Internet Usage Policy of an Organization-Free-Sample for Students

Question: Discuss about the usage and the limitations of Internet Usage Policy of a particular Organization. Answer: Introduction Security policies are set of instructions or rather can be referred to as rules of a particular organization that help the employees to understand the basic constraints of an employee. Internet Usage Policy is the policy that describes about the guidelines and rules of the suitable utilization of the organizations network, equipment, andaccess to internet (Wall, Palvia and Lowry 2013). The Internet Usage Policyis the chief certificate that is signed by all staff members and employees before starting their work in the organization. Violation of these policy norms can end the employee or staff member in prison or he can be penalized. The report outlines the usage and the limitations of Internet Usage Policy of a particular organization. This report clearly defines about the guidelines and the rules of the Internet Usage Policy. It also covers a brief overview, the purpose and the scope of this particular policy. The report also specifies the penalty and the legal actions that are to be taken if there is any kind of violation in the policy. The policy mentions the authorized and the prohibited users. The report also emphasizes on the confidentiality of the information of this Internet Usage Policy. The description of the discussion is given in the following paragraphs. Discussion Security Policy Security policycan be defined as the set of norms or guidelines, which state the security of information or data for a system, company or organization. This policy helps the employees of the organization to understand the rules of the organization and so that there is no violation of rules for the policy (Cheng et al. 2013). For a particular organization, the security policy addresses the limitations or constraints on the conduct of its employees and members as well as limitations inflicted on competitors or challengers by different mechanisms such as locks, keys, doors, and walls (Pieters, Dimkov and Pavlovic 2013). However, the security policy for systems is slight different. In systems, the policy addresses restrictions on functions and move among the functions, limitations on ingress by external competitors, adversaries and systems including access to data and programs by authorized people. There are many systematic strategies of risk assessment and various methodologies to ensur e the comprehensiveness of the security policies and reassure that the policies are completely imposed (Wall, Palvia and Lowry 2013). In various complex systems, such asinformation systems, security policies can be degraded into several sub-policies to facilitate the allotment of security mechanisms to prosecute sub-policies. Internet Usage Policy Internet Usage Policy defines the access and the restrictions of internet in an organization. All employees of that organization follow this policy (Orr, Ptacek and Song 2012). The Internet Usage Policy is applicable to all Internet users, which mean individuals working for the organization that include permanent part-time and full-time employees, business partners, vendors, temporary agency workers and contract workers, who utilizes the Internet through the networking or computing resources (Sommestad et al. 2014). The organization's Internet users are presumed to be well known with and to comply with this internet usage policy, and are needed to exercise good judgment and use their common sense while using the Internet services. Internet is to be accessed for only business purposes. The following Internet services are to be accessed. a) E-mail: Receive or send emails from the Internet that would be with or without attachments. b) File Transfer Protocol (FTP): Sending files or information and receiving incoming data and files, as required for organizational c) Navigation: Employees will get complete access to the Internet and restricted access from the Internet (Sommestad et al. 2014). Management retains the authority to add or remove services as organization needs change and alterations. Internet Access The employee is required to read the Internet usage Policy. He/she will then sign the statement that he or she agrees to comply with the policy. The user does not have any other option except to sign this policy (Choyi and Vinokurov 2012). The employee is granted policy acknowledgement and awareness. After he requests for the internet access, by submitting an IT Access Request form along with an attached copy of a signed Internet Usage Coverage Acknowledgement Form, he will get the access from the IT department. Internet access will be stopped upon completion of contract, resignation of employee, termination of service of non-employee, or legal action arising from violating this policy (Safa, Von Solms and Furnell 2016). All users are given certain ID for their internet access and when they stop working, their IDs are taken back. Utilizing the companys Internet will be supported and given only if practicable business requirements are recognized (Berger 2014). Internet access will be allowed on the basis of the current job responsibilities of a staff member. When an employee shifts to any other business unit or changes his job functions, a new request for Internet access must be submitted to IT department within 5 days (Vance and Siponen 2012.). The requirements will be reviewed on a monthly basis by the organization. Allowed Usage Internet usage is given for the purpose of doing business activities and to carry out the job functions (Cheng et al. 2013). All employees must follow the principles of the organization regarding usage of Internet. The access of Internet can include: Communication between the employees for business purposes; Downloading software patches and upgrades; Viewing possible websites for the product information; For technical information. Personal Usage The employees do not have the right to use the companys Internet for their personal reasons. However, if the reason is genuine, the employee can take permission from the authority and access the Internet (Orr, Ptacek and Song 2012). Users, who opt to transmit or store their personal information such as credit card numbers, private keys, or any confidential access, do so at their own risk. The organization is not responsible for any kind of breaching or loss of information. Prohibited Usage The employees are not allowed to access any illegal web sites and access data from those web sites (Bayuk et al. 2012). Storage, acquisition and usage of information that is not legal, or that negatively protrays sex, race or creed is highly prohibited. The organization also stops the behavior of a political activity that is engaging in fraudulent activities, and in any structure of intelligence collection from the provisions. Other activities are strictly prohibited. The activities include: Access of company information which is not within the opportunity of an individuals work (Berger 2014). This includes unauthorized access of personnel file information, reading of customer account information, and accessing information, which is not needed for the proper completion of job functions. Disclosing or misusing without perfect permission, and changing customer information. This includes making unauthorized alterations to a file or sharing personnel data with unauthorized users (Choyi and Vinokurov 2012). Any behavior that would encourage a criminal offense, or violate any regulations, state, national or international, local law. Transmission, use, voluntary or duplication receipt of material that infringes on the trademarks, copyrights or patent rights of any organization or person. Transmission, use of any confidential or sensitive information without any proper controls. Transmission, creation, posting or voluntary receipt of any threatening, offensive, unlawful, harassing material, including comments that are based on national origin, race, sex, age, religion, political beliefs or disability (Orr, Ptacek and Song 2012). Any type of gambling. Downloading of any unauthorized programs for utilization without permission from the IT Department (Pieters, Dimkov and Pavlovic 2013). Ordering or shopping of goods on the Internet. Accessing of any games. The above-mentioned activities are strictly prohibited as per the Internet Usage Policy of an organization. The employees should make sensible efforts to use the internet in ways that do not affect other employees (Banuri et al. 2012). Specific departments should set regulations on resource allocation and bandwidth use, and should ban downloading of particular file types. Software License The organization strongly supports strictness to software vendors license agreements. When at work, or when company computing or networking resources are employed, copying of software in a manner that is not consistent with the vendors license is strictly prohibited (Ifinedo 2012). Similarly, production of materials that are available over the Internet must be done only with the written permission of the owner or author of the document. Permission is necessary if the user is wanting to make copies of contents that already exists. Copies of materials can be anything including journals, magazines, books, newsletters or other online documents (Neisse, Steri and Baldini 2014). Using organizations computer resources to access the Internet for personal purposes, without the approval from the IT department and the users manager, will be considered cause for legal action including and up to termination. The employees who choose to transmit or store their personal information for example the passwords, credit or debit card numbers, private keys, encrypted certificates will do so at their own risk (Knapp and Ferrante 2012). This can be quite risky as there is always a chance of hacking in Internet that is accessed by many people. The employees should be careful about their privacy and confidentiality. Review of Public Information All the directories that are publicly written on Internet-connected computers will be cleared and reviewed each month end. This process is required to stop the anonymous exchange of data that are inconsistent with company business (Gouglidis, Mavridis and Hu 2014). Examples of public information that are unauthorized include use of credit and debit cards, pirated information, and passwords. Privacy of the users personal information and data are expected to be secured. These are secured through various functions like monitoring, confidentiality of emails and maintaining a corporate image (Vance and Siponen 2012.). Monitoring The IT department should periodically monitor the internet activities so that the users should be aware of their access and they try to limit their illegal usage and activities (Vance and Siponen 2012.). Management should have the right to check and evaluate the personal file directories, emails, web access and all other information, which are stored on the company computers, at any time without any kind of notice (Ifinedo 2012). This examination and evaluation assures compliance with internet usage policy and the employees are afraid to do any illegal work in office premises. This monitoring will even help the other employees to feel safe and secure. E-mail Confidentiality Confidentiality of personal mails or emails is another major function to secure the privacy of personal and official information. The employees should be aware that a clean text email is not a secured mode of communication (Banuri et al. 2012). There is a chance of hacking in such cases. The organization will not guarantee that electronic communications will be private. The users should be aware that the electronic communications could be intercepted, printed, forwarded, and stored by others. The users should also be aware that once an email is transmitted it might be changed (Orr, Ptacek and Song 2012). Removing an email from an employee workstation will not delete it from the different systems across which the email has been transmitted. Maintaining Corporate Image While using the company resources to use and access the Internet, the users should realize that they represent their company (Bayuk et al. 2012). Whenever the employees state an affiliation to the organization, they must also clearly reflect that the opinions are expressed from their own and not necessarily those of their company. The users should not keep company material for example documentation, press releases, internal memos, and product or usage information on any public news group, mailing list or such service (Gouglidis, Mavridis and Hu 2014). Any posting of materials must be approved by the employees manager and the information technology department and will be kept by an authorized person. All the business units and individuals wishing to develop a WWW home page or site should first develop implementation, business, and maintenance plans (Neisse, Steri and Baldini 2014). Official permission should be acquired through the IT Department. This will maintain publishing and content standards needed to ensure appropriateness ad consistency. Moreover, contents of the material that are made available to the public through the Internet should be formally reviewed and supported before being published (Knapp and Ferrante 2012). All material should be to the Corporate Manager for initial approval to continue. Conclusion Therefore, from the above discussion, it can concluded that security policies are extremely important for all organization. Such policies keep the confidentiality and the authenticity of the company. The report focuses on the Internet Usage policy. This policy defines about the utilization and the limitations of access to internet in an organization. This policy is maintained by all employees. The internet usage policy has some instructions or rules for the employees so that they do not cross their limits while using office internet. The above report points out a set of guidelines that are to be followed by the employees of all organization regarding internet. This policy is extremely beneficial and helpful to mitigate or reduce cyber crime and unnecessary usage of companys internet References Banuri, H., Alam, M., Khan, S., Manzoor, J., Ali, B., Khan, Y., Yaseen, M., Tahir, M.N., Ali, T., Alam, Q. and Zhang, X., 2012. An Android runtime security policy enforcement framework.Personal and Ubiquitous Computing,16(6), pp.631-641. Bayuk, J.L., Healey, J., Rohmeyer, P., Sachs, M.H., Schmidt, J. and Weiss, J., 2012.Cyber security policy guidebook. John Wiley Sons. Berger, T.U., 2014. Norms, Identity, and National Security.Security Studies: A Reader. Cheng, L., Li, Y., Li, W., Holm, E. and Zhai, Q., 2013. Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory.Computers Security,39, pp.447-459. Choyi, V.K. and Vinokurov, D., Alcatel Lucent, 2012.System and method of network access security policy management for multimodal device. U.S. Patent 8,191,106. Gouglidis, A., Mavridis, I. and Hu, V.C., 2014. Security policy verification for multi-domains in cloud systems.International Journal of Information Security,13(2), pp.97-111. Ifinedo, P., 2012. Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory.Computers Security,31(1), pp.83-95. Knapp, K.J. and Ferrante, C.J., 2012. Policy awareness, enforcement and maintenance: Critical to information security effectiveness in organizations.Journal of Management Policy and Practice,13(5), p.66. Neisse, R., Steri, G. and Baldini, G., 2014, October. Enforcement of security policy rules for the internet of things. InWireless and Mobile Computing, Networking and Communications (WiMob), 2014 IEEE 10th International Conference on(pp. 165-172). IEEE. Orr, D.B., Ptacek, T.H. and Song, D.J., Arbor Networks, Inc., 2012.Method and system for authentication event security policy generation. U.S. Patent 8,146,160. Ouedraogo, W.F., Biennier, F. and Ghodous, P., 2012, April. Adaptive Security Policy Model to Deploy Business Process in Cloud Infrastructure. InCLOSER(pp. 287-290). Pieters, W., Dimkov, T. and Pavlovic, D., 2013. Security policy alignment: A formal approach.IEEE Systems Journal,7(2), pp.275-287. Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model in organizations.computers security,56, pp.70-82. Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing information security policy compliance: a systematic review of quantitative studies.Information Management Computer Security,22(1), pp.42-75. Vance, A. and Siponen, M.T., 2012. IS security policy violations: a rational choice perspective.Journal of Organizational and End User Computing (JOEUC),24(1), pp.21-41. Wall, J.D., Palvia, P. and Lowry, P.B., 2013. Control-related motivations and information security policy compliance: The role of autonomy and efficacy.Journal of Information Privacy and Security,9(4), pp.52-79