Networking Chapter 10 Instructors Manual Materials Accompany Computer Security Fundamentals Security Policies Objectives

Instructor’s Manual Materials to Accompany

COMPUTER SECURITY FUNDAMENTALS

CHAPTER 10

SECURITY POLICIES

CHAPTER 10 OBJECTIVES

• When students have finished reading this chapter, they will be able to:

o Recognize the importance of security policies

o Understand the various policies and the rationale for them.

o Know what elements go into good policies.

o Create policies for network administration.

o Evaluate and improve existing policies.

.

CHAPTER OVERVIEW

This chapter covers the essentials of policies and disaster recovery.

The major sections in this chapter are

2. Defining User Policies

4. Change Control

6. Developmental Policies

CHAPTER OUTLINE

Chapter 10: Security Policies

Introduction

What is a Policy

Defining User Policies

Passwords

Internal Use

Email Usage

Installing/Uninstalling Software

Instant Messaging

Desktop Configuration

Final Thoughts on User Policies

Defining System Administration Policies

Departing Employees

Change Requests

Security Breaches

Virus Infection

Denial of Service Attacks

Defining Access Control

Developmental Policies

Standards, Guidelines, and Procedures

DISASTER RECOVERY

Summary

Test Your Skills

PROJECTS/EXERCISES

Each of these exercises is intended to give students experience writing limited portions of a

policy. Taken together the exercises represent a complete policy for a college campus computer

network.

Exercise 1: User Policies

Exercise 2: New Student Policy

Using the guidelines provided in this chapter (and other resources as needed), create a step-by-

Exercise 3: Leaving Student Policy

Using the guidelines provided in this chapter (and other resources as needed), create a step-by-

Exercise 4: New Faculty/Staff policy

Using the guidelines provided in this chapter (and other resources as needed), create a step-by-

Exercise 5: Leaving Faculty/Staff policy

Write a policy for how to handle a faculty departure (quit, fired, retired, and so on). Use the

Exercise 6: Student Lab Use policy

Considering the material in this chapter, create a set of policies for acceptable use of computer

lab computers.

WEB RESOURCES

• United States Secret Service: http://www.secretservice.gov/ectf.shtml

CHAPTER REVIEW/Answers to test your skills

Multiple Choice Questions

1.

Which of the following does not demonstrate the need for policies?

.

2.

Which of the following is not an area the user policies need to cover?

3.

Which of the following is not an example of a user password policy?

4.

What should an employee do if she believes her password has been revealed to another party?

5.

Which of the following should not be recommended as acceptable e-mail attachments?

6.

Which of the following is the best reason users should be prohibited from installing software?

7.

Which of the following is not a significant security risks posed by instant messaging?

8.

What must all user policies have to be effective?

9.

Which of the following is the appropriate sequence of events for a new employee?

10.

Which of the following is the appropriate sequence of events for a departing employee?

11.

Which of the following is the appropriate sequence for a change request?

12.

What is the first step when discovering a machine or machines have been infected with a

virus?

13.

What is the rule in access control?

14.

After dealing, on a technical level, with any security breach, what is the last thing to be done

for any security breach?

15.

Which of the following is a list of items that should be implemented in all secure code?