Professional Documents
Culture Documents
Computer and Internet Security Policy
Computer and Internet Security Policy
Computer and Internet Security Policy
Student's Name
Institutional Affiliation
Instructor's Name
Technological advancements in the cyber sphere have led in enhanced efficiency and
risks in the current day. Most businesses in today's world have integrated and implemented cyber
technology into the running of their systems, increasing production efficiency but jeopardizing
their cybersecurity (Hatzivasilis, 2020). Hackers have developed sophisticated techniques for
accessing a company's cyber networks and leeching data that might hurt the company as
technology progresses. Because of the risks involved with technological advancement and the
guide staff in operating the systems in order to protect and preserve the firm's information
system.
A company's computer and internet security guidelines are established as processes via
which personnel seek to increase responsible internet and cyber system usage (Hatzivasilis,
2020). The regulations also assist the organization in maintaining employee conduct as well as
Cybersecurity standards also ensure that the company can adequately inspect its systems
(Hatzivasilis, 2020). As a Chief Security Officer, one requires a computer and email acceptable
use policy, an Internet acceptable use policy, a password protection policy, and a social media
and blogging policy. Based on this, this paper will a thorough discussion of the four policies
which can be implemented in an organization to prevent and reduce the risks associated with
weak cybersecurity,
The Chief Security Officer (CSO) is in charge of the entire security policies of the
company, with both physical and cyber security, to assist firms in mitigating major risks and
3
minimizing loss. A CSO in a company is the departmental leader and the person in charge of
dealing with essential aspects of information security and managing core business activities
without serious security difficulties (Cram et al., 2017). The CSO responds rapidly to
information security issues and identifies critical flaws to stop potential security vulnerabilities.
CSOs also actively participate in the execution of security policies and aim to work on the
primary risk-related areas. Computer and internet security is critical, and enterprises should
concentrate on developing strong security procedures to avoid cyber-attacks and reduce the key
The acceptable computer use policy comes first. This policy oversees the usage of
computers and emails inside the company and addresses a wide range of topics, covering
computer and email permissions, roles, rights, and consequences (Sohrabi Safa et al., 2016).
Different organizations have their Computer and Email Acceptable Use Policies, which Chief
Security Officers develop (CSOs) in collaboration with the administration and after consultation
with many stakeholders, including workers. Computer and Email Acceptable Use Policies not
only control the use of emails and computers but also strengthen the company's entire ICT
policy, safeguarding both the firm and its personnel (Sohrabi Safa et al., 2016). Restrictions
placed on persons who violate the policy are an important component of the policy papers
because they assist in dissuading individuals from violating the policy and also give guidance on
what should be done if such an occurrence occurs. Another key component of the policy is
safeguarding the organization from liabilities if individuals participate in unlawful activity. For
the policy to be successful, all stakeholders affected by it should be notified of it and its content,
As the organization's CSO, I want to guarantee that the firm's resources are utilized for its
intended goals. The following criteria will be included in the method I will build and apply to use
the organization's computers properly. The first step is to guarantee that the organization's
computers are never utilized for personal purposes, such as keeping individual files or for
amusement. Second, without the authorization of the IT leader, nobody should introduce any
writeable disk into the organization's machines or install any software or application. Third,
every component of the institution's computers should be taken at its facilities (Sohrabi Safa et
al., 2016). If someone discovers an issue with their computer, they should notify the IT
department, which will assist in dealing with the situation adequately. These are the appropriate
must take preventative precautions to protect their technology and computer assets in order to
avoid significant risks. Protect the companies and essential assets from security events. Both
policies are critical in protecting corporate activities from security threats. Companies can tailor
the necessary security procedures with computer security rules and acceptable usage policies
(Sohrabi Safa et al., 2016). These security policies are necessary and crucial to put up the finest
security measures for the business to safeguard the business from expensive damages and
unknown situations.
The following principles and restrictions will be included in the email acceptable usage
policies I will create for the business. First and foremost, the sole email address employed in any
should refrain from utilizing their email to login into the organization's system or employ the
approved company's email to send or receive communications (Hatzivasilis, 2020). The firm's
5
email address should be used to avoid signing up for personal internet platforms. Without
authority or direction from leadership or the IT department, no one should view documents sent
to the company's email. Employees will receive regular training and upgrades to protect them
against email dangers like phishing assaults. These standards will allow the company to avoid
email-related cyber-attacks while ensuring that its email is only utilized for legitimate purposes.
The Chief Security Officer (CSO) is also in charge of implementing enterprise security
policies to prevent undesirable security events and vulnerabilities. Users must observe all of the
criteria established by the managers in the acceptable usage policy to preserve the business's
important data assets and infrastructure security (Hatzivasilis, 2020). Many businesses and other
sectors are eager to develop acceptable usage standards to concentrate on protecting critical
corporate assets and other infrastructure. In the acceptable usage policy, users must therefore
check in with an internet provider so that the appropriate security mechanism can be
The Internet, often known as the World Wide Web, is vast and comprises positive and
harmful elements that may help a business flourish or jeopardize its cybersecurity. Because of
these variables, it is necessary to guarantee that the Internet is utilized for the organization's
benefit and does not expose it to cyber-attacks or make it less efficient (Hatzivasilis, 2020). The
Internet includes entertainment and other factors that might disrupt workers' concentration and
focus, affecting organizational productivity because most of the time is spent on the Internet
rather than working. Hackers utilize other domains to induce individuals to open documents,
files, URLs, or register to obtain entry to the company's system and obtain all of the information
they require, which may harm the firm (Edge & O’Donnell, 2016). Other websites on the
6
Internet might infect the system with malware, leading the system to malfunction or modify and
keep the company's data hostage. Individuals and organizations suffer security concerns and
other risks due to many human mistakes and security gaps. Because of the hazards connected
with acceptable internet use, there is a need to implement regulations allowing the organization's
The Chief Security Officer (CSO) establishes all security rules and procedures to defend
the corporate structure from unwelcome events. CSO establishes security principles and policies
to safeguard corporate assets from unfavorable conditions (Edge & O’Donnell, 2016). Protect
corporate company assets, sustain regulatory requirements policies and processes, avoid
responsibility for offensive online material, and avoid loss of productivity and other associated
activities. Furthermore, Internet-acceptable use regulations preserve regulatory audit controls and
adhere to security criteria by the end of the day, allowing major security concerns and disasters
Officer established the relevant rules and a secure platform for the organization (Edge &
O’Donnell, 2016).
The following will be included in the internet acceptable usage regulations that I will
write as the organization's CSO. The Internet should be utilized solely for work-related activities
and research to gain information on better job performance, not for amusement or any other
personal cause (Hatzivasilis, 2020). When utilizing the company's Internet, online entertainment
outlets and social accessibility should be banned and prohibited. The Internet should only be
used to connect the channels and sites that the employer approves. No one should link their
gadgets to the Internet of the firm. The internet wires linked to the machines should not be
tampered with, and any problems with the network should be reported promptly to the IT
7
department. These principles will allow the organization's Internet to be used fairly to boost
Passwords serve as the first line of defense for user accounts inside the system, rendering
them an essential component of the computer and system security. According to Hatzivasilis
(2020), shoddily selected passwords pose a significant risk to the firm's protection since bad
actors may quickly access and exploit them to undermine the organization's information, assets,
and systems. As a result, all stakeholders having access to the company's network, particularly
suppliers, contractors, and employees, are responsible for implementing the methods indicated in
this Password Protection Policy to choose and safeguard their passwords (Hatzivasilis, 2020). It
is worth noting that the major goal of this policy is to establish guidelines for establishing strong
passwords, securing the selected passwords, and deciding how frequently passwords should be
updated. The scope of this policy includes any personnel who are accountable for or have an
account or any access needing or enabling passwords in any network based at any of the
company's locations. It also pertains to people who have access to the firm's networks or
who has access to the system's level, which is accomplished through the login credentials
provided. It is also necessary to identify the scenario's access via login information, such as
passwords and password combos required before logging into the system (Hatzivasilis, 2020).
Passwords are vital security features that every employee should have and keep secret to protect
data individuals from accessing the company's system. Because passwords are so important, a
policy should be in place to help employees secure their passwords. Passwords, for example,
8
must be reset every 90 days; users must use secure passwords with at least eight characters,
CSO adheres to all security requirements to give companies the finest security
mechanisms and control susceptible occurrences before the end of the day. Using inadequate and
weak passwords can harm the whole corporate structure and reduce the number of vulnerable
situations by the end of the day. The CSO may handle main security operations and create robust
internet and password security rules in unpredictable and susceptible situations (Edge &
O’Donnell, 2016). As a result, the password protection policy I will create contains the
conditions and rules listed below. First, each employee should create an eight-digit password that
includes lowercase and uppercase letters, numbers, and symbols. The password should not
contain their initials, dates of birth, or any other frequently learned personal information. The
password should be remembered rather than written on any material near their working locations
(Hatzivasilis, 2020). The password should be kept private, updated, and altered thrice. Nobody
should configure their computers to retain their passwords all the time. These standards and
regulations will allow secure access to the company's system while prohibiting unauthorized
Large IT businesses are now employing CSOs coming from external enterprises and
allocating them security-related tasks so that they may work on mitigation measures. To give the
greatest outcomes, CSOs must be capable of providing the best results while minimizing serious
security risks by the end of the day. By the end of the day, employees in firms are working
diligently on password rules and adhering to strict security requirements (Edge & O’Donnell,
2016). Based on this, employees should only share their passwords within their businesses and
should utilize strong passwords of at least eight characters. Following a robust password
9
protection strategy may reduce numerous security problems and avoid the usage of simple
The company realizes the importance of the internet in influencing public perceptions
about the entity, its partner organizations, clients, workers, and current and future products, and
values employees' contributions to influencing the company's orientation and discussion through
interactions via social media and blogging. The firm also knows that workers can contribute to or
operate blogs and social media profiles on multiple platforms, as well as participate in online
community programs on their own or at the request of the corporation or its clients. In this
respect, the firm guarantees its personnel that it is dedicated to supporting their freedom to
participate ethically and insightfully via blogs and social media. This strategy not only tackles
difficulties that may develop due to negligent use of social media and blogging but also gives a
framework for utilizing these platforms (Chen et al., 2015). This policy, together with the current
rules, disciplinary system, and code of conduct, must be read and implemented by all workers.
The strategy is focused on two essential components: promoting the company on social media
The firm enables its workers to use social media and other internet platforms at work;
nevertheless, it is required that they be appropriate and act in a manner that does not interfere
with their productivity. All staff is urged to limit their time spent on social media to a few
minutes at intervals. When publishing inline, it is anticipated that all workers would be conscious
of the company's confidentiality regulations. Workers should thus be attentive, polite, and
courteous and evaluate how their online behaviors may affect other employees and the business
(Chen et al., 2015). Harassing, intimidating, inappropriate, incorrect, inaccurate, and poorly
10
phrased posts can harm employees and destroy colleague relationships. Moreover, this can harm
the company's brand, hinder the organization's efforts to improve collaboration, and harm the
company's relationships with customers, vendors, and other partners. Employees who engage in
such behavior may face disciplinary action, even termination. Employees are advised to avoid
disparaging, insulting, and defamatory information, not to disclose intellectual property on their
social media sites, and to guarantee that the information on their accounts does not reflect the
company's viewpoint.
Employees should inform their superiors know when writing a blog or constructing a
website that will reference the firm, its stakeholders, or its existing and planned goods. This will
enable the supervisor to examine the blog or website and grasp the writer's point of view. The
organization also pushes its staff to write material for their blogs and web pages accurately and
about the firm, its stakeholders, and goods might be developed based on information on the
Other workers' privacy rights should be protected by obtaining their consent before
showing or publishing anything that may violate their privacy and confidentiality (Edge &
O’Donnell, 2016). Workers are legally accountable for the material they publish online. The
company can reprimand them for photos, content, or opinions that are slanderous, abusive,
private, obscene, defamatory, or create a hostile work environment. The corporation or any other
impacted stakeholders may also prosecute these persons. To maintain compliance with this
policy, firm management will regularly monitor postings on individual social media and
blogging profiles. Noncompliance with this policy includes inflammatory comments and remarks
11
aimed at the internet group, revealing of personal information, and failure to meet social media
Conclusion
The purpose of this document was to create a computer and internet security policy for
the organization that includes social media and blogging policies, password protection policies,
internet acceptable use policies, and computer and email guidelines. The discussion has
recognized that a computer and online security policy encompasses a variety of characteristics
that are primarily aimed at safeguarding both staff and the company from numerous concerns
that may occur from the usage of computers and the internet. Computer and Email Acceptable
Use Policies not only limit the utilization of emails and computers but also strengthen the
company's current ICT policy, safeguarding both the firm and its personnel. The Password
protection policy aims to establish guidelines for developing strong passwords, securing the
selected passwords, and defining how frequently passwords should be updated. The social media
and blogging policy not only addresses difficulties that may come from improper use of social
media and blogging but also gives a structure for using these channels. An acceptable internet
usage policy outlines an institution's internet use and covers various topics relating to internet
usage, like consequences, benefits, rights, and obligations. To guarantee that the computer and
internet security policy is successful and achieves the aims for which it was formed, its elements
should be widely advertised among the essential stakeholders to ensure that they comply with the
stated standards.
12
References
Chen, Y., Ramamurthy, K. (R., & Wen, K.-W. (2015). Impacts of comprehensive information
Cram, W. A., Proudfoot, J. G., & D’Arcy, J. (2017). Organizational Information Security
Edge, C., & O’Donnell, D. (2016). Infosec acceptable use policy. Enterprise Mac Security, 487–
493. https://doi.org/10.1007/978-1-4842-1712-2_19
Hatzivasilis, G. (2020). Password management: How secure is your login process? Model-
https://doi.org/10.1007/978-3-030-62433-0_10
Sohrabi Safa, N., Von Solms, R., & Furnell, S. (2016). Information security policy compliance
https://doi.org/10.1016/j.cose.2015.10.006