Security Audit Policy

Only available on StudyMode
  • Download(s) : 64
  • Published : April 23, 2013
Open Document
Text Preview
Computer and Internet-Usage Policy for BPIK, LLC
Computer Investigations and Forensics

Overview
The computer, network and information resources at BPIS, LLC are provided as a means to increase productivity to support the mission of the BPIS, LLC's employees. Usage of computing and networking components by employees of BPIS, LLC should at all times be business related and reflect good judgment in the utilization of shared resources and take heed to the ethical and legal guidelines of society. This document details BPIS, LLC'c acceptable usage of all computing and network resources.

The internet is a ever expanding worldwide network of computers and servers containing millions of pages of information. Users are cautioned that many of these pages include offensive, sexually explicit, and inappropriate material. It is understandable that sometimes it is difficult to avoid contact with said material while using the internet. Often times an innocent web search may lead to web pages with offensive material. Also, the usage of email on the internet may lead to the receipt of unwarranted mail with offensive and/or malicious content.

This document details the employees (hereinafter referred to as “user” or “users”) privileges and responsibility as well as the guidelines and procedures for the responsible use of BPIS, LLC computer system and networks. It was designed to allow for the proper usage and management of these systems, protect company assets, ensure reasonable access, and provide guidelines for accountability. This policy applies not only to BPIS, LLC computers and network, but also to computers and/or devices attached to BPIS, LLC's network in any way.

Definitions
In order to avoid ambiguous language, the following are definitions applied to terms used through this documentation.

A. User – Any employee of BPIS, LLC be it temporary or full time who uses the company's computer or network facilities

B. Authorized User – Anyone who Any one who has been authorized to access the various levels of company resources, computers and network equipment for reasons consistent with the mission of the company and consistent with this policy.

Company Computer Resources – Any computing, network, hardware, or software system purchased and owned by the company

D. Company Network – The network of the company consisting of the physical components such as cables, switches, telecommunications equipment, wireless hubs, Virtual Private Network (VPN), Wireless Access Points (WAP), as well as broadband connections. The company network also includes intangible components such as IP address, directory services, routing, and connectivity to computing resources.

E. Company Network Connection – Any computer or device using an Internet address assigned to the company or that is connected to a physical or wireless access point is considered to be connected to the company network.

F. System Owner – The system owner is the person with the authority to designate or use special access account privileges.

G. System or Network Administrator – The person or persons charged with maintaining the authentication used by the system or network, controlling authorized and unauthorized use, and maintaining system and network integrity and audits.

Internet Usage Overview
The following is an overview of prohibited activities on company computing and networking assets

•E-mail and file transfers are to be for business use only by authorized users

•Use of another users account or access to their personal files without their consent is strictly prohibited.

•Confidential information is not to be transmitted over the Internet without proper encryption.

•All downloaded files or applications are to be scanned for viruses before being saved on the firm's network.

•All downloaded applications must be approved by the firm's IT administrator or company owner before being installed on the network....
tracking img