Acceptable Use and Behavior Policy - Essay Example

To protect confidential information and its financial interests, the company has adopted a number of acceptable use and behavior policies that not only enable it to mitigate the threats but also allow the employees to flexibly conduct their daily businesses without affecting the productivity. This paper discusses the physical security policy, vulnerabilities, audit policy, log management, system administrator policies as well as the various security incident handling procedures at Firion Company.

Firion has implemented a number of physical security policies that are primarily aimed at improving the integrity and confidentiality of the information systems that are used in the company. One of the physical security policies that is the prohibition of the use of devices such as USB drive, FireWire and rewritable CDs/DVDs on company owned assets (Wijayanayake, 2009). Additionally all the company communication systems are only required to be configured by the IT department and no modifications are allowed to both the software and hardware without the approval of the IT security team.

In this regard, Firion employees, business partners, contractors and vendors are not allowed to install any software applications or hardware into any machines used by the company. Generally some of the main security vulnerabilities that are currently facing Firion include potential leakage of corporate information through removable storage devices, introduction of malicious applications into the information systems of the company and misuse of computer resources. For example, employees participating surfing social network sites may unknowingly bring malicious content to the company systems.

Audit Policy Item The audit policy item employed by Firion Corporation is primarily designed to guide the security team to audit the company’s infrastructure system and mitigate the potential vulnerabilities. It is the responsibility of the security team to ensure that all the information regarding the company which are posted over the internet are properly audited to ensure that they do not compromise the security of the company (Rudolph, 2009). For example the security team is required to constantly monitor and revaluate the system and makes the necessary patches to potential security breaches.

Additionally the company also makes regular vulnerability and social engineering tests to detect potential threats to the company websites and online information.  Log Management Policy Item As part of its log management policies, Firion does not allow any employee to lock their workplace computers when not in use or write down their login passwords on paper. The responsibility of creating and maintaining a secure log management infrastructure at Firion is given to the security team. For example, the security team not only performs regular log reviews and access monitoring but they also ensure the privacy of sensitive and confidential information through the use of central authentication credentials such as user passwords.

The company has also designed role based access control regulations which ensures that the access of any employee to facilities and company data is based on their roles and therefore only employees who need particular data will be able to login and access to the data. System Administrator Policy Item  According to Ferion’s system administrator policies, administrative rights are only reserved to the security t