It does not matter whether a company has the access to the new technologies and services or not, if the stuff does not follow the proper procedures, this access can be ineffective. In order to have steady development the companies should take into consideration the security of information (Easttom, p.281).
Thought, examining and developing the security policies should be the major step in companies success. Four different acceptable use policies have been examined: Level3 acceptable use policy, Earthlink acceptable use policy, Sans Institute policies, and Information Security World Policy.
Level 3 use policy is applied to all users of the mentioned service. After accepting the rules of the policy, the user is acknowledged about the responsibility for compliance with them. The main aim of the policy is to protect the User, the Level 3 Network, and the Service from illegal manipulations over the Internet.
Among the Level 3 rights are: the right to terminate or suspend the service, the right to cooperate with investigators, the right to modify the policy, the right to filter the information. Level 3 policy prohibits illegal activities, unauthorized access, spamming and mobile bombing, fraud and spoofing.
In order to control the rules enforcement, Level 3 use policy anticipates the possibility to complaint. Thus, every User, or some other party can complaint about the above mentioned amusements (Level 3, 2012). Another important thing is that “Level 3 has no obligation to forward the complaint to the User or to identify the complaining parties.”(Level 3, 2012, line 126-127).
In addition, Level 3 use policy forbids transmitting the files which include corrupted data or viruses; altering or circumventing the procedures or processes to bandwidth utilization, measure time and other similar methods; using those activities, which (Level 3, 2012).
EarthLink acceptable use policy is quite similar to Level 3 acceptable use policy. As well as Level 3 policy, EarthLink policy is oriented on stopping the violations. This policy forbids any kind of illegal use: uploading, transmitting, receiving, storing, posting, data or material. It includes the information about illegal terrorism, drugs or weapon, services, goods or substances, and many others. EarthLink acceptable use policy includes fraudulent activities connected to finances: different suspicious financial schemes and pyramids.
In addition, EarthLink acceptable use policy does not allow gambling, spamming, and phishing. Much attention is devoted to the copyright and trademark infringement. According to it, uploading, transmitting, receiving, and posting any material that infringes any copyright is forbidden.
One of differences to Level 3 policy is the rule about network probing, which was not mentioned in the first policy. According to EarthLink acceptable use policy, any kind of detective network activity is prohibited. EarthLink policy requests everyone who considers some actions to be violation can inform about it. EarthLink in its turn can give the verbal or written warning, suspend the person or service for some period of time, block the internet access to the service, terminate the service, or bring some legal actions (EarthLink, 2012).
Sans Institutes Policy is divided into several sub policies. Thus, Sans Institutes Policy includes such security policies as Computer, Desktop, Email. HIPAA, Internet, Mobile, Audit, Network, Physical, Server, Wireless, and Whitepapers Policy. There is no similar to Audit Security Policy in Level 3 and EarthLink acceptable policies.
This policy defines different requirements, provides the authority information to the team which conducts the audits and deals with the information security and risk assessments in order to ensure the resources and information integrity and investigate incidents. Another unique security policy is HIPPA policy. This policy was creates especially to protect confidential information, which is connected to the health issues.
The policy includes 18 standards, which are summarized in the three major themes: Physical, Technical, and Administrative Safeguards. Furthermore, different to other use acceptable policies is Visitor or Physic policy, which demands penalties for information disclosure and the camera usage. The mentioned policy requires check-in system. Thus, each visitor should go through the special check-in entrance, present his or her photo identification card, and only after will have the opportunity to visit their employee sponsor (SANS, 2012).
Another researched policy is Information Security Policy. This policy addresses such issues as integrity, disclosure, availability concerns and others which concerns the information security.
The policy is intended to influence the actions or decisions and create general way of behavior, as it sets the rules, the laws, and to prevent their violations. This policy is very similar to the previous policies. However, in this one the major focus is made on the technical aspect. The main point of the policy is connected to the risk analysis (The Information Security Policies, 2012).
The Eastons book is devoted to the examining of the acceptable policies. The main focus of the examined chapter is devoted to researching the most effective user, access, system administration, and developmental policies. As well as the previous policies, those that are described in the book are focused on the technologies.
However, according to the author, the good technologies should be supported with people factor, to be precise, with professionals, who can use the technologies in order to provide the best service. The author gives many tips how to be sure in the security of the information in the internet. First of all, Easttom advices never have a copy of the password in the accessible places. Secondly, the author advices never share the password.
Finally, in any case of suspension the violation, the person should inform about it the IT department. The book gives the overview of those activities that are appropriate in the network of the company, and those that are not. Among not appropriate are: the search for the job, the photographic use, the violations of the laws.
This list may include online shopping, reading news, or watching funny videos. In addition, the author gives the recommendations how to use the e-mail service. One of those recommendations is not to open the emails from unknown author or, which is even worth, not to answer that suspicious emails (Easttom, 2006).
Many different types of policies have been examined. However, each of them claims that nevertheless the powerful software and technological equipment, the person should be very careful him or herself. To my mind, the best recommendation how to be safe was written in the Easttoms book: “Passwords must never be shared with any person for any reasons”(Easttom, 2006, p.283).
The reason is that the person near you can be your worst enemy. When we are talking about the security of the important things, you are yourself the only person you can trust. The scheme is very simple: the responsibility equals the security.
References
EarthLink Policies & Agreements. (2012). Web.
Easttom, C. (2006). Network defense and countermeasures: Principles and practices. Upper Saddle River, NJ: Pearson. Print.
Level 3: Acceptable Use Policy. (2012). Web.
SANS: Information Security Policy Templates. (2012). Web.
The Information Security Policies/Computer Security Policies Directory (2012). Web.