• Choose a category
• All
• Classic-Fiction

Policies should exist to define how users are added to a company’s network when hired. Those policies should dictate who can add a new account as well as who can formally request one. They should also define who approves access to the system and the levels of access granted to initial accounts.

Termination Policies

Termination policies involve more than simply firing a person. Your organization needs to have a clear process for informing affected departments about voluntary and involuntary terminations. When an employee leaves a company, their computer access should be discontinued immediately.

If an involuntary termination occurs, you should back up the system they use as well as any files on servers before the termination occurs. Terminations are emotional times; if information is archived before the termination, there is less chance that critical records will be lost if the employee does something irrational. Most people won’t do anything unusual, but you’re better safe than sorry.

In many cases, ex-employees find themselves with time on their hands. That time could be spent trying to hurt the company that hurt them—through social engineering or other means. Your job is to make certain they can’t use that time to find weaknesses in your system and cause harm.

Make sure your termination policies mandate that the appropriate staff is notified when a termination is about to occur so that accounts can be disabled, systems backed up, and any other measures taken that are deemed appropriate. Other accounts may be arguable, but you must always disable a privileged user account in the event of that user’s termination.

Many times, a termination policy includes the clause that, upon termination, a former employee must be escorted at all times while performing post-termination activities (cleaning out their desk, hauling items to their car, and so on).

While it is easy to think of hiring and termination when it comes to HR issues, don’t forget to consider what lays between the two. It is important that as an organization draft their policies, they include one for mandatory vacations (requiring users to take time away from work). Studies have shown that without a respite, employees can become myopic. Time away from work, even when forced, can not only be relaxing, but also advantageous.

Ethics Policies

Ethics is perhaps best described as the personnel or organizational rules about how interactions, relationships, and dealings occur. Ethics affect business practices, are the basis of laws, and are highly subjective. An ethics policy is the written policy governing accepted organizational ethics.

Many organizations define ethical behavior and the consequences of not behaving in an ethical manner. Most professional organizations have adopted codes of ethics or conduct for their members; in many cases, a violation of these ethics laws will result in suspension, expulsion, or censure by the organization.

One organization, the Computer Professionals for Social Responsibility (CPSR), has created the “Ten Commandments of Computer Ethics” in conjunction with the Computer Ethics Institute (CEI). These commandments (as found on the website www.cpsr.org) are listed here:

■ Thou shalt not use a computer to harm other people.

■ Thou shalt not interfere with other people’s computer work.

■ Thou shalt not snoop around in other people’s computer files.

■ Thou shalt not use a computer to steal.

■ Thou shalt not use a computer to bear false witness.

■ Thou shalt not copy or use proprietary software for which you have not paid.

■ Thou shalt not use other people’s computer resources without authorization or proper compensation.

■ Thou shalt not appropriate other people’s intellectual output.

■ Thou shalt think about the social consequences of the program you are writing or the system you are designing.

■ Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans.

This list, as you can see, outlines computer