Copyright

Computer Security Policies Examples

Instructor: Katherine Wenger

Kate has a Bachelors, Masters, and is a Ph.D. candidate in the fields of Information Technology and loves teaching students

This lesson provides an explanation as to how and why a policy is formed as a basis for understanding the driving forces behind computer security policies. Common computer security policies and examples are discussed.

What Are Policies?

Let's start with a brief description of a policy. A policy is a set of principles that are intended to guide actions of an organization. For example, a computer security policy for a bank could be written that sets restrictions on employee Internet access in an effort to reduce the likelihood of an outside cyber-attack.

Policies are generally formulated either reactively or proactively. A reactively derived policy is created as a consequence of a failed or flawed process that caused or could have caused harm to the organization. Let's use a real-world scenario as an example of a reactive policy. For example, a small restaurant recently experienced a cyber-attack from a remote location by an individual using a mobile device. Upon learning of the details of the attack, the restaurant created a policy that restricts wireless access only to authorized individuals, in an attempt to limit access to the network. Rather than forecasting a cyber attack and implementing a proactive policy, the restaurant waited until an actual attack occurred.

Although, it may seem rather irresponsible of the restaurant not to have policies in place that protect their network, and essentially the business, this is an entirely common practice. Organizations from a small restaurant to government agencies are all too often ill-prepared for computer security mishaps, and often depend on historical events from which to create policies. A proactive policy is created from lessons learned as well as insight into future events. Now that we have gone over how and why policies are created, the following sections discuss examples and explanations of some commonly employed computer security policies.

Remote Access Computer Security Policies

Organizations continually expand the amount of employees who work off-campus; interoperability between organizations is ever increasing, and vendors are given greater access to a company's network all made possible by remote access. Remote access to an organization's network can be especially beneficial to all parties involved, but it also allows for vulnerabilities to be exposed. Organizations that allow remote access have, or should have, specific computer policies that specify security procedures for remote access. For the most part, remote computer security policy reads such that only authorized users are allowed access to the network and for only legally accepted practices.

Virtual Private Network, better known as VPN, allows employees access to the network after acquiring an Internet Service Provider to connect with. VPNs tend to be greater restricted in terms of security restrictions and the amount of authorized users allowed to connect in this manner. Specific virtual private network policy indicates who is granted the service and the type of use an individual is allowed on the VPN.

Wireless communication policy requires connections to be secure. In some cases, an organization will restrict the breadth of activity that takes place by the user. For example, a bank may only allow certain applications to be downloaded to a mobile device in an effort to control Internet traffic including blocking potential attacks that are easier through certain applications.

General Computer Security Policies

An organization sets forth computer security policies specific to their needs. Suffice to say that organizations are connected via the Internet and use at the very least email. Depending on the specific needs, a company can use dozens of applications that communicate with outside companies, customers, clients, or vendors. It is of upmost importance that every aspect of vulnerability, which comes in the form of connectivity through applications, be given specific or general computer security policies.

An acceptable use policy is among one of the most universally used computer security policies. An acceptable use policy sets forth guidelines and restrictions for the general use of computing equipment owned by the organization. For example, the policy might restrict access to certain types of websites in terms of visiting and in terms of downloading third party software or documents or uploading company documents using the Internet.

To unlock this lesson you must be a Study.com Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use Study.com

Become a Study.com member and start learning now.
Become a Member  Back
What teachers are saying about Study.com
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? Study.com has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account
Support