Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
A Network Security Policy

A Network Security Policy

Ratings: (0)|Views: 85|Likes:
Published by julienthesun

More info:

Published by: julienthesun on Sep 30, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as DOCX, PDF, TXT or read online from Scribd
See more
See less

09/30/2010

pdf

text

original

 
A Network Security Policy include the elements that are required for most network security policies: privacy policy, acceptable use policy, authentication policy, Internet use policy, access policy, auditing policy, and data protection policy. The security policy should also protect anorganization legally, and it should be a continual work in progress.
In compliance with the Convergys and DirecTv rules, the Convergys Corporation, and generally accepted industry best practices, Convergys provides for the security and privacy of the data stored on, redirected through, or  processed by its technology resources. Convergys encourages the use of these technology resources, however theyremain the property of Convergys and are offered on a privilege basis only.Throughout this policy, the term ³staff´ identifies full- and part-time employees, contractors, consultants,temporaries, student assistants, volunteers, retired annuitants, vendors and other users including those affiliated withthird parties who access Convergys technology resources due to their job responsibilities. Management expectsstaff to comply with this and other applicable Convergys policies, procedures, and local, state, federal, andinternational laws.
Failure to abide by these conditions may result in forfeiture of the privilege to use technologyresources, disciplinary action, and/or legal action.
The IT Policy Review Team regularly modifies this and other IT security related policies to reflect changes inindustry standards, legislation, technology and/or products, services, and processes at Convergys.
Privacy
Convergys reserves the right to monitor, duplicate, record and/or log all staff use of Convergys technologyresources with or without notice. This includes but is not limited to e-mail, Internet access, keystrokes, file access,logins, and/or changes to access levels.
 S 
taff shall have no expectation of privacy in the use of these technologyresources.
L
iability
Convergys makes no warranties of any kind, whether expressed or implied for the services in this policy. Inaddition, Convergys is not responsible for any damages which staff may suffer or cause arising from or relatedto their use of any Convergys technology resources.
 S 
taff must recognize that 
Con
vergys
technology resourceusage is a privilege and that the policies implementing said usage are requirements that mandate adherence.
Staff Resp
on
sibilities a
nd
Acc
oun
tability
E
ffective information security requires staff involvement as it relates to their jobs. Staff is accountable for their actions and therefore they own any events occurring under their user identification code(s). It is staff¶s responsibilityto abide by policies and procedures of all networks and systems with which they communicate. Access of personalor private Internet Service Providers while using Convergys provided information technology resources or usingnon- Convergys provided information technology resources to conduct Convergys business does not indemnifyany entity from the responsibilities, accountability and/or compliance with this or other Convergys policies. Staff responsibilities include but are not limited to:
y
Access and release only the data for which you have authorized privileges and a need to know (includingmisdirected e-mail)
y
Abide by and be aware of all policies and laws (local, state, federal, and international) applicable to computer system use
y
Report information security violations to the Information Security Officer or designee and cooperate fully withall investigations regarding the abuse or misuse of state owned information technology resources
y
Protect assigned user IDs, passwords, and other access keys from disclosure
y
Secure and maintain confidential printed information, magnetic media or electronic storage mechanisms inapproved storage containers when not in use and dispose of these items in accordance with Convergys policy
y
Log off of systems (or initiate a password protected screensaver) before leaving a workstation unattended
y
Use only Convergys acquired and licensed software
y
Attend periodic information security training provided by Convergys IT Security Branch
y
Follow all applicable procedures and policies
©
SANS I
n
stit
u
te 2001, A
u
th
o
r retai
n
s f 
u
llrights
ey fingerprint = AF19 FA27 2F94 998D FDB5 D
E3
D F8B5 06
E
4 A169 4
E
46
 
E
lectr
on
ic Mail (
E-
Mail) P
o
licy
Convergys electronic mail services (e-mail) policy provides staff with guidelines for permitted use of theConvergys e-mail technology resource. The policy covers e-mail coming from or going to all Convergys owned personal computers, servers, laptops, paging systems, cellular phones, and any other resource capable of sending or receiving e-mail.
Ow
n
ership
Convergys owns all e-mail systems, messages generated on or processed by e-mail systems (including backupcopies), and the information they contain. Although staff members receive an individual password to access theemail systems, e-mail and e-mail resources remain the property of Convergys.
M
on
it
o
ri
n
g
Convergys monitors, with or without notice, the content of e-mail for problem resolution, providing security,or investigative activities. Consistent with generally accepted business practices Convergys collects statisticaldata about its technology resources. Convergys technical staff monitors the use of e-mail to ensure the ongoingavailability and reliability of the systems.
Acc
oun
tability
Staff may be subject to loss of e-mail privileges and/or disciplinary action if found using e-mail contrary to this policy. Staff must maintain the confidentiality of passwords and, regardless of the circumstances,
never share or reveal them to anyone
. The Information Security Officer (ISO) must provide express written permission beforesensitive information is forwarded to any party outside of the Convergys. Staff should contact the ISO withquestions regarding the appropriateness of information sent through e-mail.
E
thical Behavi
o
r a
nd
Resp
on
sible Use
Convergys provides e-mail systems to staff to facilitate business communications and assist in performingdaily work activities.
 Ethical and Acceptable
y
Communications and information exchanges directly relating to the mission, charter, and work tasks of Convergys
y
Announcements of laws, procedures, hearings, policies, services, or activities
y
 Notifying staff of Convergys sanctioned employee events, such as the holiday party, bake sales, arts and craftfairs, retirement luncheons, and similar approved activities
y
Respecting the legal protection provided by all applicable copyrights and licenses
y
Practicing good housekeeping by deleting obsolete messages
nethical and 
nacceptable
y
V
iolating
any
laws or Convergys policies or regulations (e.g. those prohibiting sexual harassment,incompatible activities, or discrimination)
y
Submit, publish, display, or transmit any information or data that contains defamatory, false, inaccurate,abusive, obscene, pornographic, profane, sexually oriented, threatening, racially offensive, discriminatory, or illegal material
y
Compromising the privacy of staff, customers, or data and/or using personal information maintained byConvergys for private interest or advantage
y
E
ngaging in any activities for personal gain, performing personal business transactions, or other personalmatters (e.g. sending sports pool or other gambling messages, jokes, poems, limericks, or chain letters)
y
Intentionally propagating, developing, or executing malicious software in any form (e.g. viruses, worms,trojans, etc.)
y
V
iewing, intercepting, disclosing, or assisting in viewing, intercepting, or disclosing e-mail not addressed toyou
y
Distributing unsolicited advertising
y
Accessing non-Convergys e-mail systems (e.g. Hotmail, Yahoo!) using Convergys owned resources
1.0 Purpose
The purpose of this policy is to provide guidelines for Remote Access IPSec or L2TP Virtual PrivateNetwork (VPN) connections to the <Company Name> corporate network.
2.0 Scope
This policy applies to all <Company Name> employees, contractors, consultants, temporaries, and other workers including all personnel affiliated with third parties utilizing VPNs to access the <Company Name>

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->