Acceptable Use

During this course you will learn tips and trick to comply with the policies we created.

Acceptable Use

test

Acceptable Use Policy

At home, at the gym, at the hobby club, and at work, we all comply with certain rules. This makes sure everything runs smoothly, and we can do our work efficiently.

We have drawn up company rules, and agreed to use our computer, telephone and information purely for work purposes, and to act ethically in this respect.

One of the rules states that if company information is lost, stolen or leaked, we report it to our services: the information security unit or the IT help desk.

Seen something suspicious?

Do you have access to information you don’t normally have access to?

- Report it to the information security unit.

Regular checks are carried out to protect company information from being misused. This applies to: Internet and phone use, voicemails, emails and computer files, and all the company’s servers.

What do you need to watch out for?

Using, distributing, copying or digitising any kinds of illegal applications, data or information. This could be photos, texts, music that are copyright protected.

Never use company data for non-company purposes (e.g. using your company email to contact your sports club)

Keep malicious software out of the system

Never give your personal password to anyone else

Never use company resources for purchases or forms of information distribution related to sexual harassment or illegal practices

Never distribute or disclose information on staff to third parties.

Never circumvent the safety measures set up to protect the company

Never share confidential company data or information on social media

Never participate in social media conversations or blogs that could be damaging to the company.

Company property, our assets, must be protected. Assets include: goods in the shop, cash registers, shelving systems and buildings. It also includes less tangible property such as intellectual property, software and company information in general.

 

All goods have an owner. The owner is responsible for the use of the object.[NC1]

It is his or her responsibility to return it[NC2] so we can process, recycle or destroy it properly.

We need to protect information because it is valuable.

Depending on the classification of the information involved, we need to encrypt it when we save the information to a portable storage device such as a USB stick.

To summarise:

Label all company items and be clear about which items belong to you

Hand in company property when you leave the company

Be clear about the classification of the goods and respect the rules that apply

Encrypt sensitive information if it’s being saved to a portable device

Empty data carriers if they’re no longer being used by the company

If you have any questions, contact the IT security officer[NC3]

One of the most important aspects of IT security is monitoring access to systems, applications and information.

The identity of anyone wishing to gain access must be verified. This is also referred to as authentication. Access – or authorisation – is granted when authentication has been successful.

The unauthorised use of or access to company resources can largely be avoided by using the right checks.

We have all been given a personal user name and password. This means that we are responsible for any activity carried out in our name.

These details must never be shared – not even temporarily, not even with someone we trust.

To do your work properly, you are given the rights and accesses to sources, based on your function. All rights can be obtained by following official procedures. Access is decided by the person responsible for the source.

All rights will be checked regularly by the person responsible. This ensures that every employee always has access to the appropriate rights and accesses.

Just as we take our car in for periodic repairs or checks to avoid problems,

our computers or servers are updated regularly. This means they are protected and not open to threats. That’s why it’s important for us to perform software updates, and not ignore them.

All the applications we install are inventoried. Do not install any software that is not permitted, or has not been checked.

If you do, there is a risk that you will not perform automatic updates for this software. This may create risks within the company.[NC4]

Employees cannot technically perform updates if they have not followed the mandatory trainings.[NC5]

It is vital that employees keep their knowledge up to date by following the mandatory trainings.

All activities on the company systems and networks are monitored and logged for inspection.

All data concerning activities or access to certain systems is collected at a central site and protected against deletion or modified.

Depending on the classification of the systems, extra activities are logged and maintained. Systems have been set up to automatically detect certain patterns/accesses.

This alerts the right services to anomalous activities.

This happens when, for instance, new software is installed on a system or if an unauthorised person grants new access to a system.

We understand security incidents to include any instances of undesirable or unforeseen situations that may put the company in jeopardy.

Examples of such situations include:

Loss or theft of classified information (diaries, address databases, contracts stolen from vehicles)

Loss or theft of data devices such as laptops, smartphones, USB sticks containing company information

Involuntary or unauthorised distribution of classified information through accidental forwarding

Changes to vital company data

Introduction of malware, viruses or spyware into computer systems

Misuse of personal details such as sharing the username and password

Break-ins or unauthorised access to offices where sensitive information is present, or to computer areas where sensitive information is processed

Report incidents to the IT service or security department so that they can be investigated and labelled.

This investigation helps us to take appropriate action. And, depending on how serious the situation is, will guarantee or normalise company operations.

We intend to inform all our employees about the right way to deal with company information, and how to keep it secure.

Just as we expect all our staff to possess the skills required to perform their tasks satisfactorily, we also expect them to know, and apply, the security policy.

These trainings will help you:

To be alert to security incidents

To know who to contact

How to react if an incident occurs.

You’ll also learn the right way to handle company information, and how to protect it properly.

Policy documents are available on the intranet so that you and your colleagues can consult them whenever you need to. If you have any questions, contact your line manager or the Information Security Officer.[NC6]

[NC1]Goods vs. Objects, why is different

[NC2]To return what? Object?

[NC3]Below it is Information Security Officer

[NC4]It doesnt make any sense with previous sentence

[NC5]What is this?

[NC6]Above it was IT security officer