Password is an important information security component. They are used for user authentication to prove identity or access approval to gain access to a resource, and used in many ways to protect users, data, systems, and network, and also used to protect files and other stored information from access from unauthorized individuals both internally and externally.
Since strong passwords one of the effective security controls, and given the need of passwords for high-priority matters, this requires strong, highly encrypted passwords so that would be hard to predict.
To provide a set of minimum security standards governing the use of passwords for (Organization) information technology systems.
This policy applies to all (Organization) Staff.
This policy applies to all username and password pairs on all devices, systems and applications that are part of the (Organization) network that provide access to (Organization) owned information.
1. Enforce strong passwords
2. Passwords must be stored in a secure manner to ensure not to be detected
3. Keep passwords confidential: Password mustn’t be shared with anyone for any reason.
4. Initial passwords: Users must require a change of the initial passwords they receive, and force expiration of initial passwords.
5. Require screening of new passwords against lists of commonly used or compromised passwords.
6.Access to internal and private systems must be prevented after 3 false attempts within a period of time not exceeding 15 minutes. Prevention lasts for a minimum of 30 minutes and a maximum of 3 hours.
7. Users should be required to sign a statement to keep personal passwords confidential; this signed statement could be included in the terms and conditions of employment.
8. All users are responsible for reporting any suspected misuse of passwords. Any user suspecting that his/her password may have been compromised must report the incident and change all passwords.
9. All users must be aware that they are solely responsible for protecting their password.
E-mail is the primary communication tool in most business areas for its speed and efficiency, and because it is an expressive reliable tool, misuse of it can post many legal, privacy and security risks. Thus it’s necessary to develop a policy to understand the appropriate use of email to avoid such problems. This policy outlines the minimum requirements for use of email within (Organization) Network.
The purpose of this policy is to ensure the proper use of (Organization) email system and make users aware of what (Organization) deems as acceptable and unacceptable use of its email system, and to ensure that every user has a responsibility to maintain the (Organization)’s image, to use it in a productive manner and to avoid placing the (Organization) at risk of legal liability based on their use.
This policy applies to all employees, vendors, and agents operating on behalf of (Organization), and to the Email system in use within (Organization).
2. Use of email, All users must adhere to the following when using (Organization) E-mail facilities:
3. Unacceptable Use of E-Mail:
Internet is now the most utilized source of information, it provides access to endless sources of data, ideas, research and news. Concurrently easing the access of users to these sources encouraging them to optimize their usage of internet.
Access to the Internet by personnel that is inconsistent with business needs results in the misuse of resources, this may present (Organization) with new risks that must be addressed to safeguard the its vital information assets. Additionally, (Organization) may face loss of reputation and possible legal action through other types of misuse. Having the Internet Usage Policy in place helps to protect both the business and the employee from the misuse of using the internet.
Internet usage policy aims to provide employees with rules and guidelines regarding the appropriate use of (Organization) equipment, network and Internet access to ensure that employees make the most effective use of the internet.
This policy applies to all Internet users (employees and all third parties) who access the Internet through (Organization)‘s computing or networking resources and to its related services.
2. Allowed Usage
3. Personal Usage:
4. Prohibited Usage:
User’s workstation including computers and peripherals (printers, scanners, laptops, etc.) are used in daily performance in a reasonable and proportionate manner that compatible with (Organization)‘s objectives and strategies. This policy outlines the minimum requirements for the use of computers and peripherals within (Organization).
The purpose of this policy is to protect users and workstations from potential risks by defining policies and procedures for the use of computers and peripherals within the (Organization).
This policy applies to all employees and users who use computers, peripherals and associated services.