2 Appendix 2: An example of User-level Security Policy

Ultimately, computer security is the user's responsibility. Each user must be alert to possible breaches in security and adhere to the security regulations that have been established within their company. The security practices listed here are not inclusive, but rather designed to remind them and raise their awareness towards securing their information resources:

Protect Your Equipment

Keep it in a secure environment

Keep food, drink, and cigarettes AWAY from it

Know where the fire suppression equipment is located and know how to use it

Protect Your Area

Keep unauthorized people AWAY from your equipment and data

Challenge strangers in your area

Protect Your Password

Never write it down or give it to anyone

Don't use names, numbers or dates which are personally identified with you

Change it often, but change it immediately if you think it has been compromised

Protect Your Files

Don't allow unauthorized access to your files and data

NEVER leave your equipment unattended with your password activated - SIGN OFF!

Protect Against Viruses

Don't use unauthorized software

Back up your files before implementing ANY new software

Lock Up Storage Media Containing Sensitive Data

If the data or information is sensitive or critical to your operation, lock it up!

Back Up Your Data

Keep duplicates of your sensitive data in a safe place, out of your immediate area

Back it up as often as necessary

Report Security Violations

Tell your manager if you see any unauthorized changes to your data

Immediately report any loss of data or programs, whether automated or hard copy