Question

You have been asked to audit your company security plan as it applies to acceptable employee use of the Internet and e-mail. Write a preliminary audit plan, including scope, objectives, and audit steps.

Answer 1

An internet usage policy provides employees with rules and guidelines about the appropriate use of company equipment, network and Internet access. Having such a policy in place helps to protect both the business and the employee; the employee will be aware that browsing certain sites or downloading files is prohibited and that the policy must be adhered to or there could be serious repercussions, thus leading to fewer security risks for the business as a result of employee negligence. The Internet Usage Policy is an important document that must be signed by all employees upon starting work. Below is a Sample Internet Usage Policy that covers the main points of contention dealing with Internet and computer usage. The policy can then be tailored to the requirements of the specific organization.

Internet usage policy

This Sample Internet Usage Policy applies to all employees of who have access to computers and the Internet to be used in the performance of their work. Use of the Internet by employees of is permitted and encouraged where such use supports the goals and objectives of the business. However, access to the Internet through is a privilege and all employees must adhere to the policies concerning Computer, Email and Internet usage. Violation of these policies could result in disciplinary and/or legal action leading up to and including termination of employment. Employees may also be held personally liable for damages caused by any violations of this policy. All employees are required to acknowledge receipt and confirm that they have understood and agree to abide by the rules hereunder.

Computer, email and internet usage

• Company employees are expected to use the Internet responsibly and productively. Internet access is limited to job-related activities only and personal use is not permitted
• 
  
• Job-related activities include research and educational tasks that may be found via the Internet that would help in an employee's role
• 
  
• All Internet data that is composed, transmitted and/or received by computer systems is considered to belong to and is recognized as part of its official data. It is therefore subject to disclosure for legal reasons or to other appropriate third parties
• 
  
• The equipment, services and technology used to access the Internet are the property of and the company reserves the right to monitor Internet traffic and monitor and access data that is composed, sent or received through its online connections
• 
  
• Emails sent via the company email system should not contain content that is deemed to be offensive. This includes, though is not restricted to, the use of vulgar or harassing language/images
• 
  
• All sites and downloads may be monitored and/or blocked by if they are deemed to be harmful and/or not productive to business
• 
  
• The installation of software such as instant messaging technology is strictly prohibited
• 
  
• 
  

Unacceptable use of the internet by employees includes, but is not limited to:

• Sending or posting discriminatory, harassing, or threatening messages or images on the Internet or via email service
• 
  
• Using computers to perpetrate any form of fraud, and/or software, film or music piracy
• 
  
• Stealing, using, or disclosing someone else's password without authorization
• 
  
• Downloading, copying or pirating software and electronic files that are copyrighted or without authorization
• 
  
• Sharing confidential material, trade secrets, or proprietary information outside of the organizatio
• 
  
• Hacking into unauthorized websites
• 
  
• Sending or posting information that is defamatory to the company, its products/services, colleagues and/or customers
• 
  
• Introducing malicious software onto the company network and/or jeopardizing the security of the organization's electronic communications systems
• 
  
• Sending or posting chain letters, solicitations, or advertisements not related to business purposes or activities
• 
  
• Passing off personal views as representing those of the organization
• 
  
• 
  

If an employee is unsure about what constituted acceptable Internet usage, then he/she should ask his/her supervisor for further guidance and clarification

All terms and conditions as stated in this document are applicable to all users of network and Internet connection. All terms and conditions as stated in this document reflect an agreement of all parties and should be governed and interpreted in accordance with the policies and procedures mentioned above. Any user violating these policies is subject to disciplinary actions deemed appropriate by .

User compliance

I understand and will abide by this Sample Internet Usage Policy. I further understand that should I commit any violation of this policy, my access privileges may be revoked, disciplinary action and/or appropriate legal action may be taken.

_________________             ______________
Employee signature                Date

The regulations mentioned in this sample internet usage policy are covered by GFI WebMonitor and any breaches of the policy can be addressed by the network administrator, who is given control to oversee what downloads and site browsing is occurring on the network and the Internet within the workplace, through a user-friendly interface.

Moreover, administrators have the ability to block sites and control downloads in real-time with GFI WebMonitor's categorization and filtering ability that covers over 165 million websites, making it the ideal companion to an effective Internet Usage Policy.