer that is connected to the corporate network. An attacker exploits the vulnerability to attack the network.

6 Common Vulnerabilities That Users Introduce AreaVulnerabilities Confidential information Public discussion of confidential data Weak passwords Computers and applications Theft or loss of computer Unsupported or unapproved applications Network Personal use of network Misuse of remote access accounts Internet access Personal use of the Internet Exposure of the network to malicious, offensive, or illegal content

7 Lesson 2: Designing Security for Computer Use Process for Designing an Acceptable Use Policy Guidelines for Acceptable Use for Users Guidelines for Acceptable Use of Computers and Applications How to Design Acceptable Use of a Network How to Design Acceptable Use of Internet Access Security Policy Checklist

8 When planning an audit policy, you must: Identify vulnerabilities to that users introduce. Determine how much access to grant users. Create clear and concise acceptable use policies. Gather feedback on proposed policies. Revise policies based on feedback and create detailed procedures before implementing the policies. Identify vulnerabilities to that users introduce. Determine how much access to grant users. Create clear and concise acceptable use policies. Gather feedback on proposed policies. Revise policies based on feedback and create detailed procedures before implementing the policies. 1 1 3 3 4 4 2 2 Process for Designing an Acceptable Use Policy 5 5

9 The following guidelines help create an acceptable use policy: Define how users share and discuss information. Educate users about how to create strong passwords. Limit the use of an account to one individual. Grant local administrator rights only when necessary. Prohibit users from sharing accounts and passwords. Define how users share and discuss information. Educate users about how to create strong passwords. Limit the use of an account to one individual. Grant local administrator rights only when necessary. Prohibit users from sharing accounts and passwords. Guidelines for Acceptable Use for Users

10 Guidelines for Acceptable Use of Computers and Applications ResourceDefine Computers Intended and prohibited use of workstations Authorized operating systems and necessary patches Baseline security measures for workstations Guidelines for physical security of workstations Data that can be stored on workstations Applications Required applications Optional applications Prohibited applications

11 For network resources, define: Computers that can access the network. Rules that determine user access to internal resources. Methods and restrictions to storing data. Use of remote access. Computers that can access the network. Rules that determine user access to internal resources. Methods and restrictions to storing data. Use of remote access. How to Design Acceptable Use of a Network

12 How to Design Acceptable Use of Internet Access Define policies for how users use Internet services, such as: Web browsing E-mail Instant messaging File sharing programs Web browsing E-mail Instant messaging File sharing programs

13 Security Policy Checklist Create policies and procedures for acceptable use of: Computers and applications. Access to the network. Internal network applications and resources. Internet applications and resources. Computers and applications. Access to the network. Internal network applications and resources. Internet applications and resources.


Download ppt "Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use."

Similar presentations


Ads by Google