Protect Your Computer System with a Comprehensive Security Policy

Protect Your Computer System with a Comprehensive Security Policy

By Cavyl Stewart

Tip! Security Software provides detailed information on Security Software, Internet Security Software, Computer Security Software, Network Security Software and more. Security Software is affiliated with Computer Spy Software.

The most difficult part of creating a Security Policy for your business is determining what, exactly, to include in it. Never heard of a Security Policy before? You're not alone. But whether you are the only employee in your company or you have a small staff working for you, you need to learn what a Security Policy is, and then you need to create one.

In much the same way that a personnel policy informs employees of things like vacation time accrual, performance review schedule and other personnel-related issues, a Security Policy informs your employees of the steps that are necessary to keep your company's network and computers secure. The policy is your company's rules and regulations that are enforceable, under law if necessary, if breached.

A Security Policy will include rules and formal procedures that are clearly written and laid out. But most importantly, the information contained must be easy for employees of all levels to understand.

And just as it is with young children, the content of your Security Policy must be enforceable, and it must be enforced consistently. Saying in writing that something is not allowed, then allowing it to happen during regular work hours sends mixed messages to your employees. They won't know what really is right or wrong, which will defeat the whole point of your Security Policy. Inconsistent implementation also leaves you open to legal liability.

Like any good policy, your Security Policy should be regularly updated to reflect today's rapidly-changing business environment. Most of the time, you will be the person making these changes. However, if your company is growing and adding staff, this may not always be the case. Make sure the person responsible for updating your company's Security Policy has guidelines and boundaries, and most of all, make sure you read and approve any changes made by someone else.

Tip! Recommended Computer Security Suites Internet security software suites produced by large, reputable vendors like Symantec, Trend Micro, McAfee, Zone Labs, and Panda are excellent and should provide you with great overall protection. Although a bit more expensive than their small company counterparts, it's best to stick with one of the big boys; especially if you are relatively inexperienced with computers and software.

Make presenting your Security Policy part of your new employee orientation procedure. Make sure every employee reads the policy, signs and dates a document certifying that it has been read, and then keep the signed and dated certification in their respective personnel folder. And every time that your Security Policy is updated, make every employee read it again, and sign and date a document stating that they have read the changes.

The types of topics you may want to cover in your company's Security Policy include but are not limited to:

* What can be loaded onto an employee's computer from floppy disk or CD

* What personal business, if any, can be conducted on the company computer

* Which files or company information is allowed to leave the internal network or is allowed to be sent out over the Internet

* Who is allowed to install new software and software upgrades onto the system, and equally
important, who is not allowed to do this

Tip! Msingathi is the owner of the Computer Security Resources Website. The website is targeted at the computer user who wants the best computer security software to protect against spyware, adware, viruses and to improve computer performance using registry cleaners.

* A password management and password change policy which includes the acceptable length of passwords. Provide examples of permissible/non-permissible passwords. Examples of non-permissible passwords might include date of birth, names of pets, nicknames, children's names, etc.

* Who's allowed remote access to your network from off-site

* Policies for locking keyboard or using password protected screensavers when an employee's PC is left unattended

* Who is allowed to attach their laptop or other portable computing device to the network and what information they are allowed to upload/download

* Guidelines for vendors and other visitors who may need access to your network while they are on-site.

Whether you have one PC or several networked together, you have a lot of money invested. Protect this critical business asset with an iron-clad Security Policy.

Copyright � 2004 Cavyl Stewart. For help with creating your security policy or to find security software or other small business programs, visit:
http://www.find-small-business-software.com/hr-software.html -
Also, be sure to check out my Exclusive, 100% free ecourses.

PC Security

PC Security is a field of computer science concerned with the control of risks related to computer use.
The means traditionally taken to realize this objective is to attempt to create a secure computing platform, designed so that agents (users or programs) can only perform actions that have been allowed. This involves specifying and implementing a security policy. The actions in question can be reduced to operations of access, modification and deletion. Computer security can be seen as a subfield of security engineering, which looks at broader security issues in addition to computer security.
In a secure system the authorised users of that system are still able to do what they should be able to do. One might be able to secure a computer beyond misuse using extreme measures:
"[T]he only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts." -- Eugene H. Spafford, director of the Purdue Center for Education and Research in Information Assurance and Security.
However, this would not be regarded as a useful secure system.
It is important to distinguish the techniques used to increase a system's security from the issue of that system's security status. In particular, systems which contain fundamental flaws in their security designs cannot be made secure without compromising their usability. Consequently, most computer systems cannot be made secure even after the application of extensive "computer security" measures. Furthermore, if they are made secure, often it is to the detriment of usability.

PC Security