Computer Protection Security
Guidelines

Some of the positives that can result from putting these computer protection security guidelines into practice include

  • Greatly improved information security focus
  • Better understanding of personal computer vulnerabilities
  • Fewer information security incidents
  • Fewer audit concerns / comments
  • Greatly improved business focus

As a company desires to grow from a small to a medium sized business it becomes increasingly apparent that leadership must protect corporate resources, corporate information, and the information of customers, associates, and employees, placed in their custody.

Equipment and information in any form is considered an asset of the company and thus must be properly used and adequately protected. This includes usage of personal computers.

Leadership must ensure that the business is controlled, information is adequately protected, and laws are not being violated... AND... Personal Computers play a very large role in the overall equation.

The responsibility for the security of PCs lies with leadership and PC users. The required degree of PC security depends upon the vulnerability to equipment theft, and the sensitivity of information contained on hard drives and removable media.

Employee Handbook Kit includes two Employee Handbook templates for Professional & Manufacturing. Includes an additional 22 policies and benefits templates.

Employee Handbook Policies & Benefits

User ID and authentication access controls becomes the first line of defense to protect against unauthorized access in a computing, communication, or application environment. As a requirement, all users validate their right to access the computing resource.

The validation process is the use of an identification code (userid) and a password or another unique aspect of an individual's physical characteristics. Access controls should prevent unauthorized access to company information through technical, i.e., operating system, and / or procedural, i.e., rules methods. Current industry standards support identification codes and passwords, although other technologies, such as smart cards or biometric keys (face id, fingerprints, retinal prints), can be used to manage highly sensitive information.

Password Controls

Computer protection security involves keeping passwords confidential and only known by you. It must never be shared, publicized in any way, stored on a programmable function key, or kept in a manner where an unauthorized person could gain access.

Password controls should include the following:

a)  Users select and keep passwords confidential. Any passwords assigned by a security administrator should be at the time of initial assignment only. Remove any initial passwords that remain unchanged for five (5) days after assignment to prevent usage.

b)  Keep passwords masked, never display them in clear text on any company computing resource device.

c)  Store passwords in encrypted form, and where technically possible, transmitted using encryption.

d)  Do not allow password file access. Passwords can only be reset, not viewed.

e)  Change ppasswords at an interval not to exceed 30 days.

f)   Password length must be a minimum of eight (8) characters or the maximum length supported by the application or system if less than (8) characters.

g)  Password configurations should be alpha, numeric combinations, and special characters where possible.

h)  Password controls must be in place to prohibit password reuse by use of a password history log or minimal time between password changes, where possible.

TrainingKeeper Software. Keep, organize and plan all your employees' training and activities. Software includes multi-user support with reports, certs, and calendars.

TrainingKeeper Software

Other computer protection security password-related controls include

a)  Display ownership statement prior to the access of company information by indicating the level of accessed company classified information.

b)  Invoke automatic time-out and user re-authentication after a specific period of no terminal activity. Set the period of time-out  consistent with the sensitivity of company information. Normally, this period should not exceed thirty minutes.

c)  Log unsuccessful information access attempts showing access source location. Provide the log to the company information owner to identify and address unauthorized access attempt activity.

d)  Suspend userid access after a maximum of six (6) failed sign-on attempts.

e)  Disable userids, if not used for a period of ninety days.

f)   Prevent hardware/software features that bypass any company computing resource security sign-on procedures, e.g., no automated sign-on, icon-select sign-ons, userids and passwords run through an executable file. This requirement does not preclude the use of products and/or services that provide "single image sign-on" capabilities when approved by information technology management.

g)  Controlled access to company information, applications, systems, and infrastructure must have the ability to protect to the file level, including creation, deletion, read, and write. Clearly define the access with segregation of duties, where appropriate.

h)  Require that company computing resources, e.g., workstation, server that are connected to a company computing network resource must have access controls in place. These access controls should be consistent with the risks of unauthorized disclosure or compromise of company information.

i)    Require additional controls for remote access, including:

  1. Audit trails of all outside company computing resources activity between host and user to uncover intrusion attempts and/or successes during sign-on and sign-off.
  2. Encryption for company classified information, or require compensating practices if access controls are inadequate to protect company information.

8D Manager Software with 8D, 9D, 5Y and 4M report generator. Corrective action software for managing, measuring, and reporting.

8D Manager

General Computer Protection Security Guidelines

  • Consider any customer owned information stored on company PCs, or accessible by company employees utilizing PCs, as  sensitive information.
  • Sensitive information, customer, or company, whether stored or processed at the host, network server, or PC, must be properly protected and handled.
  • Mechanisms must ensure that only authorized people gain appropriate access.
  • The company reserves the right to audit any equipment or materials used for company business.
  • Keep important or critical files on removable media, not the hard drive.
  • For computer protection security always use surge protection.
  • Removable media should be labeled to show data, ownership, and sensitivity.
  • Secure removable media, i.e., DVDs, CD's, printouts, programs containing sensitive information.
  • Care should be taken to remove all removable media when "booting". Most viruses enter PCs from the boot sector of removable media.
  • Format removable media to be re-used, to erase any possible viruses.
  • Use password protected screen savers.
  • Downloading from public bulletin boards is considered high risk.
  • For computer protection security, turn off and lock your PC at the end of the workday to prevent unauthorized access and possible contamination.
  • Ensure that all keys are removed from lockable units and kept in a secure place.
  • Make backups of all of your important files.
  • Backup copies must be made of all original software as soon as it is received.
  • Store backup copies offsite, away from the PC.
  • PCs delivered with software already installed should be scanned for viruses before general use.
  • For computer protection security scan all software for viruses before using.
  • Periodically scan all hard drives and removable media for viruses.

Comprehensive ISO 9001:2015 Audit Checklist for Internal, Gap and Certification Audits.

ISO 9001:2015 Internal Audit Checklist

Copyrights and Licensing

  • Adhere to all purchased software copyright and duplication restrictions. When upgrading software, both the original and upgrade are considered licensed products. The original product must not be used on other systems.
  • Obey all copyright and intellectual property laws.

Computer Protection Security and Prevention

  • Sensitive information, especially that which has been downloaded from a mainframe or file server, must be placed on a system that protects it from unauthorized access or use.
  • Immediately report the loss of any equipment, original software diskettes or CD's, removable media, or documentation to the company security department.
  • Use of shareware or freeware is considered high risk.
  • If a computer system has been compromised, i.e., virus infection, security breach, loss of information, etc., notify the company information security department immediately and isolate suspected PC(s) and diskettes and CD's to prevent further infection.
  • Do not place food or drink on or near the keyboard or computer.

Your on-line Lean Six Sigma Certification. Course includes videos, reference materials, mobile app, quizzes and a certification test. Start studying today and get certified at your own pace.

Lean Six Sigma Certification

Symptoms of a Virus Infection

  • Programs taking longer to start or running slower than usual.
  • Executable files vanishing unexpectedly.
  • Unexplained decreases in the amount of available memory or increases in areas marked "bad" on magnetic media.
  • Unusual video displays, including strange messages, peculiar graphics, or "scrolling" of the screen.
Widget is loading comments...

More Info

  • Prevent Computer Virus Download

    This article discusses how to prevent computer virus download. It covers methods of virus attacks, how to prevent company damage, and much more.

  • Backup Computer Data

    Learn how to backup computer data for company PCs. This article lists questions your company should ask when setting up a backup system.

  • Biometric Verification

    The future of computer security is biometric verification

  • Disaster Recovery Article

    This disaster recovery article discusses the aspects to creating a contigency plan which is critical to your quality maanagement system.

  • Building Security Checklist

    Review this building security checklist for a list of do's and don'ts. Use this article to teach your employees about building security and social engineering threats.

  • Prevent Scary Emails

    This article discusses business methods to prevent scary emails such as legal liability issues and describes other risks for allowing them.

  • Corporate Email Policy

    This article covers a detailed corporate email policy. You can also freely download this policy.

  • Data Protection Tips

    Data protection tips for your company. This article covers important issues for business data protection and data recovery

  • Network Security Information

    This article covers network security information which focuses on IT Policy, Information Security Awareness, and IT Compliance

  • IT Audit Program

    This article provides the key elements to include in an IT audit program. It considers current situation assesment, high level needs, organizational needs, PC user issues, manager responsibility, contigency, crisis, risk and a host of other issues.

  • Corporate Internet Policy

    This corporate internet policy covers criteria, personal use, violations, best practices and more. Download it for free and use it for your business!

  • Strike Preparation Guidelines

    Company Strike Preparation guidelines minimize company risks and downtime during a company strike.

  • Information Security Notes and Policy

    This article on information security notes and policy covers many key items your business needs to consider when setting up an information security system.

  • IT Audit Tool and Guide

    Review this IT audit tool and guide. We cover scope, physical, access control, data and applications security issues. Learn what to look for and questions to ask during the audit. We also cover what to do prior and during an IT audit.

  • Information Security Management System

    This article covers the basics, awareness, and key content for your company's information security management system

  • Small Business Internet Security

    This article discusses concernts that you may not think about when it comes to small business internet security. Learn about voicemail, toll fraud, fax machine, and cell phone security issues.

  • Prevent Attacks on Computer Security

    Take these actions to prevent attacks on computer security. Article covers laptop issues, encryption, offsite storage, managing a clean desk, computer disposal, and dumpster divers.

  • Information Security Awareness Training

    Discover the components to include when you conduct information security awareness training.


> >



Quality Assurance Solutions
Robert Broughton
(805) 419-3344
USA
email

Unique QA Products

All Products

Software, Videos, Manuals, On-Line Certifications

8D Manager

Corrective Action Software

Snap Sampling Plans!

AQL Inspection Software

TrainingKeeper Software

Plan and Track Training

StreamLiner Software

Lean and Continuous Improvement



Statistical Process Control

Training Video

ISO 9001:2015 QA Manual

Editable Template

ISO 9001 Calibration Manual

Editable Template

ISO 9001:2015 QMS Kit

Templates, Guides, QA Manual, Audit Checklists

On-Line Accredited Certifications

Six Sigma, Risk Management, SCRUM

All Products

Software, Videos, Manuals, Training Material


Please Recommend Us!