SU_ITS1103_W4_Project_Keegan_D
docx
keyboard_arrow_up
School
South University, Savannah *
*We aren’t endorsed by this school
Course
1103
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
11
Uploaded by Dkeegan755
David Keegan
ITS1103
March 11, 2024
Revised Code of Conduct and Ethics
This ethical code of conduct aims to provide administrators, employees, and even outside
contractors with a detailed set of expectations regarding all IT-related activities within the company. Every single action of every single associate of this company—and the company as a whole—will be measured against the question: is this harmful? Whether it is in relation to an individual or a group of individuals, our mission is to establish a set of guiding principles that will prevent us from harming others while conducting operations. Because of the recent issues that led to this code's creation, these guidelines will not only cover our business model and day-
to-day decision-making. This code will also include expectations from administrator/employee interactions, employee/employee interactions, and employee/customer interactions. Our overall goal is that everything we do as individuals and as a company will be good for ourselves and our clients.
Table of Contents:
1.
Training Outline
a.
Initial Training
b.
Ongoing Training
2.
Computer Usage
a.
Login procedures.
i.
Passwords.
b.
Download restrictions.
i.
Email.
ii.
Storage.
c.
Integrity expectations.
i.
Confidentiality.
ii.
Software Licenses.
d.
Malware Countermeasures.
i.
Red Flags.
3.
Internet Security Guidelines
a.
Overview.
b.
Shareware Policies.
c.
Software Policies.
4.
Implementation Timeline
a.
Week one.
b.
Week two.
c.
Week three.
d.
Week four.
5.
Staff Guidelines
a.
IT Department.
b.
Human Resources.
Training Outline
Initial Training
An ounce of prevention is worth a pound of cure. This old adage is as appropriate in the realm of computer usage as it is in the medical realm. All employee users should have an intimate knowledge of the procedures and protocols related to safe and responsible computer usage. This training will be implemented in two parts.
The first part will be a general outline presentation encompassing company practices and expectations regarding computer usage. This presentation will be followed by a closed-book exam to test the employees’ content comprehension. Finally, employees will sign a user agreement verifying that they understand and agree to the company’s expectations. The initial training will cover:
Login procedures.
Download restrictions.
Integrity Expectations.
Confidentiality.
Ongoing Training
Employees will undergo bi-monthly E-Training to reinforce their understanding of federal policies outlined by various agencies. These training sessions will also increase the employee knowledge base by providing real-world examples of security breaches and their fallout on corporate networks.
Bi-monthly E-Training will cover:
The Computer Fraud and Abuse Act (CFAA) Guidelines and penalties.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
o
This act makes accessing a computer or exceeding authorized access a federal crime.
The Gramm-Leach-Bliley Act (GLBA) Guidelines.
o
This act requires businesses to take steps to protect financial information.
The Federal Trade Commission (FTC) Guidelines.
o
An act prohibiting fraudulent or dishonest business practices.
Crime fighting vs. Civil Liberties
o
As outlined by the American Civil Liberties Union (ACLU).
Computer Usage
Login Procedures
Passwords
All employee usernames and passwords for logging onto the company network will be set by
the network administrator and meet the following guidelines:
Minimum of 8 characters.
Contain at least one of the following: capital letter, number, and symbol.
Passwords will be changed at least every 21 days unless the administrator deems it necessary to change them more frequently.
Employee users will not be permitted to share their passwords with anyone. Any employee caught sharing their password deliberately or with an exposed password (such as a sticky note on
their monitor or under their keyboard) will have their password changed immediately and be subject to disciplinary action.
If an employee has reason to believe their password has been compromised, they must notify the administrator immediately so they may be assigned a new one.
Download Restrictions
Downloads may be allowed and even required in some cases. However, employees are prohibited from downloading any content without approval from the network administrator. Attempting to circumvent this policy will result in disciplinary action.
Email
Employees will have access to a company email account only for business purposes. The network administrator will be exclusively responsible for approving email contacts. Group policy
features will prevent employees from following links or opening attachments from unapproved contacts.
Storage
Employees will be allowed a limited amount of network storage for work-related documents. These documents will be limited to files with approved extensions such as doc., xls., pdf, and jpeg. The network administrator will manage approved document types.
While employees can save documents to the shared drive, they will only be allowed read/write access. They will not be allowed to delete or execute files.
Integrity Expectations
Confidentiality
Employees will sign a non-disclosure agreement covering many areas within the realm of
corporate and personal information. In summary, all employees will be expected to use the utmost discretion regarding any sensitive information obtained within their work environment.
Software
Employees will be expected to abide by all of the guidelines and restrictions associated with any and all licensed software and shareware used within the company. Unauthorized downloading, copying, or transferring of software will be considered piracy or intellectual theft.
Malware Countermeasures
If a user suspects a malware incursion, they are required to notify the network administrator IMMEDIATELY! Under no circumstances are they allowed to troubleshoot the problem themselves.
Red Flags
Inability to access services such as email and authorized applications.
Unexpected and unscheduled shutdowns.
Unauthorized deletion of files.
Degradation of resources such as applications.
Rapid and inexplicable OS behavior, such as screen glitches or an inability to interact with desktop items.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
While abiding by established procedures, the network administrator will isolate the device—
along with any peripherals (scanners, printers, etc.)—from the rest of the network to prevent the problem from spreading. Once isolated, the admin will diagnose the problem.
If malware is determined to be the cause, the admin will identify the type of malware (Example: worms and spyware) and the method of incursion (Example: email attachment or link). The investigation will be documented in detail. This information will generate proactive improvements for protection against similar incursions.
All users will be prohibited from accessing the network until the admin gives an “all clear” notice. At this point, all users will be assigned new passwords before regaining access to the company network.
Internet Security Guidelines
Overview
1.
The purpose of internet usage will strictly be to conduct work-related operations, such as using approved applications, conducting research, and any other activities authorized by management and/or IT personnel.
2.
All employees will be given different usernames and passwords to access the internet. Under no circumstances are employees permitted to share their username and password or use the username and password of other employees to access the internet.
3.
IT personnel will exclusively set passwords, which will be complex and alpha-numeric and have a minimum of 8 characters. They will be changed every three weeks or as required by IT personnel.
4.
If an employee suspects their password may have been compromised, they must inform IT personnel immediately so that it may be changed.
5.
Email will be strictly for work purposes only. Personal messages or attempts to access personal accounts will be strictly prohibited.
6.
Employees will be provided with a password for their email account that is different from
their internet access password but meets the same complexity requirements. The same rules regarding confidentiality will apply. Passwords will be changed every three weeks or as required by IT personnel.
7.
Data encryption may be required for certain types of correspondence to protect intellectual property and other reasons related to corporate integrity. Employees will be required to follow these encryption procedures when required or requested.
8.
Responsible internet usage will be taught, reinforced, implemented, and enforced. These procedures will include, but will certainly not be limited to, avoiding disreputable sites and suspicious emails, links, and attachments from unknown senders.
9.
The network administrator will block social media sites and sites related to marketing. Any attempt to access unauthorized websites could result in disciplinary action, up to and
including termination.
*ALL INTERNET USAGE WILL BE MONITORED AND RECORDED
Shareware Policies
The company will provide shareware for a multitude of purposes. While shareware is free
to use, there are still copyright considerations. Provided shareware is not to be copied or modified in any way. Any modifications or violations of licensing agreements will result in both
disciplinary action from the company and potential legal ramifications from the shareware provider.
Software Policies
Employees will be expected to read and demonstrate thoroughly and understand all software used by the company in relation to their job duties. Employees will agree to and abide by all software conditions and guidelines.
Unauthorized copying, cracking, or modifying of software is strictly prohibited. It may constitute an act of piracy, which will result in both a termination of employment as well as potential legal prosecution.
Implementation Timeline
Amendment and Approval (Week One)
The Ajax executive team will review the proposed code of ethics, provide both questions and concerns and note any required amendments. The code will be fluid during the week so that it may be modified to meet the company's needs until the executive team fully approves it.
Posting and Notification (Week Two)
The code will be officially published with the signatures of all executive team members on all corporate mediums: company website, employee email, weekly newsletter, in-house bulletin boards, daily huddles, and all meeting forums both in person and online.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
This posting will accompany notifications for mandatory training sessions for the following week. Sessions will be staggered so as not to interfere with day-to-day operations. Initial training
will only require employees to fully understand the new code and to sign documentation verifying their intention to abide by all policies contained within.
Initial Training (Week Three) Employees will begin their basic training, consisting of two 90-minute seminars. These seminars will be hosted prior to every shift and scheduled so as not to interfere with operations. Employees will be paid for their participation.
Activation and Further Training (Week Four)
After completing all or at least most of Ajax’s basic training, the new code will officially go into effect. Once the initial training is complete and the code has been put into practice, employees will be scheduled for additional training to help reinforce the code and teach them other effective
practices for safe and ethical computer conduct.
Staff Guidelines
IT Department
Monitoring all computer usage
Hosting training related to technical practices such as password issuance and log-on procedures.
Ensuring the HR has full access to all surveillance software.
Notify management of any breaches in policy.
Human Resources
Ensuring all employees are properly trained.
Issuing, collecting, and cataloging all training documents.
Making sure employees understand the policy and sign documentation agreeing to the terms and conditions.
Auditing reports provided by the IT department.