Purpose - This policy defines the security configurations users and Information Technology (IT) administrators are required to implement in order to ensure the integrity, availability, and confidentially of the network environment of Richmond Investments(R.I). It serves as the central policy document with which all employees and contractors must be familiar, and defines regulations that all users must follow. The policy provides IT managers within R.I. with policies and guidelines concerning the acceptable use of R.I. technology equipment, e-mail, Internet connections, network resources, and information processing.
The policies and restrictions defined in this document shall apply to all network infrastructures and any other hardware, software, and data transmission mechanisms. This policy must be adhered to by all R.I. employees, temporary workers and by vendors and contractors working with R.I.
Scope - This policy document defines the common security requirements for all R.I. personnel and systems that create, maintain, store, access, process or transmit information. This policy also applies to information resources owned by others, such as vendors or contractors of R.I., in cases where R.I. has a legal obligation to protect resources while in R.I. possession. This policy covers all of R.I. network systems which are comprised of various hardware, software, communication equipment and other devices designed to assist the R.I. in the creation, storage, processing, and transmission of information. This definition includes equipment connected to any R.I. domain or VLAN, either hardwired or wirelessly, and includes all stand-alone equipment that is deployed by the R.I.at its office locations or at remote locations.
Acceptable Use Policy
The use of the company network, internet, and email services by Richmond Investments employees is permitted and encouraged where the use supports the goals and objectives of the business. However, Richmond Investments has a policy for the acceptable use of the network, internet, and email services where the employee must ensure that they:
Adhere to current laws and regulations
Use of the company network, email and internet in an acceptable manner
Do not create unnecessary business risk to the company by misuse of the network, internet, or email services
Unacceptable behavior
The following behavior by any employee is considered to be unacceptable:
Forwarding of company confidential information to external locations
Distributing, disseminating or storing images, text or materials that might be considered indecent, obscene or illegal, considered discriminatory, offensive or abusive, in that the context is a personal attack, or might be considered as harassment
Accessing copyrighted information in a way that violates the copyright
Distribution of unsolicited commercial or advertising material
Participating in activities that waste staff effort or networked resources
Intended or unintended introduction of any form of computer virus or malware into the corporate network
Downloading of anything of a personal nature
The use of internet for any personal use other that checking web-based personal emails
Richman Investments identifies the following traffic to be expressly forbidden:
No peer to peer file sharing or externally reachable file transfer protocol (FTP) servers
No downloading executable files of any kind from software sites
No unauthorized redistribution of licensed or copyrighted material in violation of export control laws
No accessing unauthorized internal resources or information from external sources
No port scanning or data interception on the network
No denying service or circumventing authentication to legitimate users
No using programs, scripts, or commands to interfere with other network users
No sending unsolicited e-mail messages or junk mail to company recipients
No remote connections from systems failing to meet minimum security requirements
Monitoring -