Policy
In the following Policy Table, some exceptions exist for certain user who has permission for certain policy. For instance, some staff couldn’t access Internet before they have permission to do so. Thus, only those staff that already got permission could access the Internet. There are also some other exceptions for other policy. Please look at the Policy Table to find out more.
Policy Table
Policy | CEO | Manager | Staff | System Admin |
Installing software on computer | Allow | Allow | Deny | Allow |
Internet Access | Allow | Allow | Deny (except for staff who has permission) | Allow |
Accessing department file in File Server | Allow | Allow (Only to his own department files) | Allow (Only to his own department files) | Allow |
Internal Mail | Allow | Allow | Deny (except for staff who has permission) | Allow |
External Mail | Allow | Allow | Deny (except for staff who has permission) | Allow |
Login to server | Deny | Deny (except for the IT Department manager) | Deny | Allow |
Accessing shared folder | Allow | Allow | Deny (except for staff who has permission) | Allow |
Intranet Access | Allow | Allow | Allow | Allow |
Use of chatting software (e.g. Yahoo Messenger, MIRC) | Allow | Allow | Deny (except for staff who has permission) | Allow |
Downloading files from the Internet | Allow | Allow | Deny (except for staff who has permission) | Allow |
Accessing company confidential file | Allow | Deny (except for manager who has permission) | Deny | Deny |
Login to domain | Allow | Allow (Only to his own domain) | Allow (Only to his own domain) | Allow |
Network Administration (e.g. adding and deleting user, changing IP, log reviewing, network monitoring, etc) | Deny | Deny | Deny | Allow |
| | | | |
However, these policies will not last forever. The policy should be reviewed on a regular basis to make sure it still relevant for the organization. Some procedures, such as incident response procedure or disaster recovery plan, may require more frequent reviews.
During a review, all stakeholders should be contacted along with departments that felt left out of the original process. By reviewing comments, we might consider to make some policy adjustments.
No comments:
Post a Comment