Rules of Behavior

Anonymous
timer Asked: Apr 23rd, 2017

Question description

3-2 Assignment: Rules of Behavior

The CISO reaches out to you again and complains about the interns who appear to be violating many security policies. They do not lock their workstations, download illegal music, connect their personal devices to the organization’s computers, spend too much time on social media, and even download pornography to the organization’s computers. The CISO asks you to address these violations by developing a security document (Rules of Behavior) stating at least 15 rules about what activities employees are not allowed to conduct on the network.

See the Department of Justice Rules of Behavior template as a sample. Additionally, write three supplementary paragraphs to discuss what types of training should occur in order to keep these violations from occurring in the future. How can you proactively strive for compliance with these behaviors?

(If link does not work - download file: Sample_Rules_of_Behavior-Computer_Use.pdf


For additional details, please refer to the Module Three Assignment Rubric document in the Assignment Guidelines and Rubrics section of the course.

SAMPLE RULES OF BEHAVIOR GOVERNING COMPUTER USE Trustees must have rules governing the use of the trustee’s computer system by the trustee’s employees. These rules should explain the employee’s responsibilities as a user and the penalties for noncompliance. The section on user responsibilities should at a minimum include the following: General: 1. Use trustee information systems for lawful, official use and authorized purposes in accordance with current guidelines. 2. Do not generate or send offensive or inappropriate e-mail messages, images, or sound files. Limit distribution of email to only those who need to receive it. 3. Do not open emails from suspicious sources and do not visit untrusted web sites. 4. Protect and safeguard all trustee information, including personally identifiable information (PII), per the sensitivity and value of the data at risk, from unauthorized access, unauthorized or inadvertent modification, disclosure, destruction, denial of service, improper sanitization or use, in accordance with applicable policy, practices, and procedures. 5. Report known or suspected security incidents (including loss of PII) upon discovery of the incident to the trustee. 6. Encrypt all trustee data on transportable/mobile computers (including laptops) and removable media which contains sensitive information. 7. Use only authorized media storage devices. Download files only from known and reliable sources and use virus-checking procedures prior to use. 8. Screen-lock or log off your computer when leaving the work area and log off when departing for the day. Passwords: 9. Change passwords at least every 90 days or more often if compromised or if directed by your supervisor; choose a password at least 8 characters in length; and use at least 3 of the following 4 characters: upper case letters, lower case letters, numbers, and/or special characters. 10. Do not share passwords with anyone. Hardware: 11. Do not add, modify, or remove hardware accessories or networks to a computer. Page 1 of 2 Software: 12. Comply with terms of software licenses and only use licensed and authorized software. 13. Do not install any software. 14. Do not change any configurations and/or settings of the operating system and securityrelated software without advance approval. 15. Do not attempt to access any electronic audit trails that may exist on the computer unless specifically authorized to do so. I acknowledge receipt of these Rules of Behavior and understand my responsibilities as identified above. This includes my responsibility to ensure protection of PII that I may handle. ______________________________________ Signature ______________________ Date _____________________________________ Printed Name Page 2 of 2
SAMPLE RULES OF BEHAVIOR GOVERNING COMPUTER USE Trustees must have rules governing the use of the trustee’s computer system by the trustee’s employees. These rules should explain the employee’s responsibilities as a user and the penalties for noncompliance. The section on user responsibilities should at a minimum include the following: General: 1. Use trustee information systems for lawful, official use and authorized purposes in accordance with current guidelines. 2. Do not generate or send offensive or inappropriate e-mail messages, images, or sound files. Limit distribution of email to only those who need to receive it. 3. Do not open emails from suspicious sources and do not visit untrusted web sites. 4. Protect and safeguard all trustee information, including personally identifiable information (PII), per the sensitivity and value of the data at risk, from unauthorized access, unauthorized or inadvertent modification, disclosure, destruction, denial of service, improper sanitization or use, in accordance with applicable policy, practices, and procedures. 5. Report known or suspected security incidents (including loss of PII) upon discovery of the incident to the trustee. 6. Encrypt all trustee data on transportable/mobile computers (including laptops) and removable media which contains sensitive information. 7. Use only authorized media storage devices. Download files only from known and reliable sources and use virus-checking procedures prior to use. 8. Screen-lock or log off your computer when leaving the work area and log off when departing for the day. Passwords: 9. Change passwords at least every 90 days or more often if compromised or if directed by your supervisor; choose a password at least 8 characters in length; and use at least 3 of the following 4 characters: upper case letters, lower case letters, numbers, and/or special characters. 10. Do not share passwords with anyone. Hardware: 11. Do not add, modify, or remove hardware accessories or networks to a computer. Software: 12. Comply with terms of software licenses and only use licensed and authorized software. 13. Do not install any software. 14. Do not change any configurations and/or settings of the operating system and security- related software without advance approval. 15. Do not attempt to access any electronic audit trails that may exist on the computer unless specifically authorized to do so. I acknowledge receipt of these Rules of Behavior and understand my responsibilities as identified above. This includes my responsibility to ensure protection of PII that I may handle. ______________________________________ Signature _____________________________________ Printed Name ______________________ Date

Tutor Answer

(Top Tutor) Studypool Tutor
School: Carnegie Mellon University
Studypool has helped 1,244,100 students
flag Report DMCA
Similar Questions
Hot Questions
Related Tags
Study Guides

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors