Instructions

Complete the Security Policy.

1. Add at least one additional policy to each section (General and Security and Proprietary Data Policies)
2. Add at least one additional bullet item under both Unacceptable Use and List of Approved Company Issued USB Devices.
3. Elaborate on Bluetooth, Cellphone and Wifi Policy under the Security and Proprietary Data Policies section.
4. How would you enforce these policies?

Security Policies

General Policies

• Proprietary information stored on company owned or leased assets remains the sole property of the company. This includes information produced by employees or third parties.
• All activity on company owned or leased assets is subject to monitoring, including logs, emails, and instant message conversations.
• USB devices permitted to connect to company owned or leased assets shall be approved by the Security department. USB audio output devices are limited to approved headphones.
• A company owned or leased asset will not be used to process information that may be found to be offensive, or illegal.

Security and Proprietary Data Policies

• Company owned or leased assets must have the most current versions of approved software installed.
• User password must be changed every 60 days.
• User sessions will automatically timeout after 3 minutes of in-activity. Company owned or leased assets that require authentication will screen lock after 60 seconds of inactivity.
• Employees of the company shall submit to usage of two-factor authentication.
• Permission to visit blocked web sites may be obtained with legitimate business need, and after thorough security vetting.
• Bluetooth policy.
• Cellphone policy.
• Wifi policy.

Unacceptable Use

• Using company owned or leased assets for access personal social media, peer to peer file sharing, online shopping, file-sharing (such as dropbox), personal email or computer entertainment is prohibited. Using said assets in a willfully destructive or illegal manner is strictly prohibited.
• Unapproved or unauthorized USB devices are not permitted to be connected to company owned or leased assets.
• USB Headphones are not permitted, use only headphones with a standard audio connector (3.5 mm).

List of Approved Company Issued USB Devices

• Mouse
• Keyboard
• Monitor