Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Instructor’s Manual Materials to Accompany
COMPUTER SECURITY FUNDAMENTALS
CHAPTER 10
SECURITY POLICIES
CHAPTER 10 OBJECTIVES
• When students have finished reading this chapter, they will be able to:
o Recognize the importance of security policies
o Understand the various policies and the rationale for them.
o Know what elements go into good policies.
o Create policies for network administration.
o Evaluate and improve existing policies.
.
CHAPTER OVERVIEW
This chapter covers the essentials of policies and disaster recovery.
The major sections in this chapter are
2. Defining User Policies
4. Change Control
6. Developmental Policies
CHAPTER OUTLINE
Chapter 10: Security Policies
Introduction
What is a Policy
Defining User Policies
Passwords
Internal Use
Email Usage
Installing/Uninstalling Software
Instant Messaging
Desktop Configuration
Final Thoughts on User Policies
Defining System Administration Policies
Departing Employees
Change Requests
Security Breaches
Virus Infection
Denial of Service Attacks
Defining Access Control
Developmental Policies
Standards, Guidelines, and Procedures
DISASTER RECOVERY
Summary
Test Your Skills
PROJECTS/EXERCISES
Each of these exercises is intended to give students experience writing limited portions of a
policy. Taken together the exercises represent a complete policy for a college campus computer
network.
Exercise 1: User Policies
Exercise 2: New Student Policy
Using the guidelines provided in this chapter (and other resources as needed), create a step-by-
Exercise 3: Leaving Student Policy
Using the guidelines provided in this chapter (and other resources as needed), create a step-by-
Exercise 4: New Faculty/Staff policy
Using the guidelines provided in this chapter (and other resources as needed), create a step-by-
Exercise 5: Leaving Faculty/Staff policy
Write a policy for how to handle a faculty departure (quit, fired, retired, and so on). Use the
Exercise 6: Student Lab Use policy
Considering the material in this chapter, create a set of policies for acceptable use of computer
lab computers.
WEB RESOURCES
• United States Secret Service: http://www.secretservice.gov/ectf.shtml
CHAPTER REVIEW/Answers to test your skills
Multiple Choice Questions
1.
Which of the following does not demonstrate the need for policies?
.
2.
Which of the following is not an area the user policies need to cover?
3.
Which of the following is not an example of a user password policy?
4.
What should an employee do if she believes her password has been revealed to another party?
5.
Which of the following should not be recommended as acceptable e-mail attachments?
6.
Which of the following is the best reason users should be prohibited from installing software?
7.
Which of the following is not a significant security risks posed by instant messaging?
8.
What must all user policies have to be effective?
9.
Which of the following is the appropriate sequence of events for a new employee?
10.
Which of the following is the appropriate sequence of events for a departing employee?
11.
Which of the following is the appropriate sequence for a change request?
12.
What is the first step when discovering a machine or machines have been infected with a
virus?
13.
What is the rule in access control?
14.
After dealing, on a technical level, with any security breach, what is the last thing to be done
for any security breach?
15.
Which of the following is a list of items that should be implemented in all secure code?
