RE: Security policies - few questions!

["Lorteau Clement" <C.Lorteau () oberthurcs com>]

Hi !

Here, if the violation was a little hard (I mean, if the user knew he was doing something wrong, not if the user did 
something wrong by mistake), his bonus is removed from his salary for the next month ; that's half of his salary. It 
happened for instance to a guy who played with password-crackers and virus-makers.





-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]On Behalf Of Faheem SIDDIQUI
Sent: Saturday, December 02, 2006 1:24 PM
To: security-basics () securityfocus com
Subject: Security policies - few questions!


Hi guys...

So what are the enforcements/punishments usually written down in IS 
Security policy or Acceptable Usage Policy, for non-compliance to it's 
clauses. I mean, termination is  a bit far fetched. I am looking for 
something more on the monetary/ denial of IT services, front.

...Also..what are the best practices in e-mail retention? In exchange 
*tsk* environment, it's quite impossible to save emails of about 2000 
users on central server with regular backups. If user workstation 
crashes, the mail goes too.The best IT Helpdesk can do is re-ghost 
image. What else can be done apart from setting 'store mail on the 
server' for top executives?



---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------