Information Security Policies andElectronic Policies


In the previous section, we suggested that more than one document was necessary to implement security in your organization. One of those documents will be an e-policy document. E-policies translate information security policies into specific, measurable objectives for your IT staff. Table 23-1 provides some examples.

Table 23-1: E-Policy examples

Information Security Policy

Electronic Policy

Administrative and Service Account passwords must never be in a readable form outside the servers or a physically secure environment.

Administrative and Service Account passwords can never be written down unless such documentation is secured in the IT vault. Passwords can be read and communicated only to members of the Administration team.

Unless specifically authorized, users cannot acquire, possess, or use hardware or software tools that could be used to compromise information systems security.

Only members of the administrative team are authorized to acquire, possess, and use hardware or software tools that can be used to compromise information systems security. These tools will not be used without the approval of the Director of Technology, and the approval must be in writing. The tools will be used only for specific, time-limited functions and then their use must be stopped.

Users will not use company computers for personal use.

IT personnel are authorized to uninstall non- supported programs or programs installed for personal use. IT personnel are authorized to delete any data files, without warning to the owner of those files, that are clearly created and used for non- company activities.

After the information security policies are written, you must write the e-policies. Only then will you be ready to implement security technologies, which we will discuss in the Chapter 24, “Exchange Server Security,” and Chapter 25, “Securing Exchange Server 2003 Messages.”




Microsoft Exchange Server 2003 Administrator's Companion
Microsoft Exchange Server 2003 Administrators Companion (Pro-Administrators Companion)
ISBN: 0735619794
EAN: 2147483647
Year: 2005
Pages: 254

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net