Policy on access control
According to Greene (2014), Information security policy means a collection of guidelines defined by an organization. It guarantees that all network subscribers or the IT system within the organization’s jurisdiction conform to digitally preserved security standards within their borders.
An example of an access control policy is the removal or adjustments of access rights. The University of Sheffield owns this policy. This policy’s primary purpose is to remove the right to access the university portal’s information upon the termination of studies (Sheffield, 2020). Further, other users’ access rights, such as the employees, will be terminated once the contract is over. This policy additionally allows for adjustments to increase or limit access accordingly. The policy’s intended audience is the students, teaching staff, and other employees within the University (Sheffield, 2020). This policy depends on other systems within the organizations. For example, there is a co-dependency with Access Governance policy that assign or revoke access to users within the University.
Retrieved from: https://www.sheffield.ac.uk/it-services/policies/access-control
Acceptable Use Policy
An example is the Employee Acceptable Use Policy owned by Villanova University.
The policy purpose is to caution users against unauthorized use of online resources. This is because;
- The University of Villanova’s access to information infrastructure and networks imposes unique responsibilities and obligations under University and is subject to university regulations and federal, state, and local legislation.
- Appropriate use should be ethical, demonstrate intellectual integrity, and be limited in using popular tools (Fugale, 2015). It indicates that intellectual property, data ownership, network protection measures, people’s privacy rights, and freedom from bullying and abuse are protected.
The policy is designed for all the employees, including the academic and non-academic staff and university students (Fugale, 2015). The policy co-depends with authorized access policy since it prohibits sharing login credentials among employees and students.
Retrieved from: https://www.itgovernance.co.uk/blog/5-information-security-policies-your-organisation-must-have
Information Security Policy
An example is a Protection against Unauthorized Access or disclosure. Stella Healthcare owns this policy. The purpose of the policy is to remind employees of the importance of safeguarding information on transit or when stored through the following;
- All computers and other devices must be locked when no one is attending to them, even for a short time.
- Users of all electronic communication and other portable devices must follow the acceptable use policy.
Also, Stellar Healthcare ensures the safe use of the right record management processes to provide paper information (Healthcare, 2020). Personnel should have access to secure storage rooms and should follow a straightforward desktop routine where possible.
The intended audience for this policy is the formal employees of Stellar Healthcare, including doctors, nurses, and receptionists. This policy co-depends on other policies within the organization (Healthcare, 2020). For instance, the policy of acceptable use ensures that unauthorized access cases are minimized and managed.
Retrieved from: http://www.stellar-healthcare.cre8iv-studio.com/information-governance/cmsarticle/
Incidence Response Policy
For example, is the incidence response policy developed by iCIMS Inc. This policy guarantees that all such safety accidents are reported, investigated, resolved, and eliminated, that actions are taken to deter future security breaches. That warning is given to law enforcement, personnel, and affected parties, as necessary or needed (iCIMS, 2020). Some procedures include the following;
- The security incidents should be reported through the agreed channels as soon as possible.
- Skills gained upon analyzing and solving security and privacy incidents should be used to impact the future.
- The management expectations for security incident management should be accepted to ensuring that the organization’s priorities are recognized by those responsible for security incident response.
The policy is intended for the clients of iCIMS, who depend on information systems software and programs developed by iCIMS. The policy doesn’t seem to co-depend on other policies.
Retrieved from: https://www.icims.com/gc/incident-response-procedures/
Email Communications Policy
A good example is the Email Use Policy developed and owned by the University of Rochester.
The purpose of this policy is to explain the accepted use of the email to communicate. This policy helps the University successfully enhance email communication within the University and improve data security by reducing risk through email systems (IT, 2012). The policy has outlined the following to ensure safety;
- Users can not use email to transmit lawfully-restricted University data to the recipients without sufficient security layers, such as email encryption.
- Manually sending emails from the University containing lawfully limited information is only permitted for legitimate business, and adequate security steps such as email encryption should be taken.
- The email key can be used to validate identification in other online facilities of the University (IT, 2012). Do not share your username or password with others to protect your identification and safety.
This policy is addressed to the university faculty, visiting professors, doctors, employees, teachers, vendors, and voluntary personnel, visitors, who offer email services operated by or for the University of Rochester (IT, 2012). The policy corresponds with other policies such as authorized access policy since it directs users to protect their login details for their data safety.
Retrieved from: https://tech.rochester.edu/policies/email-use-policy/