All ICT users must act
responsibly and should
be responsible for the
security and integrity of
resources under their
control, and cimply with
licese and contractual
agreements
Networks can provide access to
rescource in and outside of the
organisations. This sould be
respected as a privilege and used
responsibly
Users must ensure
viruses are not
introduced through their
faliure to scan media
Respecting
rights of
others
All ICT users have rights that
must be respected. Systemts
such as e-mail, clogs and chat
rooms can be misused by other
people
False rumours may be spread
around ICT to bully someone
Employees need to feel safe in
their workplace, so employees
must respect each other
Abiding by
current
legislation
There are many laws which cover the way
ICT can be used and employees must
comply with these laws. Includes the DPA,
CMA and copyright
Faliure to comply with laws is
serious and could lead to dismissal
Portecting hardware
and software from
malicious damage
Employees must not leave systems in
unlocked rooms to prevent intruders or
disgruntled colleagues damaging hardware
Need to ensure copies of software are
kept in a secure location e.g. fire-proof
safe
Loss of hardware could be
costly for an organisation
Complying
with licensing
agreements
Buying software buys the
LICENCE, not the software itself
Networked software licences
allow the user to run software on
a specified number of computers
at the same time
Important these specified
numbers are respected and not
abused
Permissions on data
access
Employees shouldn't access
data or files unless they're
permitted to do so
Access to files related and essential for
their job should only be accessed
Security policy
Passwords shouldn't be
disclosed or company data to
any third party
Printouts of work
and data souldn't
be left lying around
Passwords should be
changed regularly to
ensure security is
maintained
No inappropriate access to the
Internet e.g. social network access
during work hours
Authorisation
Access to rescourced without
proper authorisation from a
security manager
No missing information or intetional
corruption of data by employees
Consequences
Informal verbal warning e.g.
for badly chosen passwords
Formal written warnings
e.g. records on an
employees file for serious
infringements
Dismissal of an employee
e.g. for very serious
infringements
Prosecution of an employee e.g. for
actions that are illegal like fraud