1.Search the Web for examples of issue-specific security policies. What types of

1.Search the Web for examples of issue-specific security policies. What types of policies can you find? Using the format provided in this module, draft a simple issue-specific policy that outlines fair and responsible use of computers at your college, based on the rules and regulations of your institution. Does your school have a similar policy? Does it contain all the elements listed in the text?
2.Using a graphics program, design several security awareness posters on the following themes: updating antivirus signatures, protecting sensitive information, watching out for e-mail viruses, prohibiting the personal use of company equipment, changing and protecting passwords, avoiding social engineering, and protecting software copyrights. What other themes can you imagine?
3. Search the Web for security education and training programs in your area. Keep a list and see which program category has the most examples. See if you can determine the costs associated with each example. Which do you think would be more cost-effective in terms of both time and money?
4. Discussion Questions and Solutions
Janet stood up from the conference table and left the room.
The meeting had not lasted long, considering how significant its impact would be on Janet’s life. Two officers from the corporate security team waited in the hallway to walk her to her office and collect her personal possessions, which were already in a box at her administrative assistant’s desk. Her access card, phone, tablet, and laptop were already turned in, and every password she had ever used at SLS had been deactivated.
She was not looking forward to explaining this to her family.
The meeting in the room continued.
Fred asked, “Are we sure this was our only course? This seems harsh to me.”
Janet’s superior, the senior vice president of marketing, nodded and said, “I have to say that I agree. Janet was a solid performer and will be difficult, and expensive, to replace.”
Charlie added, “I know what you mean. Jamie Hyack, the network engineer, is the same, except he chose to enable Janet’s network access for her rotisserie league server without approval, without change control, and putting the company’s entire network at risk. He had to go.”
Gladys took a breath and said, “Sadly, this was needed. We cannot have two tiers of enforcement in our application of policy. If we do not enforce this policy requirement on executives, how can we be expected to have compliance from other employees?”
She continued, “As Charlie pointed out when we decided on this course of action, we have to enforce the policy we have in place. We can make changes to it that we feel better about and enforce those changes in the future.”
Does this application of policy seem harsh to you? What alternatives might be implemented in policy to make it enforceable and perhaps less stringent than in this example?
5. Discussion Questions and Solutions
Janet stood up from the conference table and left the room.
The meeting had not lasted long, considering how significant its impact would be on Janet’s life. Two officers from the corporate security team waited in the hallway to walk her to her office and collect her personal possessions, which were already in a box at her administrative assistant’s desk. Her access card, phone, tablet, and laptop were already turned in, and every password she had ever used at SLS had been deactivated.
She was not looking forward to explaining this to her family.
The meeting in the room continued.
Fred asked, “Are we sure this was our only course? This seems harsh to me.”
Janet’s superior, the senior vice president of marketing, nodded and said, “I have to say that I agree. Janet was a solid performer and will be difficult, and expensive, to replace.”
Charlie added, “I know what you mean. Jamie Hyack, the network engineer, is the same, except he chose to enable Janet’s network access for her rotisserie league server without approval, without change control, and putting the company’s entire network at risk. He had to go.”
Gladys took a breath and said, “Sadly, this was needed. We cannot have two tiers of enforcement in our application of policy. If we do not enforce this policy requirement on executives, how can we be expected to have compliance from other employees?”
She continued, “As Charlie pointed out when we decided on this course of action, we have to enforce the policy we have in place. We can make changes to it that we feel better about and enforce those changes in the future.”
Are there other punishments that might be enacted for situations like this? How might you propose structuring the policy to clarify what levels of punishment are appropriate?
6. Ethical Decision-Making Questions and Solutions
The policies that organizations put in place are similar to laws, in that they are directives for how to act properly. Like laws, policies should be impartial and fair, and are often founded on ethical and moral belief systems of the people who create them.
In some cases, especially when organizations expand into foreign countries, they experience a form of culture shock when the laws of their new host country conflict with their internal policies. For example, suppose that SLS has expanded its operations into France. Setting aside any legal requirements that SLS make its policies conform to French law, does SLS have an ethical imperative to modify its policies across the company in all of its locations to better meet the needs of its stakeholders in the new country?
Suppose SLS has altered its policies for all operations in France and that the changes are much more favorable to employees—such as a requirement to provide childcare and eldercare services at no cost to employees. Is SLS under any ethical burden to offer the same benefit to employees in its home country?

Leave a Reply

Your email address will not be published. Required fields are marked *