Question

You are the Information Security Officer of Mahtmarg Manufacturing a small manufacturing company worth approximately $5 Million who provides fiber cable to local businesses, individual customers and to government organizations. In the course of the next eight weeks you will be creating your Information Security Plan (Issue-Specific Security Policy in Table 4-3 of the textbook) step by step using this scenario..

Your Task


Step 2: Develop the Authorized Uses section of your ISP

In this week’s Lab you will develop the Authorized Use section of your ISP to include:

Who can use the technology?

Define fair and responsible use.

Explain how the company will protect personal as well as proprietary information.

Include access to company systems from ‘outside connections’ (e.g. – public hotspot)

Answer 1

ANSWER:

Authorized Uses section of your ISP

All employees including the third party contractors, vendors and users with guest access to the network should comply with this Policy.

Access

A user may not attempt an unauthorized access to interfere with the normal functioning or operation or security of the network, system, computing facility, equipment, data or information. A user may not use the service to engage in any activities that may interfere with the ability of other users to access the services on the network.

User will be solely responsible to educate them with the banner mails sent time to time regarding securing your system and network and adhere their system with all the basic securities measures required to be taken.

No user should intentionally or negligently inject malicious data from the internet or other sources in form of incorrect routing or DNS information.

Users agree to use Mahtmarg Manufacturing and service for lawful purposes only. Users will be solely responsible in case of violation of any applicable law or regulation.

Usage Policy & Protecting Information

Transmission, distribution or storage of any material not limited to copyright, trademark, trade secret or other intellectual property right used without proper authorization is prohibited.

Subscribing to mailing list without permission of the email owner is prohibited.

Advertising, transmitting or providing any software or program which violates the Acceptable Usage Policy of any the Mahtmarg Manufacturing or any other service provider is prohibited.

Being involved in activities causing denial of service will result in legal implications

Operating on someone else’s behalf and using his/her credentials will stand the violation of the Policy

Computers and other equipment’s used to access the facilities inside the company should not be left unattended, should always be locked or logged off in not currently used.

Each individual should take care to ensure physical security; no outside equipment’s should be carried inside the company.

Any irresponsible handling of company’s asset or any use which brings disrepute to company is unacceptable.

Any suspectable access or breach should be immediately reported, only licensed software’s should be used and no breach of software licensing agreement is acceptable.

Great care needs to be taken while disposing information, confidential paper waste must be disposed of in accordance with formal company procedures and any electronic information must be securely erased or otherwise rendered inaccessible prior to leaving.

If not sure about the authenticity and validity of request, no request should be acted upon by emails or any other means.