RE: Security policies - few questions!

["Greg Jones" <GJones () cmcmortgage com>]

Depending on your type of business and regulatory concerns, your
Security Policy most definitely should include the possibility of
termination.  If an employee escorts an outsider into the office after
hours and allows them to login using their credentials, would that not
constitute termination?  If an employee takes home company software,
makes copies and distributes to friends and family and then the BSA
comes knocking on your door costing your company potentially tens or
hundreds of thousands of dollars in fines, that employee should be gone.

We use wording similar to the following.  'Violation of the company IS
policies may include disciplinary action up to and possibly including
termination.'

In today's world, employees are a major key to a successful security
program.  They must take it seriously.  The survival of companies can
depend on it.



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Faheem SIDDIQUI
Sent: Friday, December 01, 2006 11:24 PM
To: security-basics () securityfocus com
Subject: Security policies - few questions!

Hi guys...

So what are the enforcements/punishments usually written down in IS
Security policy or Acceptable Usage Policy, for non-compliance to it's
clauses. I mean, termination is  a bit far fetched. I am looking for
something more on the monetary/ denial of IT services, front.

...Also..what are the best practices in e-mail retention? In exchange
*tsk* environment, it's quite impossible to save emails of about 2000
users on central server with regular backups. If user workstation
crashes, the mail goes too.The best IT Helpdesk can do is re-ghost
image. What else can be done apart from setting 'store mail on the
server' for top executives?



This e-mail and any documents transmitted with it are the property of SOUTHBank F.S.B. ? and/or its subsidiary or 
affiliate companies, is confidential, and intended solely for the use of the individual or entity the e-mail is 
addressed to.  If you have reason
to believe that you have received this message in error, please notify the sender and delete this message immediately 
from your computer.  Any other use, retention, dissemination, forwarding, printing, or copying of this e-mail or 
attachments is strictly prohibited.

SOUTHBank, F.S.B. and/or its subsidiary or affiliate companies do not endorse the use of unsolicited e-mail.  If you 
believe this e-mail was sent to you in error or you do not wish to receive these types of e-mail, please notify us by 
forwarding this message to remove () southbank com.


---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------