You have just been hired as the Security Manager of a medi…
You have just been hired as the Security Manager of a medium-sized Financial Services company employing 250 people in Allen University, and have been asked to write two new security policies for this company. How strict or how lenient you want to make these policies for this particular company. You are asked to create two separate policies on use of EMAIL and a WIFI/INTERNET USE within the company. Be specific in your terms and conditions of use. Consider these items to be included in your policies (as applicable). 1. Overview 2. Purpose 3. Scope 4. Policy 5. Policy Compliance 6. Related Standards, Policies and Processes 7. Definitions and Terms Purchase the answer to view it
Title: Security Policy for Email Usage in a Financial Services Company
1. Overview:
This policy aims to establish guidelines for the appropriate use of email within the financial services company. It outlines the responsibilities of employees regarding email communication and ensures the confidentiality, integrity, and availability of information transmitted through the email system.
2. Purpose:
The purpose of this policy is to protect sensitive company information from unauthorized disclosure, mitigate the risk of data breaches, and maintain a productive and professional work environment. By adhering to this policy, employees are expected to use email in a responsible and secure manner.
3. Scope:
This policy applies to all employees, contractors, and third-party individuals who have been granted access to the company’s email system. It encompasses all electronic communications transmitted through the email system, including both internal and external messages.
4. Policy:
a. Acceptable Use: Email should only be used for business-related purposes. Personal use should be limited to reasonable, non-excessive activities during non-working hours and should not interfere with productivity. Chain letters, jokes, and other non-business-related content should not be circulated via email.
b. Security: Employees must take reasonable measures to protect the confidentiality, integrity, and availability of email communications. This includes using strong passwords, employing encryption when handling sensitive information, and refraining from sharing account credentials.
c. Prohibited Content: Any content that violates applicable laws, regulations, or company policies is strictly prohibited. This includes, but is not limited to, offensive, defamatory, discriminatory, or harassing material. Employees must not transmit or store any confidential or proprietary information without proper authorization.
d. Reporting Security Incidents: Employees are required to promptly report any suspected or actual security incidents, such as phishing attempts, malware infections, or unauthorized access to the email system. Incidents should be reported to the IT department or the designated security contact.
e. Monitoring and Retention: The company may monitor and archive email communications for compliance, security, and legal purposes. Employees should not have an expectation of privacy when using the company’s email system.
5. Policy Compliance:
Non-compliance with this policy may result in disciplinary action, up to and including termination of employment. The company reserves the right to investigate any alleged violations and take appropriate remedial actions.
6. Related Standards, Policies, and Processes:
This policy is to be read in conjunction with the company’s acceptable use policy, data protection policy, incident response plan, and other relevant company policies. It also aligns with legal and regulatory requirements concerning email communications, such as the General Data Protection Regulation (GDPR).
7. Definitions and Terms:
a. Confidential Information: Any information that is not publicly available and may include, but is not limited to, financial data, customer information, trade secrets, and intellectual property.
b. Encryption: The process of encoding information to make it unreadable to unauthorized individuals.