Information Security Policy

A security policy (also called an information security policy or IT security policy) is a document that spells out the rules, expectations, and overall approach that an organization uses to maintain the confidentiality, integrity, and availability of its data. (Grimmick, 2023)

Security policy defines what it means to be secure for a system, organization, or other entity. Information security policy consists of 3 main components which are Confidentiality, Integrity, and Availability. An information security policy makes it possible to coordinate and enforce a security program and communicate security measures to third parties and external auditors. (Exabeam, 2024)

An issue-specific security policy focuses on a function or service within an organization that has distinct security requirements. Examples of issue-specific policies include an email policy, a media disposal policy, or a physical security policy. A system-specific security policy is concerned with specific systems or types of system. It describes hardware and software approved for that system and how that system is to be protected. (CertMike, 2024)
Issue-specific security policy provides detailed, targeted guidance to instruct all members of the organization in the use of a resource. (Whitman & Mattord, 2019, p. 183)

My issue-specific policy: Computer use at LeMonade College

Statement of Purpose

This policy applies to the fair and responsible use of computers for anything related to LeMonade College. Inappropriate use exposes LeMonade College to cyber risks including virus attacks, ransomware attacks, compromise of network systems and services, data breach, and legal issues. (SANS, 2024)

Authorized Users

This policy applies to the use of computers or any such devices and network resources to conduct LeMonade College business. All employees, students, contractors, consultants, temporary, and other members of LeMonade College are responsible for exercising good judgement regarding appropriate use of such devices and network resources in accordance with LeMonade policy. No exceptions to this policy are allowed.

Prohibited Users: The Following activities are in general prohibited with no exceptions

• Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws including the installation or distribution of pirated or other software products that are not appropriately licensed for use by LeMonade College.
• Accessing data, a server, or an account for any purpose other than conducting LeMonade College business, even if you have authorized access is prohibited.
• Introduction of malicious programs into the network or server.
• Revealing your account password to others allowing use of your account by others. This includes family and other household members.
• Using LeMonade College computers or device to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws in the user’s jurisdiction.
• Selling said device to anyone including those at LeMonade College.
• Upgrading, altering, or tampering with any software or hardware on the computers.
• Bypassing the LeMonade College admin and installing programs that aren’t required by the school.

System Management

While one is using any device issued to them by LeMonade College, they should ensure their information is secure, backed-up and any upgrades necessary to the normal running of the device should be approved by the admin at the school IT department. Therefore, routine system upgrades, malware checks and deleting of old and unwanted files is mandatory to ensure the smooth working of the device.

Violations of Policy

Any incidents resulting in the damage or loss of any device will result in the person entrusted the device by LeMonade College having to repair or replace the device. The school will not reimburse any costs incurred during such endeavors.

Policy Review and Modifications

The policy is subject to change every new school year with the IT department admins responsible for revising and amending the current policies. Those who wish to make suggestions or complaints about the policies contained within should write to the IT department and wait for a response after 5 to 14 business days. If emergency assistance is required highlight so in the subject line of your draft and describe the issue. If you fake a serious issue, you risk not getting immediate assistance next time as the people in IT are always working hard to address the issues of all those within LeMonade College.

Limitations of Liability

Having read these policies and agreeing to comply, in any instance if a member of LeMonade College, or a third party given access to your device by you the owner ends up causing any damage that may result in them being liable the school does not have any obligation to intervene and said persons will be liable for their actions. Not only will the school not provide legal support to the person, but it will aid in their prosecution.

References

References CertMike. (2024). Security Policy Framework. Retrieved from CertMike: https://www.certmike.com/security-policy-framework/#:~:text=Examples%20of%20issue%2Dspecific%20policies,system%20is%20to%20be%20protected.
Exabeam. (2024). The 12 Elements of an Information Security Policy. Retrieved from Exabeam: https://www.exabeam.com/explainers/information-security/the-12-elements-of-an-information-security-policy/
Grimmick, R. (2023, April 6). What is a Security Policy? Retrieved from Varonis: https://www.varonis.com/blog/what-is-a-security-policy#:~:text=A%20security%20policy%20(also%20called,and%20availability%20of%20its%20data.
SANS. (2024). Security Policy Templates. Retrieved from SANS: https://www.sans.org/information-security-policy/
Whitman, M. E., & Mattord, H. J. (2019). Manegement of Information Security. Boston: Cengage.