Security Policy
Essay by bmemoryl • June 23, 2013 • Essay • 2,069 Words (9 Pages) • 1,430 Views
Security policy
We have known the importance of information about hospital. Therefore we set a consummate security policy to protect it. The purpose of the Security Policy is to establish guidelines to assist management in the implementation of security initiatives designed to facilitate business, protect employees a, limit corporate liability and safeguard hospital property, business operations, reputation and proprietary and personal information from hostile or criminal acts.
For the personnel department, the data is the key property. We have set a policy to measure the data safety.
Policy
We will ensure data security form the following aspects.
1. Password
Because large amounts of data stored in the computer, article safe and high quality user password is the advanced step in information security. Employees should set up different and high quality password for personal use, the screen saver. To avoid the unrelated person to see the data. The password may should be following the principle:
(1) In the case of information systems to support general user password length of 8 or more, by letters, numbers mixed composition, critical systems administrator password length 12 or more, by letters, numbers, and special characters mixed composition;
(2) To easy memorize for operator;
(3) Do not use the personal information about someone else to guess information. Such as user name, the name (phonetic name English name), date of birth, telephone number, ID number, and other systems such as the password has been used;
(4) to avoid using the same sequential number or whole numbers or all the letters of the character set;
(5) Do not use the full word the dictionary, to avoid dictionary attacks;
(6) Different security levels, different applications use the user should set different passwords.
For the employee must not tell others the password, nor inquire or guess the user's password to others. Avoid passwords recorded in the others might easily accessible places, such as notebooks, paper, electronic documents, etc. Avoid the automatic login process to save the password in an unsafe manner.
For the new staff should modify its temporary password when they login firstly; set default passwords for themselves.
Last, as the staff should change the password regularly. For different level should has different time, such as the highest level password should change weekly, the lowest level password can change in each quarter.
2. Virus protection
Computer viruses and Trojans and other malicious programs can cause system broken, data loss, network downtime, and other serious security incidents. It is one of the biggest security threat to information system.
Staff should check personal computers have installed antivirus software used, if not installed should contact the information security administrator in time under the guidance of installation or information security administrator installed on its own. Installed in addition to advice on the Internet computer security protection software, for example, kaka security aide, 360 security guards, etc.
Anti-virus software and the corresponding security software should upgrade regularly, service terminal upgrade at least once a week, the staff should be checked to confirm whether timely upgrades, checked at least once a week, if not timely upgrades should contact the manager to deal with information security or information security administrator, under the guidance itself.
And staff use computer at least once a week for a comprehensive killing virus, virus protection software usually is set to automatic detection on a regular basis, if not set, should be manually scan.
When the staff finds the virus, should report the information security administrator immediately and disconnected from the network, and after killing a comprehensive information security administrator before re-connected to the network.
When use the U disk, CD-ROM and other removable media before, be sure to check for viruses; minimize the use of mobile in the media; unknown origin of removable media should be used with caution.
Employees shall not manufacture, spreading computer viruses.
Staff found that anti-virus software cannot effectively remove the virus, you should immediately inform the department of information security management or IT centers report that deal with the problem. Before that, the file must not be used.
3. Internet
The Internet is an open network environment, the Internet may be subject to a malicious website or hacker attacks, virus infection the system, the system is damaged, data leaks and other security incidents. Employees' online process should comply with state laws and regulations, should not use the company's network production, reproduction, access, dissemination violation of state laws and regulations harmful information. And employees may not use company Internet to download or spread unrelated documents.
For staff, they should cultivate a good habit of safety operation of Internet:
(1) Confirm the antivirus and security software for real-time monitoring function is opened;
(2) Do not access non-work related sites, especially the game, obscene, reactionary and other types of websites;
(3) If the software finds a virus or malicious software program, should stop access to the site;
(4) Do not click the website or link button which it through QQ, MSN, mail, etc.
(5) Online process is automatically prompted to install software or modify the configuration, unless it can be recognized as the actual need, in general, have chosen to "no."
When staff register online account, user name and password is not the same as the internal user names or passwords associated. Unless absolutely necessary, generally do not provide real name and contact information, as does the company provide contact mailbox mail-box.
Avoid Internet cafes and other public internet computer Sign Company internal systems, such as the inevitable, then pay attention to not use the "Remember Password" function, the user exit normally after use, and on company computers to modify user password in time. Prohibited by remote control through the Internet or other external network computers remotely operating
...
...