1

Computer and Internet Security Policy

Student's Name

Institutional Affiliation

Course Number and Name

Instructor's Name

Assignment's Due Date

 2

Computer and Internet Security Policy

Technological advancements in the cyber sphere have led in enhanced efficiency and

risks in the current day. Most businesses in today's world have integrated and implemented cyber

technology into the running of their systems, increasing production efficiency but jeopardizing

their cybersecurity (Hatzivasilis, 2020). Hackers have developed sophisticated techniques for

accessing a company's cyber networks and leeching data that might hurt the company as

technology progresses. Because of the risks involved with technological advancement and the

utilization of technology in coporations, rules, regulations, and procedures must be developed to

guide staff in operating the systems in order to protect and preserve the firm's information

system.

A company's computer and internet security guidelines are established as processes via

which personnel seek to increase responsible internet and cyber system usage (Hatzivasilis,

2020). The regulations also assist the organization in maintaining employee conduct as well as

proliferating and disseminating information within the technological information system.

Cybersecurity standards also ensure that the company can adequately inspect its systems

(Hatzivasilis, 2020). As a Chief Security Officer, one requires a computer and email acceptable

use policy, an Internet acceptable use policy, a password protection policy, and a social media

and blogging policy. Based on this, this paper will a thorough discussion of the four policies

which can be implemented in an organization to prevent and reduce the risks associated with

weak cybersecurity,

Computer and Email Acceptable Use Policy

The Chief Security Officer (CSO) is in charge of the entire security policies of the

company, with both physical and cyber security, to assist firms in mitigating major risks and
 3

minimizing loss. A CSO in a company is the departmental leader and the person in charge of

dealing with essential aspects of information security and managing core business activities

without serious security difficulties (Cram et al., 2017). The CSO responds rapidly to

information security issues and identifies critical flaws to stop potential security vulnerabilities.

CSOs also actively participate in the execution of security policies and aim to work on the

primary risk-related areas. Computer and internet security is critical, and enterprises should

concentrate on developing strong security procedures to avoid cyber-attacks and reduce the key

risks to the business.

The acceptable computer use policy comes first. This policy oversees the usage of

computers and emails inside the company and addresses a wide range of topics, covering

computer and email permissions, roles, rights, and consequences (Sohrabi Safa et al., 2016).

Different organizations have their Computer and Email Acceptable Use Policies, which Chief

Security Officers develop (CSOs) in collaboration with the administration and after consultation

with many stakeholders, including workers. Computer and Email Acceptable Use Policies not

only control the use of emails and computers but also strengthen the company's entire ICT

policy, safeguarding both the firm and its personnel (Sohrabi Safa et al., 2016). Restrictions

placed on persons who violate the policy are an important component of the policy papers

because they assist in dissuading individuals from violating the policy and also give guidance on

what should be done if such an occurrence occurs. Another key component of the policy is

safeguarding the organization from liabilities if individuals participate in unlawful activity. For

the policy to be successful, all stakeholders affected by it should be notified of it and its content,

guaranteeing that they follow its requirements.

 4

As the organization's CSO, I want to guarantee that the firm's resources are utilized for its

intended goals. The following criteria will be included in the method I will build and apply to use

the organization's computers properly. The first step is to guarantee that the organization's

computers are never utilized for personal purposes, such as keeping individual files or for

amusement. Second, without the authorization of the IT leader, nobody should introduce any

writeable disk into the organization's machines or install any software or application. Third,

every component of the institution's computers should be taken at its facilities (Sohrabi Safa et

al., 2016). If someone discovers an issue with their computer, they should notify the IT

department, which will assist in dealing with the situation adequately. These are the appropriate

policies for using the firm's computers I have created.

Considering technology is such a crucial tool in almost every industry, organizations

must take preventative precautions to protect their technology and computer assets in order to

avoid significant risks. Protect the companies and essential assets from security events. Both

policies are critical in protecting corporate activities from security threats. Companies can tailor

the necessary security procedures with computer security rules and acceptable usage policies

(Sohrabi Safa et al., 2016). These security policies are necessary and crucial to put up the finest

security measures for the business to safeguard the business from expensive damages and

unknown situations.

The following principles and restrictions will be included in the email acceptable usage

policies I will create for the business. First and foremost, the sole email address employed in any

company's communication ought to be the authorized organization's email address. Individuals

should refrain from utilizing their email to login into the organization's system or employ the

approved company's email to send or receive communications (Hatzivasilis, 2020). The firm's
 5

email address should be used to avoid signing up for personal internet platforms. Without

authority or direction from leadership or the IT department, no one should view documents sent

to the company's email. Employees will receive regular training and upgrades to protect them

against email dangers like phishing assaults. These standards will allow the company to avoid

email-related cyber-attacks while ensuring that its email is only utilized for legitimate purposes.

The Chief Security Officer (CSO) is also in charge of implementing enterprise security

policies to prevent undesirable security events and vulnerabilities. Users must observe all of the

criteria established by the managers in the acceptable usage policy to preserve the business's

important data assets and infrastructure security (Hatzivasilis, 2020). Many businesses and other

sectors are eager to develop acceptable usage standards to concentrate on protecting critical

corporate assets and other infrastructure. In the acceptable usage policy, users must therefore

check in with an internet provider so that the appropriate security mechanism can be

implemented and the organization is protected from unpleasant scenarios.

Internet Acceptable Use Policy

The Internet, often known as the World Wide Web, is vast and comprises positive and

harmful elements that may help a business flourish or jeopardize its cybersecurity. Because of

these variables, it is necessary to guarantee that the Internet is utilized for the organization's

benefit and does not expose it to cyber-attacks or make it less efficient (Hatzivasilis, 2020). The

Internet includes entertainment and other factors that might disrupt workers' concentration and

focus, affecting organizational productivity because most of the time is spent on the Internet

rather than working. Hackers utilize other domains to induce individuals to open documents,

files, URLs, or register to obtain entry to the company's system and obtain all of the information

they require, which may harm the firm (Edge & O’Donnell, 2016). Other websites on the
 6

Internet might infect the system with malware, leading the system to malfunction or modify and

keep the company's data hostage. Individuals and organizations suffer security concerns and

other risks due to many human mistakes and security gaps. Because of the hazards connected

with acceptable internet use, there is a need to implement regulations allowing the organization's

personnel to use the Internet responsibly.

The Chief Security Officer (CSO) establishes all security rules and procedures to defend

the corporate structure from unwelcome events. CSO establishes security principles and policies

to safeguard corporate assets from unfavorable conditions (Edge & O’Donnell, 2016). Protect

corporate company assets, sustain regulatory requirements policies and processes, avoid

responsibility for offensive online material, and avoid loss of productivity and other associated

activities. Furthermore, Internet-acceptable use regulations preserve regulatory audit controls and

adhere to security criteria by the end of the day, allowing major security concerns and disasters

to be contained. In order to prevent undesirable security vulnerabilities, the Chief Security

Officer established the relevant rules and a secure platform for the organization (Edge &

O’Donnell, 2016).

The following will be included in the internet acceptable usage regulations that I will

write as the organization's CSO. The Internet should be utilized solely for work-related activities

and research to gain information on better job performance, not for amusement or any other

personal cause (Hatzivasilis, 2020). When utilizing the company's Internet, online entertainment

outlets and social accessibility should be banned and prohibited. The Internet should only be

used to connect the channels and sites that the employer approves. No one should link their

gadgets to the Internet of the firm. The internet wires linked to the machines should not be

tampered with, and any problems with the network should be reported promptly to the IT
 7

department. These principles will allow the organization's Internet to be used fairly to boost

productivity instead of jeopardizing its cybersecurity (Hatzivasilis, 2020).

Password Protection Policy

Passwords serve as the first line of defense for user accounts inside the system, rendering

them an essential component of the computer and system security. According to Hatzivasilis

(2020), shoddily selected passwords pose a significant risk to the firm's protection since bad

actors may quickly access and exploit them to undermine the organization's information, assets,

and systems. As a result, all stakeholders having access to the company's network, particularly

suppliers, contractors, and employees, are responsible for implementing the methods indicated in

this Password Protection Policy to choose and safeguard their passwords (Hatzivasilis, 2020). It

is worth noting that the major goal of this policy is to establish guidelines for establishing strong

passwords, securing the selected passwords, and deciding how frequently passwords should be

updated. The scope of this policy includes any personnel who are accountable for or have an

account or any access needing or enabling passwords in any network based at any of the

company's locations. It also pertains to people who have access to the firm's networks or

maintain firm information that is not accessible to the general public.

Access to the organization's structure should be regulated and managed by approving

who has access to the system's level, which is accomplished through the login credentials

provided. It is also necessary to identify the scenario's access via login information, such as

passwords and password combos required before logging into the system (Hatzivasilis, 2020).

Passwords are vital security features that every employee should have and keep secret to protect

data individuals from accessing the company's system. Because passwords are so important, a

policy should be in place to help employees secure their passwords. Passwords, for example,
 8

must be reset every 90 days; users must use secure passwords with at least eight characters,

validate system-level passwords, and resist using popular passwords.

CSO adheres to all security requirements to give companies the finest security

mechanisms and control susceptible occurrences before the end of the day. Using inadequate and

weak passwords can harm the whole corporate structure and reduce the number of vulnerable

situations by the end of the day. The CSO may handle main security operations and create robust

internet and password security rules in unpredictable and susceptible situations (Edge &

O’Donnell, 2016). As a result, the password protection policy I will create contains the

conditions and rules listed below. First, each employee should create an eight-digit password that

includes lowercase and uppercase letters, numbers, and symbols. The password should not

contain their initials, dates of birth, or any other frequently learned personal information. The

password should be remembered rather than written on any material near their working locations

(Hatzivasilis, 2020). The password should be kept private, updated, and altered thrice. Nobody

should configure their computers to retain their passwords all the time. These standards and

regulations will allow secure access to the company's system while prohibiting unauthorized

parties from entering it, improving system security.

Large IT businesses are now employing CSOs coming from external enterprises and

allocating them security-related tasks so that they may work on mitigation measures. To give the

greatest outcomes, CSOs must be capable of providing the best results while minimizing serious

security risks by the end of the day. By the end of the day, employees in firms are working

diligently on password rules and adhering to strict security requirements (Edge & O’Donnell,

2016). Based on this, employees should only share their passwords within their businesses and

should utilize strong passwords of at least eight characters. Following a robust password
 9

protection strategy may reduce numerous security problems and avoid the usage of simple

passwords in businesses, which may allow attackers to exploit weaknesses.

Social Media And Blogging Policy

The company realizes the importance of the internet in influencing public perceptions

about the entity, its partner organizations, clients, workers, and current and future products, and

values employees' contributions to influencing the company's orientation and discussion through

interactions via social media and blogging. The firm also knows that workers can contribute to or

operate blogs and social media profiles on multiple platforms, as well as participate in online

community programs on their own or at the request of the corporation or its clients. In this

respect, the firm guarantees its personnel that it is dedicated to supporting their freedom to

participate ethically and insightfully via blogs and social media. This strategy not only tackles

difficulties that may develop due to negligent use of social media and blogging but also gives a

framework for utilizing these platforms (Chen et al., 2015). This policy, together with the current

rules, disciplinary system, and code of conduct, must be read and implemented by all workers.

The strategy is focused on two essential components: promoting the company on social media

and utilizing private social media in the workplace.

The firm enables its workers to use social media and other internet platforms at work;

nevertheless, it is required that they be appropriate and act in a manner that does not interfere

with their productivity. All staff is urged to limit their time spent on social media to a few

minutes at intervals. When publishing inline, it is anticipated that all workers would be conscious

of the company's confidentiality regulations. Workers should thus be attentive, polite, and

courteous and evaluate how their online behaviors may affect other employees and the business

(Chen et al., 2015). Harassing, intimidating, inappropriate, incorrect, inaccurate, and poorly
 10

phrased posts can harm employees and destroy colleague relationships. Moreover, this can harm

the company's brand, hinder the organization's efforts to improve collaboration, and harm the

company's relationships with customers, vendors, and other partners. Employees who engage in

such behavior may face disciplinary action, even termination. Employees are advised to avoid

disparaging, insulting, and defamatory information, not to disclose intellectual property on their

social media sites, and to guarantee that the information on their accounts does not reflect the

company's viewpoint.

Employees should inform their superiors know when writing a blog or constructing a

website that will reference the firm, its stakeholders, or its existing and planned goods. This will

enable the supervisor to examine the blog or website and grasp the writer's point of view. The

organization also pushes its staff to write material for their blogs and web pages accurately and

knowledgeably while maintaining professionalism. Regardless of disclaimers, public perceptions

about the firm, its stakeholders, and goods might be developed based on information on the

website and blogs.

Other workers' privacy rights should be protected by obtaining their consent before

showing or publishing anything that may violate their privacy and confidentiality (Edge &

O’Donnell, 2016). Workers are legally accountable for the material they publish online. The

company can reprimand them for photos, content, or opinions that are slanderous, abusive,

private, obscene, defamatory, or create a hostile work environment. The corporation or any other

impacted stakeholders may also prosecute these persons. To maintain compliance with this

policy, firm management will regularly monitor postings on individual social media and

blogging profiles. Noncompliance with this policy includes inflammatory comments and remarks
 11

aimed at the internet group, revealing of personal information, and failure to meet social media

timelines and obligations (Chen et al., 2015).

Conclusion

The purpose of this document was to create a computer and internet security policy for

the organization that includes social media and blogging policies, password protection policies,

internet acceptable use policies, and computer and email guidelines. The discussion has

recognized that a computer and online security policy encompasses a variety of characteristics

that are primarily aimed at safeguarding both staff and the company from numerous concerns

that may occur from the usage of computers and the internet. Computer and Email Acceptable

Use Policies not only limit the utilization of emails and computers but also strengthen the

company's current ICT policy, safeguarding both the firm and its personnel. The Password

protection policy aims to establish guidelines for developing strong passwords, securing the

selected passwords, and defining how frequently passwords should be updated. The social media

and blogging policy not only addresses difficulties that may come from improper use of social

media and blogging but also gives a structure for using these channels. An acceptable internet

usage policy outlines an institution's internet use and covers various topics relating to internet

usage, like consequences, benefits, rights, and obligations. To guarantee that the computer and

internet security policy is successful and achieves the aims for which it was formed, its elements

should be widely advertised among the essential stakeholders to ensure that they comply with the

stated standards.
 12

References

Chen, Y., Ramamurthy, K. (R., & Wen, K.-W. (2015). Impacts of comprehensive information

security programs on information security culture. Journal of Computer Information

Systems, 55(3), 11–19. https://doi.org/10.1080/08874417.2015.11645767

Cram, W. A., Proudfoot, J. G., & D’Arcy, J. (2017). Organizational Information Security

Policies: A review and research framework. European Journal of Information Systems,

26(6), 605–641. https://doi.org/10.1057/s41303-017-0059-9

Edge, C., & O’Donnell, D. (2016). Infosec acceptable use policy. Enterprise Mac Security, 487–

493. https://doi.org/10.1007/978-1-4842-1712-2_19

Hatzivasilis, G. (2020). Password management: How secure is your login process? Model-

Driven Simulation and Training Environments for Cybersecurity, 157–177.

https://doi.org/10.1007/978-3-030-62433-0_10

Sohrabi Safa, N., Von Solms, R., & Furnell, S. (2016). Information security policy compliance

model in organizations. Computers & Security, 56, 70–82.

https://doi.org/10.1016/j.cose.2015.10.006