On Fri, 17 Jun 1994, Lyndon David wrote:
> Is anyone able to send me an example of a corporate security policy
> for an Internet connection? This would be of enormous help.
Comments or suggestions on the following would be welcomed.
The interconnection between X's corporate network and the Internet is provided to support members of X staff, and others involved in supporting X's business in the furtherance of that business. It is recognized that access to the Internet provides
X's employees with a valuable means to enhance their professional development, and they are encouraged to use it for that purpose, but only in ways that are not in conflict with its primary purpose or existing corporate policies.
The following guidelines will be applied to all use of X's interconnection to the Internet. Permission to use this facility will be granted by the system administrator to employees based on this policy. The system administrator shall be Corp
orate Data Security.
SPECIFICALLY ACCEPTABLE USE
Communication by "electronic mail" with vendors and customers of X for purposes of X business.
Obtaining patches and other software updates from vendors from whom support has been purchased, provided the software obtained is appropriately validated and authenticated.
Obtaining software from other sources provided such software is obtained, verified, authenticated, and installed in accordance with departmental and corporate security policies.
Researching issues relevant to the business of X.
Participation by X employees in forums, news groups, and other information exchanges for the purpose of improving their professional knowledge or skills.
Establishment of facilities to allow information which X chooses to make available to parties outside of X to be shared and/or distributed in an appropriate manner.
CONDITIONALLY ACCEPTABLE USE
Conditionally acceptable uses shall require special authorization by the system administrator, may be limited in the hours in which they are available, or may be subject to suspension or discontinuation without notice if they impair other activities:
Access to academic computing facilities for use by a X employee taking courses.
Access to X systems from locations outside of X for X employees with specific needs for such types of access.
The use of this facility in a manner which is unacceptable will subject the person(s) involved to loss of all privileges to use the facility, and may result in other disciplinary sanctions up to and including dismissal:
Commercial or business use for any business other than X or its customers.
Any use of this facility in order to obtain access to any network or system in a manner that violates that the policies of the owner of the network or system.
Any activity that interferes with the business or other legitimate activities of anyone using this facility, or any other network or system which may be accessed through this facility.
Any use of this facility to engage in illegal or unethical activities.
The unauthorized sharing of X's software or any other information which belongs to X with anyone not specifically authorized to receive such software or information.
PRIVACY OF INFORMATION TRANSMISSIONS
While is not X's policy to monitor employees communications, it must be understood that information passing through this facility (or any network or computer system) may be intercepted or monitored. In some cases, routine administration, management, or a
udit functions cause information stored or transmitted via computers and networks to be intercepted.
Certain types of transactions conducted over this facility may be subject to such inspection by X without notice for purposes of maintaining the integrity of X's internal systems. Users of this facility must understand that their communications through i
t may not be private.