Paul Elander
ITT Technical Institute
Per Hatlevik
Introduction to Information Security – NT2580
7/24/2015
Acceptable Use Policy
1. Overview
InfoSec’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to Richman Investments’ established culture of openness, trust and integrity. Infosec is committed to protecting Richman Investments’ employees, partners and the company from illegal or damaging actions by individuals, either knowingly or unknowingly.
Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, WWW browsing, and FTP, are the property of Richman Investments. These systems are to be used for business purposes in serving the interests of the company, and of our clients and customers in the course of normal operations. Please review Human Resources policies for further details.
Effective security is a team effort involving the participation and support of every Richman Investments employee and affiliate who deals with information and/or information systems. It is the responsibility of every computer user to know these guidelines, and to conduct their activities accordingly.
2. Purpose
The purpose of this policy is to outline the acceptable use of computer equipment at Richman Investments. These rules are in place to protect the employee and Richman Investments. Inappropriate use exposes Richman Investments to risks including virus attacks, compromise of network systems and services, and legal issues.
3. Scope
This policy applies to the use of information, electronic and computing devices, and network resources to conduct Richman Investments business or interact with internal networks and business systems, whether owned or leased by Richman Investments, the employee, or a third party. All employees, contractors, consultants, temporary, and other workers at Richman Investments and its subsidiaries are responsible for exercising good judgment regarding appropriate use of information, electronic devices, and network resources in accordance with Richman Investments policies and standards, and local laws and regulation. Exceptions to this policy are documented in section 5.2
This policy applies to employees, contractors, consultants, temporaries, and other workers at Richman Investments, including all personnel affiliated with third parties. This policy applies to all equipment that is owned or leased by Richman Investments.
4. Policy
4.1 General Use and Ownership
4.1.1 Richman Investments proprietary information stored on electronic and computing devices whether owned or leased by Richman Investments, the employee or a third party, remains the sole property of Richman Investments. You must ensure through legal or technical means that proprietary information is protected in accordance with the Data Protection Standard.
4.1.2 You have a responsibility to promptly report the theft, loss or unauthorized disclosure of Richman Investments proprietary information.
4.1.3 You may access, use or share Richman Investments proprietary information only to the extent it is authorized and necessary to fulfill your assigned job duties.
4.1.4 Employees are responsible for exercising good judgment regarding the reasonableness of personal use. Individual departments are responsible for creating guidelines concerning personal use of Internet/Intranet/Extranet systems. In the absence of such policies, employees should be guided by departmental policies on personal use, and if there is any uncertainty, employees should consult their supervisor or manager.
4.1.5 For security and network maintenance purposes, authorized individuals within Richman Investments may monitor equipment, systems and network traffic at any time, per InfoSec’s Audit Policy.
4.1.6 Richman Investments reserves the right to audit networks and systems on a periodic basis