The scenario is the organisation for which I work has no Internet use policies and therefore the employee’s uses the company assets for their own personal use which can be harmful for organisation. Therefore the organisation needs to implement internet security policies. The following IT security policies are been considered with the level of protection for each policy are been considered:
Policy for Internet Use:
The usage of internet during the working hours in the organisation is authorized for conducting the business of the organisation. Internet use introduces probability of breaching the confidential information of organisation. It also introduces possibility of contamination through spyware and viruses. Spyware in the system gives the access of confidential information of the system to the unauthorised user. The access gained by them may harm the organisational operation. Therefore internet use policies restrict the use of other website in the organisational systems which are not authentic (Shepherd & Meijas, 2016). The use of non-business-related site is been strictly prohibited by this policy. Removing of spyware or viruses is done by IT staff of the organisation. Due to this reason the staffs are been asked to work appropriately at the time of work and limit the usage of internet by visiting other harmful site. If the employees do these types of action then this policy can bound the organisation to take action against it and terminate employment.
Policy for the External Device Usage:Access Control:
ITD possesses the power of refusal through both physical as well as non-physical ways, the capability of connecting mobile devices to a college-linked setup. ITD engages in alike act if it senses these tools are being utilized in a means which puts the businesses users, data, systems and even students at danger. Before initially using on the university setup or such substructure, all the mobile devices needs to be listed under ITD. ITD will retain a list of sanctioned mobile devices and pertinent software applications as well as utilities, which will be stocked on the Website of the business. Unregistered or unlisted mobile devices will not be connected to university set-up. If devices that one prefers are not seen on the list, the individual can contact the assistance desk (French, Guo & Shim, 2014). Even though ITD at present is allowing specifically registered devices to be attached to the business set-up, it solely possesses the right f updating this list at any point of time.
Policy for Employee Identification:
- Commitment of Sentiment: It is assumed as an employee’s positive emotional attachment with the business. Such employees links themselves very strongly with company’s objectives and looks forward to continue with the business as they wants to do it wilfully.
- Commitment of Continuation: The emotional percentage is mostly arguable and employee identifies it as very pricey in losing the membership of the organization. It can be for several causes like – right from monetary expenses of remuneration and welfares to social expenditures of relations and status. These employees’ continue with the business as they are strongly associated.
- Normative Commitment: It is a part where the employees play an important role to the organizations they are attached. They feel for returning the value for the commitments that is already being made by her/him by the particular organization. The aspect for the loyalty is considered strong due to the value of the perceptions for the individuals of the behaviour or due to the norms that are active socially for the application of the context and relating the entire environment of that organization(Henderson et al., 2015).
Computer Use Policy:
This type of policy is considered for all the employees for the utilizations of the computer, laptop, PDA or any particular device for the connection of the network of the company. It is considered as a responsibility for every employee for the maintenance in a professional and an ethical manner without violating any sort of rules. By agreeing and signing the policy, every employee abides by the following rules:
- Do not publish, email, or distribute any content that is offensive and or obscene
- Do not print, download or store any files or services thathave sexually explicit content
- Do not send picture, photograph, and drawing or similar visual representation displaying sexual content
- Do not view any sort of websites or send emails that can promotesviolenceor crime
- Do not view any websites or send emails for the promotions or for the criticizing religious beliefs
- Do not view or send Illegal material, such as child pornography
- Do not view or send information that is sexual in nature that can be considered harassment
French, A. M., Guo, C., & Shim, J. P. (2014). Current Status, Issues, and Future of Bring Your Own Device (BYOD). CAIS, 35, 10.
Henderson, A., Cheney, G., & Weaver, C. K. (2015). The role of employee identification and organizational identity in strategic communication and organizational issues management about genetic modification. International Journal of Business Communication, 52(1), 12-41.
Shepherd, M. M., & Mejias, R. J. (2016). Nontechnical deterrence effects of mild and severe Internet use policy reminders in reducing employee Internet abuse. International Journal of Human-Computer Interaction, 32(7), 557-567.