module4 policies&procedures-b

© 2010 – Foreground Security. All rights reserved

Module 4Basic Security Procedures

Module4


IT Policies

Policies provide a common basis for:

–Understanding what “right” looks like

•Equipment

•Programs

•Settings

–Understanding what actions are expected/acceptable

•People have to “know the rules in order to follow them”

•Breaking the rules should have clear consequences

–Understanding who is responsible /allowed to do what:

•“Who ya’ gonna call?”

•“Should the FedEx guy be trying to log-on to the network?”


Your Account Is Only As Secure As It’s Password

• Don't let others watch you log in.

• At home, change your password often.

• Be sure all accounts have passwords at home.

• Don’t write your password on a post-it note or anywhere else (back of badge!).

• Don’t attach it to your video monitor or under the keyboard (Or anywhere else you can think of).


Pick a sentence that reminds you ofthe password. For example:

If my car makes it through 2 years, I'll be lucky (imcmit2y,Ibl) Four score and seven years ago (4S&7ya) Just what I need, another dumb thing to remember! (Jw1n,adttr!)Use Special characters that make it difficult to crack but easy to remember (!=I @=a $=s 0=o or use the space bar)


Password = P@ssw0rd Friendship = Fr13nd+sh1p Lifelong = L!f3l0ng Teddybear = T3ddy^BaRe

Compound Words

Used every day and are easy to remember.Spice them up with numbers and special

characters. Misspell one or both of the words and you'll

get a great password.

Password Construction


Be careful about typing your password into a strange computer.– Anti-virus protection enabled?– Owner trustworthy? Keyboard logger running

to record your keystrokes? – Who was the last person to use that computer?– Do not use the automatic logon feature in

Microsoft.


Passwords


Strong Passwords


IT Policies

Company is developing organization wide policies for Technology Usage. These include:

–Management Access to all information

•Installed to support and conduct business operations

•No expectation of privacy

–Appropriate Use

•Business purposes

•Copyrighted/licensed material in accordance with terms


IT Policies

–Unacceptable Use

•Any illegal activities (including copyright violations)

•Any political or religious lobbying

•Any material that is indecent, objectionable, harassing, etc.

–Privilege of Use

•Not a right, must agree to “Terms of Use”

•Can be withdrawn if misused

–Ownership of information

•Company retains all rights to its information

•Licenses are organizational property.


IT Policies

–Confidential and Sensitive Information

•All employees have responsibility to safeguard information

•Follow security policies

•Participate in periodic security training

–Use by Non-Employees

•Only with explicit permission

•Only in accordance with terms of contract and NDA


IT Policies

–Company Websites

•Considered part of organization’s information

•Only open to Company official business and Company-sponsored events/activities

–Company Wireless Devices (Phones/PDAs)

•Provided to facilitate business operations

•Not a replacement for personal landline

•Users must adhere to all local laws and regulations and are responsible for own actions (especially re: driving!)

•Usage monitored and excessive personal use may result in loss of device or other sanctions


Cell Phone/Bluetooth Security Demonstrations

module4 policies&procedures-b

Documents

policies policies

terms of use

policies unacceptable

privilege of use

policies company websites

policies confidential

great password

password construction