Malware Security Policy: Lax immune surveillance can result in viruses infiltrating and destroying critical data. Hence a thorough and effective policy must be in place to ensure that viruses and other malware are regularly scanned for and eliminated.
Some points you may wish to consider:
Allow only authorized workers in the IT Department to install or use any externally-provided software. This will help prevent inadvertent damage of data by use of unauthenticated software.
Make virus scanning redundant where feasible. The frequency of virus scans must conform to standards.
Users must not attempt to eradicate computer viruses, but immediately call the IT Department.
You can use the Malware Security Policy Template too draw up your policy.
IT Computer Equipment Security Policy: As your organization’s data ultimately rests on physical devices such as laptops and servers, the physical security of the equipment is a necessary part of overall IT governance. You can include the following pointers while drawing up your own organization’s policy:
Ensure that computers, telephones and other office equipment provided to employees are used for legitimate business purposes.
Reserve the right to monitor use of such equipment to ensure appropriate use.
Do not allow employees to access another co-worker’s computer without authorization.
See to it that company equipment is disposed of by authorized personnel only.
For further details, you may refer to the IT Computer Equipment Security Policy Template provided in the toolkit.
Wireless Devices Security Policy: As organizations move towards wireless networking to facilitate movement within the premises (for meetings, presentations etc), new security challenges emerges. For this you will have to draw up a Wireless Security Policy. You can make use of the following suggestions:
Assert that the IT Department has the sole authority to manage wireless devices that connect to the corporate network. Any employee who wishes to utilize wireless technology must follow the IT Department’s published policies, standard protocols, practices and procedures.
Wireless devices must be purchased and configured by the IT Department.
Final responsibility for the security and proper use of any wireless client rests with the employee.
Reserve the right to deny access to wireless devices as needed.
You can make use of further details in the Wireless Devices Security Policy Template included in the toolkit.
You must ensure while drawing up every policy that it has teeth, and that you have the right to administer appropriate punitive action to anyone found violating the IT governance policies.
