Internet Usage Policy PDF
Document Details
Uploaded by barrejamesteacher
null
EC-Council
Tags
Related
- Bonita Springs Fire Control and Rescue District 516 Computer and Email Usage Policy PDF
- Des Plaines Police Department Information Technology Use PDF
- Internet Usage Policy PDF
- Kansas City Missouri Police Department Personnel Policy 260 - Computer Use and Security 2021 PDF
- 3rd-5th Grade Acceptable Use Policy PDF
- SGSC Police Department Internet Usage Policy 2024 PDF
Summary
This document details an internet usage policy for a network. It discusses the design considerations, such as limits for personal versus official use, time frames, monitoring methods, and levels of privacy. It also emphasizes the importance of security and appropriate access control. The document covers the principles for implementing security policies like separation of duties, minimal privileges, preventing unauthorized access, and controlling employee access after leaving the company.
Full Transcript
Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Internet Usage Policy Design Considerations ® @ 0 o o o * Internet usage limit for official as well as personal use e QO e = Time frame for personal use = Method adoption for web Internet usage policy...
Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Internet Usage Policy Design Considerations ® @ 0 o o o * Internet usage limit for official as well as personal use e QO e = Time frame for personal use = Method adoption for web Internet usage policy governs SR the way the organization’s Internet connection is used by every device on the network TN = Levels of privacy for employees = Restricted content Internet Usage Policy Internet usage policy governs the way the organization’s internet connection is used by every device on the network. It informs employees about the rules to be followed while accessing the corporate Internet network. The implementation of such policies helps an organization maintain a secure network. Using an Internet policy keeps the systems secure and helps the user understand the types of risks a network can encounter. The policy should make employees aware that browsing prohibited sites or downloading files from unreliable sources can attract disciplinary action. Design Considerations * |nternet usage limit for official as well as personal use * Time frame for personal use = Method adoption for web usage monitoring = Levels of privacy for employees = Restricted content A small negligence from an employee or administrator end can lead to a major vulnerability in the network. The Internet usage policy must be accepted by all employees and it must be signed by them to acknowledge their understanding of the policy. Security professionals should (in consultation with top management) ensure the following: 1. Limited Usage: Employees should be aware that corporate Internet is used for official use only. Employees should refrain from using the Internet for their personal use such as for downloading movies. Module 05 Page 591 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 2. Setting a Timeframe for Personal Use: If an organization plans to allow employees to use the Internet for personal purposes, it can set a timeframe for the use. 3. Method for Monitoring Web Use: Security professionals should set monitoring standards to keep track of user activities on the Internet. These monitoring standards should follow the policies drafted in the document. 4. Discuss and Decide What Content Should Never be Allowed: Security professionals should discuss with top management and decide on a list of sites that should be denied or can be added to a list of non-trusted sites. Module 05 Page 592 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 User Access Control Policy O User access control policy gives an organization the ability to control, restrict, monitor, and protect corporate resource | availability, integrity, and @ Design Considerations Who can access (people, process, or 0 What system resources can be accessed? machines)? confidentiality What files can be read? T How to share data with other entities? What programs can be executed? User Access Control Policy The access control policy provides a way to control the interaction between users, systems, and resources. An access control policy helps an organization control, constrain, and defend the resource availability of an organization. Design Considerations *= Who can access (people, process, and machines)? = What system resources can be accessed? = What files can be read? = What programs can be executed? = How to share data with other entities? The policy should address the typical access control practices such as: = Undefined user or unknown account logins should be prohibited. = Powerful accounts such as an administrator account must be monitored continuously. = Lock access to accounts after crossing a limited number of unsuccessful login attempts. = Remove unused accounts. = Administer strict access criteria. = Enforce the need-to-know and least-privilege practices. = Disable unrequired system features and unused ports. = Restrict global access rules. Module 05 Page 593 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Administrative Controls Privilege Management Policy / Q A privilege management policy helps organizations decide what users can and cannot do Separétxon of Duties v" Ml.nfmal Privileges Involves the sharing of responsibility for tasks related to a particular v' security process among multiple people within the organization ¥... The main goal in developing breaches, abuse, theft, and errors Ensures that users are granted only the privileges that are necessary to fulfill v their job roles i : v such a policy is to control frauds, insider attacks, data Job Rotation Ensures that confidential data do not fall into the wrong hands even when a least privileged account is i compromised Involves the rotation of employees among different job roles with the intention of improving their skills and ability to work in different : roles and departments v Helps in minimizing risks evolving from insiders such as the abuse of rights and misuse of power Privilege Management Policy (Cont’d) Offboarding policy QO O. Entails all the necessary procedures and steps that are performed when an employee exits an organization The offboarding process also includes the following security procedures, which require utmost attention: Disable the user account and all other credentials related to the exiting employee. Ensure the handover of all the assets including software and hardware that are under the control of the exiting employee ' ‘ Uninstall and delete all the applications and data that belong to the organization from the exiting employee’s personal devices Ensure that the credentials for accessing the network or other critical resources are changed when the exiting employee is from a security or admin team Privilege Management Policy A privilege management policy helps organizations decide what users can and cannot do. It further helps in implementing strong credential policies and in identifying and mitigating risks from compromised user accounts. Module 05 Page 594 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 The privilege management policy includes the following elements. Separation of duties It is @ component included as part of an organization’s internal controls. This process involves sharing the responsibility of tasks related to a particular security process among multiple people within the organization. The main goal in developing such a policy is to control frauds, insider attacks, data breaches, abuse, theft, and errors. Minimal privileges This policy ensures that users are granted only the privileges that are necessary to fulfill their job roles. This policy ensures that confidential data do not fall into the wrong hands even when a least privileged account is compromised. Organizations need to perform regular user-account audits, decide which privileges are required for each user, and grant users with only those minimal privileges. Job rotation Job rotation involves the rotation of employees among different job roles with the intention of improving their skills and ability to work in different roles and departments. The rotation of job roles helps organizations in minimizing risks evolving from insiders such as the abuse of rights and misuse of power. Offboarding policy Offboarding entails all the necessary procedures and steps that are performed when an employee exits an organization. Appropriate offboarding ensures smooth transition for both the organization and the exiting employee. The offboarding process also includes the following security procedures, which require utmost attention. o Disable the user account and all other credentials related to the exiting employee. o Ensure the handover of all the assets including software and hardware that are under the control of the exiting employee. o Uninstall and delete all the applications and data that belong to the organization from the exiting employee’s personal devices such as their smartphone. o Ensure that the credentials for accessing the network or other critical resources are changed when the exiting employee is from a security or admin team. Module 05 Page 595 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.