IT Acceptable Use Policy

CONTENT

1. GENERAL
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. PRINCIPLES
4. STANDARDS FOR ELECTRONIC COMMUNICATIONS
4.1 DUE CARE FOR COMMUNICATION CONTENT
4.2 DUE DILIGENCE FOR DISTRIBUTION OF ELECTRONIC COMMUNICATIONS
4.3 CROSS-BORDER COMMUNICATIONS
4.4 DISSEMINATION OF INFORMATION TO THIRD PARTIES
4.5 MAIL PROCESSING DURING EXTENDED ABSENCE
4.6 USE OF INSTANT MESSAGING
4.7 CHAIN MAILS
4.8 ROUTING TO PRIVATE EMAIL ADDRESSES
4.9 EXTERNAL EMAIL ACCOUNTS ACCESS
4.10 TEXT MESSAGING SERVICES (SMS/MMS)
5. EQUIPMENT SECURITY
5.1 USE OF UNAUTHORIZED EQUIPMENT
5.2 PROTECTION OF COMPANY EQUIPMENT
6. INTERNET USE
6.1 WORK-RELATED PURPOSES
6.2 BLOGS
6.3 ACCESS, DOWNLOAD OR PUBLISHING OF INAPPROPRIATE MATERIAL
6.4 ONLINE SERVICES
6.5 REPUTATIONAL DAMAGE
7. APPROPRIATE SOFTWARE USE
7.1 UNAUTHORIZED SOFTWARE
7.2 TOOLS OR UTILITIES
7.3 MODIFICATION OF COMPANY WORKSTATION OR LAPTOP
7.4 SECURITY SYSTEMS
7.5 MALWARE
8. TRADEMARKS, COPYRIGHT LAWS, AND PROPRIETARY INFORMATION
8.1 STORAGE ON COMPANY SYSTEMS
8.2 PROPRIETARY INFORMATION OF OTHER COMPANIES
8.3 COMPANY LOGO
8.4 COMPANY INTELLECTUAL PROPERTY, PROPRIETARY OR CONFIDENTIAL MATERIAL
9. DATA AND INFORMATION EXCHANGE
9.1 UPLOAD OF DATA
9.2 TRANSMISSION OF COMPANY INFORMATION
10. NEW COMMUNICATIONS MEDIA
11. ACCESS CONTROL RESPONSIBILITIES
11.1 PASSWORDS AND SYSTEM ACCESS CREDENTIALS
11.2 UNAUTHORIZED ACCESS TO INFORMATION
11.3 CLEAR SCREEN POLICY
11.4 LOSS OF SECURITY TOKEN DEVICE
11.5 FAX AND MODEM PHONE LINES
11.6 WIRELESS-BASED AND OTHER MEDIA-BASED INTERNET CONNECTIVITY
11.7 CONNECTING FROM NON COMPANY EQUIPMENT AND USE OF NON-COMPANY SERVICES
11.8 HACKING
11.9 SPOOFING
12. REMOVABLE STORAGE DEVICES AND MOBILE EQUIPMENT
12.1 REMOVABLE STORAGE DEVICES AND INFORMATION PROTECTION
12.2 PHOTOGRAPHY AND VIDEOGRAPHY
13. PRINTING AND DISPOSAL OF SENSITIVE COMPUTER PRINTOUTS, DOCUMENTS, AND STORAGE MEDIA
13.1 PRINTING OF SENSITIVE MATERIAL
13.2 DISPOSAL OF SENSITIVE PAPER DOCUMENTS
13.3 DISPOSAL OF DATA STORAGE MEDIA
14. USE OF FAX MACHINES
14.1 TELEPHONE NUMBER VERIFICATION
14.2 FAX DISCLAIMER
14.3 CONFIDENTIAL DOCUMENTS
14.4 SECRET DOCUMENTS
15. SOCIAL ENGINEERING ATTACK PREVENTION
15.1 NON-PUBLIC OR CLIENT INFORMATION DISCLOSURE
15.2 SPAM MAIL AND OTHER MALICIOUS MAIL
15.3 PHISHING ATTACKS
16. INFORMATION SECURITY WEAKNESS REPORTING
16.1 INFORMATION SECURITY INCIDENTS
16.2 INFORMATION SECURITY WEAKNESSES
17. END-USER COMPUTING (EUC)
17.1 EUC FOR BUSINESS CRITICAL APPLICATIONS
17.2 EUC FOR APPLICATIONS WITH CONFIDENTIAL INFORMATION
18. CONDUCTING BUSINESS AWAY FROM [COMPANY] PREMISES
19. EXCEPTIONS
20. FINAL CONSIDERATIONS
20.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
20.2 DOCUMENT REVISION

Pages: 21