Running head: INTERNET SECURITY POLICY

Internet Security Policy

INTERNET SECURITY POLICY Internet Security Policy An Internet security policy developed for a telecommunications service provider,

namely Sprint Nextel is aimed at eliminating the Internet abuse and ensuring proper usage of the Internet in the context of the companys needs. Three managers from the IT department will be responsible for successful implementation of this security policy. The program consists of fundamental technologies, including IPSec protocols, digital certificates, firewalls, antivirus programs and intrusion detection systems. The managers from the IT department have an access to a server, which helps to monitor the incoming traffic and keep track of all web pages visited by employees. On the other hand, it is a certain level of control. Employees should be informed about the responsible use of the Internet with the help of Companys Code of Conduct and Security Policy guidelines. The company should allow the noncommercial usage of personal emails, but it should be limited to a certain size of emails and files attached to the documents. The security policy prohibits the misuse or unauthorized use of sensitive or confidential information that can be disruptive for other employees or the company in general. The security technologies will be able to detect any criminal activity, which is absolutely prohibited, within the Internet. The company should involve the software to detect the offensive and harassing materials sent to the employees email, which should be automatically moved to the junk folder. Copyrighted, licensed and other intellectual property should be defined by the Unites States Copyright law. The managers should develop a well-protected storage for materials and ability for their restoration in case of the system failure. The IT managers should report any violations of the Internet use within a 3-month period to the employer. Virus protection should be provided for all computers with the help of antivirus software and firewalls. Physical security should be provided by the IT department, where physical access to a personal computer can

INTERNET SECURITY POLICY be done through the login and password of an authorized user. Encryption technologies should be incorporated in order to enhance the system security and ensure the protection of personal, sensitive, and confidential information.

The IT managers should report any Internet abuse. The examples of the Internet abuse should be mentioned in Security Policy guidelines where among them can be spending time on social networking sites as well as the release of corporate information on the Internet. The penalties for these violations should be divided into several categories: prevention measures, disciplinary actions and firing. The Internet security policy should be reviewed within 3 months. It is necessary to make some changes, learn from mistakes and improve the efficiency. Any modification should be researched by the experienced employees where benefits and drawbacks should be outlined. Once it is accepted, the rules and regulations should be included into Security Policy guidelines for employees to become aware of it. Modifications should respond to the companys needs and be approved by the employer. An employee is liable for any breach intentionally caused to the companys property. The solution can be found through employee compensation due to wage reduction, or employee termination. If the damage was caused due to negligence, the employer should take into account the level of damage, cost for repair, the employees general performance and duties and possibilities for insurance of the damage.