DOCSLIB.ORG

Corporate Users

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Corporate Users East Ayrshire Council Information Technology Services ACCEPTABLE USE POLICY GOVERNING THE USE OF COMMUNICATION SYSTEMS ALL NETWORK USERS All Council employees including Teachers, Elected Members and Community Representatives All Network Users v1.1.7 Page 1 of 22 East Ayrshire Council Information Technology Services ACCEPTABLE USE POLICY GOVERNING THE USE OF COMMUNICATION SYSTEMS Title Page Number 1 - Contents Page 2 2 - Document Control 3 2.1 - Version History 3 3 - Introduction 3 3.1 - Overview 3 4 - Acceptable Use Policy 4 4.1 - General Policy 4 4.2 - Internet Usage 5 4.3 - Email Usage 6 4.4 - Telephone Usage 7 4.5 - Word Processing And Other Software 8 5 - Privacy & Monitoring 9 5.1 - Overview 9 5.2 - Internet Monitoring 10 5.3 - Email Monitoring 11 5.4 - Telephone Monitoring 12 6 – Responses To Breaches Of Policy 13 6.1 - Overview 13 7 - Housekeeping 14 7.1 - Recommendations 14 7.2 - Password Selection 15 7.3 - Trojans, Virii & Spyware 15 7.4 - Security & Asset Security 16 7.5 - HP iPaq Security 17 7.6 - USB Flash Drives 17 Appendix I : Internet Content Filter Categories 19 Appendix II : Email Content Filter Categories 20 Appendix III : Telephony Charges 21 Appendix IV : Acceptance & Declaration 22 All Network Users v1.1.7 Page 2 of 22 East Ayrshire Council Information Technology Services ACCEPTABLE USE POLICY GOVERNING THE USE OF COMMUNICATION SYSTEMS 2 Document Control 2.1 Version History Author Date Version Approved By Date Approved Ian Aston 27/06/07 1.1.7 Malcolm Roulston 30/06/07 3 Introduction 3.1 Overview The internet, email and telephony are essential tools, however, their use can expose the Council to technical, commercial and legal risks if they are not used sensibly. The aim of this policy is to: Provide guidance on use of the internet, email and telephony at work to minimise East Ayrshire Council‟s exposure to these risks Explain what users can and cannot do Provide information on all monitoring systems in use Explain the consequences for users and East Ayrshire Council if users fail to follow the rules set out in this policy Provide basic housekeeping guidelines and recommendations This document has been created in order to protect East Ayrshire Council, and all users, from the following risks relating to its network resources: User Productivity East Ayrshire Council allows personal use of its network resources. This activity is restricted to meal breaks, periods before or after the normal working day and teachers‟ non-class contact time. Users must follow the same restrictions with regards to „appropriate use‟ as and when they are using network resources for business or educational reasons Enhance Network Bandwidth All Network Users v1.1.7 Page 3 of 22 East Ayrshire Council Information Technology Services ACCEPTABLE USE POLICY GOVERNING THE USE OF COMMUNICATION SYSTEMS Non-productive sites and emails consume a significant amount of bandwidth. When users download large graphics, audio clips, movie clips or other non-work related information, it puts a drain on the Council‟s limited bandwidth which is an expensive resource. Eventually this causes a slowdown in network performance which impacts other users attempting to complete work related tasks via the internet Reduce Legal Liability This Acceptable Use Policy must be followed to protect the Council and all users from legal liability relating to internet, email and telephony use Reduce Reputational Risk This Acceptable Use Policy must be followed to protect the Council‟s reputation. Your use of the internet, email and telephony should not have a negative impact on the Council in any way It is important that all users read this policy very carefully. Breaches of this policy will be taken very seriously. If there is anything in this policy that users do not understand it is up to them to contact their line manager / supervisor / head teacher for an explanation. 4 Acceptable Use Policy 4.1 General Acceptable Use Policy The provision by the Council of ICT facilities such as the internet, email and telephony is specifically for its business and educational purposes. As indicated by this policy the Council recognises the importance of supporting a balance between work and personal life and so responsible personal use of ICT facilities is acceptable. Any such use must remain consistent with this policy at all times. Inappropriate or malicious use of East Ayrshire Council‟s resources include: All Network Users v1.1.7 Page 4 of 22 East Ayrshire Council Information Technology Services ACCEPTABLE USE POLICY GOVERNING THE USE OF COMMUNICATION SYSTEMS Inappropriate use or sharing of East Ayrshire Council IT privileges or resources (such as logon account information, access to PC, access to printer etc) Unauthorised changing of another user‟s password or access rights Violations of or infringes on the rights of any other person, including the right to privacy Creating or transmitting defamatory, false, inaccurate or otherwise biased material Using an East Ayrshire Council resource to actively engage in displaying, procuring or transmitting material that is in violation of sexual harassment policy or laws, hostile workplace laws or other legal policies Transmitting of customer, partner or other business or educational confidential data Distributing, disseminating or storing images, text or materials that might be considered indecent, pornographic, profane, threatening, racially offensive, abusive, obscene, terrorist or illegal Undertaking deliberate activities that waste user effort or networked resources e.g. streaming news; storing MP3 files on network drives; global email advertising sale of personal items Any activity that restricts or inhibits other users from using the system or the efficiency of computer systems Any communication that encourages the use of controlled substances Any communication that uses the system for the purpose of criminal intent The installation of applications without prior approval The use of internet chat applications (eg/ MSN Messenger) Introducing any form of computer virus onto the network Users may not illegally copy material protected under copyright law or make that material available to others for copying 4.2 Internet Usage East Ayrshire Council has a policy for the use of the internet whereby users must ensure that they: Use the internet in an acceptable manner Do not create unnecessary business risks to the Council by their misuse of the internet Unacceptable Behaviour All Network Users v1.1.7 Page 5 of 22 East Ayrshire Council Information Technology Services ACCEPTABLE USE POLICY GOVERNING THE USE OF COMMUNICATION SYSTEMS In particular, the following examples are deemed unacceptable use of the internet: Visiting internet sites that contain obscene, hateful or pornographic material Using the computer to perpetrate any form of fraud, software or music piracy Using the internet to send offensive or harassing material to other users Accessing or downloading copyrighted information in a way that violates the copyright Downloading commercial software or any copyrighted materials belonging to third parties, unless this download is covered or permitted under a commercial agreement or other such license Hacking or attempting to hack into unauthorised areas Undertaking deliberate activities that waste user‟s effort or networked resources Use of Peer to Peer File Sharing Applications, including applications to download and share music or videos over the internet If users inadvertently access inappropriate material they should inform their line manager / supervisor / head teacher immediately. This information should then be relayed to the ICT Security Manager. When entering an internet site always read and comply with the terms and conditions governing its use. Users should exercise extreme caution if conducting financial transactions or disclosing personal information over the internet and are reminded that the Council will not be responsible for any damages or loss that they may suffer. Users should be aware that instant messaging is specifically forbidden (applications including, but not restricted to : MSN Messenger, AOL Instant Messenger, Yahoo Messenger etc). 4.3 Email Usage East Ayrshire Council has a policy for the use of email whereby users must ensure that they: Use email in an acceptable way Do not create unnecessary business risks to the Council by their misuse of the email system All Network Users v1.1.7 Page 6 of 22 East Ayrshire Council Information Technology Services ACCEPTABLE USE POLICY GOVERNING THE USE OF COMMUNICATION SYSTEMS Email is the principal communication method by which the Council conducts business. Given its importance to the business, users are expected to adhere strictly to the policy. Unacceptable Behaviour In particular, the following examples are deemed unacceptable use of email: Use of the Council communications system to set up personal businesses Use of the Council communications system to send chain letters Forwarding of Council confidential data to external locations, this includes personal email accounts. If a role dictates that a user must transfer confidential material offsite, users must do so using an encrypted USB flash drive (see section 7.6 for additional information) Transmitting copyrighted information in a way that violates the copyright Breaking into the system or unauthorised use of a password / mailbox Broadcasting unsolicited personal views on social, political, religious or other non-business related matters Transmitting unsolicited commercial or advertising material Give rise to an unauthorised contractual commitment on behalf of the Council Users should think twice before giving out their east-ayrshire.gov.uk (or indeed any) email address. Special regard should be given to entering it on a website or some form of “discussion list”. Users should be mindful of the reputation of the organisation that they are dealing with, for instance, by deciding whether or not they have been established for some time. 4.4 Telephone Usage (including mobiles and faxes) Business Use - users of the Council's telephone systems are authorised to use the telephone system in support of their individual duties, departmental and service needs.
Load more

Recommended publications
  • Comptia® Advanced Security Practitioner (CASP) CAS-003 Cert Guide
    CompTIA® Advanced Security Practitioner (CASP) CAS-003 Cert Guide Robin Abernathy Troy McMillan 800 East 96th Street Indianapolis, Indiana 46240 USA CompTIA® Advanced Security Practitioner (CASP) CAS-003 Editor-In-Chief Cert Guide Mark Taub Copyright © 2018 by Pearson Education, Inc. Product Line Manager All rights reserved. No part of this book shall be reproduced, stored in Brett Bartow a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from Acquisitions Editor the publisher. No patent liability is assumed with respect to the use of the Michelle Newcomb information contained herein. Although every precaution has been taken in Development Editor the preparation of this book, the publisher and author assume no respon- Ellie Bru sibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. Managing Editor ISBN-13: 978-0-7897-5944-3 Sandra Schroeder ISBN-10: 0-7897-5944-6 Project Editor Library of Congress Control Number: 2018932405 Mandie Frank 01 18 Copy Editor Kitty Wilson Trademarks All terms mentioned in this book that are known to be trademarks or ser- Indexer vice marks have been appropriately capitalized. Pearson IT Certifi cation Ken Johnson cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service Proofreader mark. Debbie Williams Windows is a registered trademark of Microsoft Corporation. Technical Editors Chris Crayton Warning and Disclaimer Every effort has been made to make this book as complete and as accurate Publishing Coordinator as possible, but no warranty or fi tness is implied.
    [Show full text]
  • USB Flash Drive - Wikipedia, the Free Encyclopedia
    USB flash drive - Wikipedia, the free encyclopedia http://en.wikipedia.org/wiki/USB_flash_drive USB flash drive From Wikipedia, the free encyclopedia A USB flash drive consists of a flash memory data storage device integrated with a USB (Universal Serial Bus) USB Flash Drive interface. USB flash drives are typically removable and rewritable, and physically much smaller than a floppy disk. Most weigh less than 30 g (1 oz).[1] Storage capacities in 2010 can be as large as 256 GB[2] with steady improvements in size and price per capacity expected. Some allow 1 million write or erase cycles[citation needed] and offer a 10-year[citation needed]shelf storage time.[3][4] USB flash drives are often used for the same purposes for which floppy disks or CD-ROMs were used. They are smaller, faster, have thousands of times more capacity, and are more durable and reliable because of their lack of moving parts. Until approximately 2005, most desktop and laptop computers were supplied with floppy disk drives, but floppy disk drives have been abandoned in favor of USB ports. USB Flash drives use the USB mass storage standard, supported natively by modern operating systems such as SanDisk Cruzer Micro is a brand of USB flash drives Linux, Mac OS X, Windows, and other Unix-like systems. USB drives with USB 2.0 support can store more data and transfer faster than a much larger optical disc drives like CD-RW or DVD-RW drives and can be read by many other systems such as the Xbox 360, PlayStation 3, DVD players and in some upcoming mobile smartphones.
    [Show full text]
  • USB Flash Drive - Wikipedia, the Free Encyclopedia
    USB flash drive - Wikipedia, the free encyclopedia http://en.wikipedia.org/wiki/USB_flash_drive USB flash drive From Wikipedia, the free encyclopedia A USB flash drive is a data storage device that includes flash memory with an integrated Universal Serial Bus (USB) interface. USB flash drives are typically removable and rewritable, and physically much smaller than a floppy disk. Most weigh less than 30 grams (1.1 oz). [1] As of September 2011, drives of up to 256 gigabytes (GB) are available. [2] A one-terabyte (TB) drive was unveiled at the 2013 Consumer Electronics Show and will be available during 2013. [3] Storage capacities as large as 2 TB are planned, with steady SanDisk Cruzer Micro, a brand of [4] improvements in size and price per capacity expected. Some allow USB flash drives up to 100,000 write/erase cycles, depending on the exact type of memory chip used, and a 10-year shelf storage time.[5][6][7] USB flash drives are often used for the same purposes for which floppy disks or CD-ROMs were used, i.e., for storage, back-up and transfer of computer files. They are smaller, faster, have thousands of times more capacity, and are more durable and reliable because they have no moving parts. Until about 2005, most desktop and laptop computers were supplied with floppy disk drives in addition to USB A Kingston card reader which accepts ports, but floppy disk drives have been abandoned due to their age Micro SD memory cards (Transcend and due to USB flash drives' growing popularity.
    [Show full text]
  • Contributors
    Volume 21 - (Q4/2009) “Companies spend millions of dollars on firewalls and secure access devices, and it's money wasted because none of these measures address the weakest link in the security chain: the people who use, administer and operate computer systems.” Kevin Mitnick Contributors MyCERT 4th Quarter 2009 Summary Report Guide to Motion Compensation Application Of Cryptography CyberSecurity Malaysia (Phase Correlation and Vector Assignment) By Liyana Chew Bt Nizam Chew & By Mohamad Faizal Bin Kheli Kuzzaman Norhayati Binti Aziz & Nor Azeala Binti Mohd Yusof USB Port: A culprit to ICT Security? [email protected] [email protected] By Zarina Musa [email protected] [email protected] Elliptic Curve Cryptography [email protected] By Norul Hidayah & EnCase 101: How EnCase Looks at the Time Nik Azura Common Criteria and National Cyber Security of the Evidence File [Part 2] [email protected] By Norahana Salimin By Lee Hui Jing [email protected] [email protected] [email protected] Cyberdating: How to Have Fun but Stay Safe Improving Organizational Sustainability Flash Memory: SLC and MLC By Muralidharon Through Information Security By Hafizullah Fikrie (DF) [email protected] By Maslina Daud [email protected] [email protected] Know Your WZC and PNL Threats By Abdul Fuad Abdul Rahman Pengurusan Krisis Jamin Kesinambungan Urusan [email protected] By Nazhalina Nazri [email protected] Importance of Global IMD Report and CyberSecurity Malaysia Razman Azrai [email protected] e-Security | CyberSecurity Malaysia | Volume 1721 - (Q4/2008)(Q4/2009) KDN License number PP 15526/10/2010 (025827) 2. From the Editor’s Desk A Message from the Head [email protected] of CyberSecurity Malaysia Hello to all readers, It’s the fourth quarter of 2009 and we are back with lots of interesting articles.
    [Show full text]
  • LR8400-20 LR8401-20 LR8402-20 MEMORY Hilogger
    Instruction Manual LR8400-20 LR8401-20 LR8402-20 MEMORY HiLOGGER July 2014 Revised edition 7 LR8400B980-07 14-07H Shop for Power Metering products online at: www.PowerMeterStore.com 1.888.610.7664 HiLogger Firmware Version Information and Upgrades LAN communication is available with HiLogger firmware version 1.20 and later. (The release date for version 1.20 is June, 2010.) The HiLogger firmware version is displayed at the upper right on the System screen. The latest version can be downloaded from Hioki’s website. Please visit our company’s website or contact your dealer or Hioki representative for the version upgrade procedure. Shop for Power Metering products online at: www.PowerMeterStore.com 1.888.610.7664 i Contents Contents 1 Introduction ..............................................................................1 Confirming Package Contents ................................................2 2 Safety Information....................................................................3 Operating Precautions.............................................................6 Chapter 1 Overview ____________________________________13 1.1 Product Overview and Features .............................13 1.2 Measurement Flow ..................................................14 1.3 Names and Functions of Parts, Screen Configurations .........................................................16 1.4 Basic Operation .......................................................22 Screen Operations (changing settings, scrolling waveforms, and displaying values)
    [Show full text]
  • Happy New Year! Happy New Year! 1 the UTRGV Information Security Office (ISO) Would Like to Wish You and Your Families a Security Highlights 2 Happy New Year
    ISO NEWSLETTER www.utrgv.edu/is VOLUME 1, ISSUE 1II JANUARY 19, 2017 INSIDE THIS ISSUE: Happy New Year! Happy New Year! 1 The UTRGV Information Security Office (ISO) would like to wish you and your families a Security Highlights 2 happy New Year. Hopefully one of your new years resolution will involve information security at home and work, in the instance that you have not added this to your list don’t worry there is still What to expect this plenty of time. semester Data privacy The ISO would also like to share a few security tips and hopefully you will share them with day 3 friends and family. National Stalk- ing Awareness Month Some basic security reminders to help 4. Change your passwords regular- you start the year: ly: UTRGV passwords must be ISO Spotlight 1. Beware of Tax Scams! The IRS saw changed at least yearly, but you can change it more often if need- UTRGV Senior an approximate 400 percent surge in 4 ed. Follow this tip for your banking Information phishing and malware incidents in the Security Analyst 2016 tax season. (www.irs.gov/uac/ and social media accounts! tax-scams-consumer-alerts) 5. Start organizing your passwords Featured Article 5 2. System & Data Backups: Ensure you with a password manager (e.g., backup important documents, irre- www.lastpass.com) where you can ISO Guest 6 placeable pictures and videos. Do not easily remember your password and let hardware failure, malware or everything is kept secure. ISO Campaigns 8 cryptoware get your data. Cloud 6.
    [Show full text]
  • Zabezpieczenie Danych Na Pendrive
    Zabezpieczenie danych na Pendrive Jedną z korzyści wprowadzenia nowej ustawy o ochronie danych osobowych (RODO) jest rosnąca świadomość użytkowników, jak ważne mogą być dane przechowywane na komputerach i jak ważne jest ich odpowiednie zabezpieczenie. Oprócz zabezpieczenia komputerów stacjonarnych oraz laptopów ważne jest, aby mieć świadomość, że kolejnym słabym ogniwem w bezpieczeństwie danych mogą być dyski przenośne i pendrivy. Pendrivy często są wykorzystywane do przechowywania kopii plików, które wykorzystujemy w bieżącej pracy, często też się zdaża, że zawierają one dane osobowe, które powinny być chronione. Poniżej przedstawiam trzy sposoby na ochronnę danych, zwracając uwagę na wady i zalety każdego z rozwiązań. 1 sposób – ochrona sprzętowa Najprostszym sposobem jest zakup urządzeń, które mają wbudowane odpowiednie zabezpieczenia. Przykładem takiego pendrive może być urządzenie Kingston DataTraveler Vault Privacy 8GB USB 3.0 256bit AES Encrypted. Jest to pendrive, który posiada wbudowane mechanizmy szyfrujące blokujące dostęp do zawartości hasłem. zalety sprzętowe rozwiązanie wbudowane w urządzenie możliwość pracy w trybie do odczytu możliwość dokupienia ochrony antywirusowej brak konieczności stosowania dodatkowego oprogramowania automatyczne blokowanie i formatowanie po wpisaniu 10 razy błędnego hasła wady wysoka cena w stosunku do pojemności 2 sposób – Bitlocker Ten sposób jest równie prosty co pierwszy, niestety jego zastosowanie jest ograniczone. Funkcja Bitlocker została wbudowana przez firmę Microsoft w system operacyjny Windows od wersji 7 do 10, również w rozwiązaniach serwerowych. Funkcja ta pozwala na zaszyforwanie dysków komputera, dysków przenośnych oraz pendrive. Niestety, największą wadą tego rozwiązania jest ograniczenie funkcjonalności do wersji Windows Pro oraz Enterprise, oznacza to, że użytkownicy posiadający system w wersji Windows Home nie mogą szyfrować ai odczytywać dysków zabezpieczonych funkcją Bitlocker.
    [Show full text]
  • Winsetupfromusb - Install Windows XP from USB Flash Drive Published November 15, 2008 Guides Tags: Windows XP, Winsetupfromusb
    WinSetupFromUSB - Install Windows XP from USB Flash Drive Published November 15, 2008 Guides Tags: Windows XP, WinSetupFromUSB Ads by Google Hard drive recovery tool For corrupted, reformatted drives Windows Vista/XP/2003/2000/NT/Me/98 www.quetek.com This guide will show you, how to use WinSetupFromUSB to create a bootable USB Flash Drive including all Windows source files, plus the following installation of Windows XP. Compare to the different USB_Multiboot versions, WinSetupFromUSB comes with a Graphical User Interface (GUI) and is in my opinion easier to use. Here you can get the latest version of the program and you will also find many detailed informations about WinSetupFromUSB. I’ve tested this guide with a 32-bit version of Windows XP and a 64-bit version of Windows Vista and it worked flawlessly. Prerequisites: All you need is: z a USB Flash Drive with at least 1GB of storage z the original Windows XP Setup CD z WinSetupFromUSB If you use nLite to slim down your version of Windows XP, please keep the following in mind: DO NOT remove “Manual Install and Upgrade” under Operating System Options! I also recommend to integrate Service Pack 3 into your Windows XP source files. 1. Preparations Download and install WinSetupFromUSB. Default installation path is C:\WinSetupFromUSB. Create a new folder with the name WINXPCD in the root directory of drive C:\ and copy all files from your Windows XP Setup CD into this folder. Depending on your version of Windows XP, the content of C:\WINXPCD should look approximately like this: The following files will show you, which Service Pack is already integrated into your CD: z WIN51IC.SP1, Sevice Pack 1 z WIN51IC.SP2, Sevice Pack 2 z WIN51IC.SP3, Sevice Pack 3 2.
    [Show full text]
  • USB Flash Drive Security: Best Practices
    NCSC CERTIFIED USB Flash Drive Security: ADISA CERTIFIED FOR SSD EAL2+ COMMON CRITERIA Best Practices USB Flash Drive Security 101 Steps to Tighter USB Security 1. Educate employees about the risks of USB drives and require them to never plug in a USB USB Flash Drive Security: device that they are unsure about. We recommend the following steps to increase the security protocols when using USB drives: 2. Allow only software encrypted USB drives to be used to store and transfer company data. 1. Perform an audit on current USB devices in the organization. This can be done internally or outsourced to a specialized security firm if there’s a large inventory. Best Practices 3. Implement company software that only works with approved flash drives. 2. Scan network for removable media devices to determine where USB devices are used in the When thinking about a device that hackers are Discussing the Risks of Using Unknown Flash Drives organization. likely to compromise, a laptop or mobile phone 3. Create an encryption process for all removable devices and implement it. may come to mind. But one of the most Even if the intention was to look for evidence to return it to its rightful owner, plugging in an unknown 4. Require regular reporting to ensure safeguard policies are in place. common targets in the cyber hacking space is USB device and clicking on files poses several cyber security threats. Not only could a flash drive be When a USB device reaches its end of life cycle, clear all sensitive data before scrapping/re- often overlooked due to its tiny, manufactured to perform a scripted malware attack on the computer, it could even fry the computer 5.
    [Show full text]