Scribd
Upload
26 views5 pages

Internet Security Policy Overview

Notes internet security policy

Uploaded by

23-Muhammad Rehan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
26 views5 pages

Internet Security Policy Overview

Notes internet security policy

Uploaded by

23-Muhammad Rehan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

GOVT GRADUATE COLLEGE ABDULLAH PUR

FAISALABAD

NAME:-

MUHAMMAD REHAN

CLASS:-

BS-Commerce (7th semester)

Submitted to:-

Prof-sir Saad Gujjar

Subject:-

E-Commerce

Topic :-

Internet security policy

Date:- 05/04/2024

Internet security policy


An exploratory investigation of the use of an Internet security policy to manage the Internet
security problem for organizations'

An Internet security policy for an organization can be defined as:

• the medium by which Internet security requirements for the organization are specified

• and the means by which guidance and rules are provided to Internet participants within
the business.

Internet Security Policy- Objectives


An Internet security policy for an organization has four main objectives:

• to specify Internet security requirements for the organization;

• to provide guidance and rules to employees concerning Internet usage issues;

• to protect the company from legal liability in Internet usage;

• and to maximized effective business Internet usage while minimizing risk and
restrictively

Internet Security Policy – Internet Risks


• Should consider all the Internet Risks and the likelihood and impact of such risks
occurring

• Historical statistics of actual breaches, security experts and professional opinion can be
made use of.

* Define each Internet risk type;

• illustrate each Internet risk type by highlighting the most prevalent and damaging
Internet risks for that risk type;

• discuss possible impacts of each Internet risk type on the company and its employees

• discuss possible Internet security policy countermeasures.


Internet Security Policy - Administrative issues
Administrative and operational tasks need to be considered and defined.

For example, procedures for

• applying, monitoring and auditing Internet security policies are required


• The feasibility of such tasks (for example, are there sufficient resources to carry
them out?)

Internet Security Policy - Technical Issues:-


• The company must also consider what it is willing to spend on additional technologies to
improve Internet security,

• and formulate a policy which to a large extent foreshadows the acquisition of these
technologies

Internet Security Policy - Human Issues:-


• Human issues such as "freedom of Internet use", "privacy" and "censorship" are
illustrative of the personal concerns which the end users, in this case, employees,
will have in Internet security and usage
• It is worth noting here that what may seem best from an organizational and
managerial viewpoint may not seem best from the employees' perspective
• Different perspectives must be obtained for drafting the policy

Internet security policy-content

1 Purpose and scope of policy:-


The purpose of this policy is to protect the (organization's name) network and
data from unauthorized access, corruption, or service disruption as a result of Internet
usage. This policy applies to all staff of the (organization's name) whether they are
permanent, temporary, auxiliary, contracted or seconded
2 Internet privacy policy:-
The policy should include details of any Internet privacy services provided (for example,
anonymity in Internet activity), technological measures provided (for example, provisions
of email encryption facilities), and any necessary infringements of employee privacy (for
example, logging of employee Internet activity, and scanning of employee email). It is
ethical to inform employees of the need for such monitoring, exactly what is being
monitored, and who has access to that information.

3 internet responsibility and accountability policy:-


There must be a statement of the Internet security roles and responsibilities of personnel,
including network administrators, the II security manager, the IT function, business unit
managers, and other employees. Employee accountability achieved via monitoring,
surveillance and sanctions, must be stated.

4 internet information protection policy:-


This policy should define the corporate data and Web sites which require protection from
the outside world. It should also include a policy for storing sensitive data in a safe place,
inaccessible to Internet intruders, and for disposing of sensitive corporate data (i.e.
clearing and purging of unrequired classified data from Internet-accessible servers).
Finally, it should define back-up procedures for backing up sensitive corporate data
residing on Internet accessible servers.

5 Internet information access policy:-


This policy should specify Internet access requirements to internal data and web sites, for
different parties (for example, groups of employees, individual employees, suppliers). A
policy Lar requesting Internet Fire access privileges and Internet services is also required.
The Internet information access policy is supplemented by the Internet firewall policy.

6 Firewall policy:-
For example, a firewall policy may permit the following accesses:

• email in both directions,


• both internal and external hosts are allowed to "ping" the firewall (for connectivity
testing),
• both incoming and outgoing Domain Name Service (DNS) requests:
• non-anonymous File Transfer Protocol (FTP);
• unrestricted World Wide Web access.
7 internet publication policy:-
There should be a policy detailing guideline for the division, allocation, electronic
publication and dissemination of information over the Internet.

8 internet audit policy:-


A policy regarding the auditing of Internet accesses as well as the Internet security policy
itself, is required.

9 internet incident response policy;

Contingency plans, back up procedures and disaster recovery steps

10 email policy:-
Email usage policy, often known as email policy, refers to the rules and regulations that an
organization mandates its users to follow while using their business email address.
Members of an organization should abide by the guidelines set in the email policy
whenever they send emails from their corporate email address.

You might also like