The question should always be asked Should this person have access to XYZ and

The question should always be asked should this

This preview shows page 10 - 13 out of 13 pages.

The question should always be asked “Should this person have access to XYZ?” and if 10
Image of page 10
the answer is no then access is prevented. The goal of access control policies is to prevent data from being leaked to an unauthorized individual inside or outside the business. Workstations will be secured by utilizing timeout features that return the station to a screen saver and/or idle screen. The idle screen in question will require the user to input their password to log back in as a result of the inactivity. In addition to this should remote access be required the user must utilize a VPN along with multi-factor authentication. Physical access must be secured for any devices on site such as ID access to secure areas during and outside of business hours. Given the current size of the business enhanced security should suffice to protect assets such as ID access, electronic locks, and video cameras. If anyone that is not an employee wants to gain access to privileged areas it will require written approval from management and be logged prior to the visit. These policies will help ensure only the right individuals have access to the right devices protecting the network and data stored within. User Policies Basic user policies will be put into place for passwords, email, software installation, messaging, and workstation configuration. Passwords should never be written down under any circumstances and should be kept to a minimum complexity standard. Internet use is also important so anything inappropriate will not be accepted for browsing. This includes any illegal activity, business for another job, searching for a new job, shopping or any personal business while on the clock, and finally anything pornographic. Email attachments should also never be opened from an unknown 11
Image of page 11
receiver or co-worker unless the email is digitally signed. Software installation or removal must be approved by the IT department. If for any reason a user requires additional software a request can be submitted and at that point it will be determined if it is required to do their job or will make the job more efficient. Desktop configuration should also be done by the IT department. This includes changing screensavers, backgrounds, and downloading images from the internet. If for any reason these policies are broken the initial incident will result in a verbal warning or possibly more severe based on the incident. Additional incidents will lead to written warnings or a possible termination of employment. 12
Image of page 12
References 1. Anti-Virus Policy. (n.d.). Retrieved from 2. Beaver, K. (n.d.). Check IT List: How to prevent spyware. Retrieved from - spyware 3. Adware. (n.d.). Retrieved from 13
Image of page 13

You've reached the end of your free preview.

Want to read all 13 pages?

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes