Newsletters Welcome, Guest Log In | Register
Blogs:

Ralph DeFrangesco

Data Security

Securing your data and network, inside and outside the perimeter

About this Blogger RSS

< Previous | Next >

Subscribe

Sign up now and get the best business technology insights direct to your inbox.

  • Daily Edge
  • CTO Edge Update
  • Business Tools & Templates
  • Aligning IT & Business Goals
  • Maximizing IT Investments

1

Don't Forget About The Forgotten Software Policy

Posted by Ralph DeFrangesco Oct 22, 2009 7:50:11 PM

This is the final post in my series on IT security policies. The other two posts examined good e-mail and Internet policies. Today, I look at the software policy, which I call "the forgotten policy" because every time I have had to talk to an employee about downloading unapproved software, I hear, "Oh, I forgot." Every policy I have read has said something about not loading unapproved software. But, most employees consider this to mean only software that they download from the Web. This also includes an employee's personal software and any beta software.

 

Also, there is the whole open source issue. Employees download and agree to open source licenses. So in effect, they agree to the license, and then load it on their company's computer, putting the company in the middle.

 

A good software policy should at least do these five things:

 

1. Clearly make it understood that software not owned by the company cannot be used on company-owned computers. This includes personal and open source software.

 

2. State that if open source software is needed, then the company's counsel should review all licenses.

 

3. Clearly state what will happen if unauthorized software is downloaded onto company equipment.

 

4. If desktops are going to be monitored, it should state how and who will view the logs.

 

5. If systems are given out for take home use, then the same rules apply.

 

If software does need to be downloaded, and it will be, then there must be a clear procedure that needs to be followed. For example, a request should be given to the IT department. The software will be downloaded and put into a test environment, and it should obviously be checked for malware. In addition, it should be checked for interoperability with other desktop software to see if there are conflicts.

 

In closing my series, keep in mind that policies should not be created just to meet a lawyer's requirement to have them. They need to be usable. IT security policies should not be an impediment to doing business. That being said, as security professionals, we are paid to protect company assets and this comes before anything else.

Related Content

Add a comment Leave a comment on this blog post.
Oct 29, 2009 2:51 PM Guest duplicate mp3 finder  says:

This is very good and informative site.
Reply

Related Content

Browse

Topic: User Policies

A best practice is to make sure employees understand what they can and can't do

Blog: Some Simple Ways to Be More Security Conscious

Article: The Four Myths of Cyber Security

News: Social Networks Cost UK Firms Billions in 'Wasted' Time

Related Topics

Business Communications, Business Culture, E-mail and Web Policies, Security Policy

Featured White Papers

Browse

Software Forum: Information On Demand Virtual Experience

This interactive virtual forum presents leading IT experts providing the insights you need to turn your information into a strategic driver for innovation, business optimization and competitive differentiation.

Performance Under Pressure: The State of Enterprise Web Application Quality and Availability

This research study finds that Web application issues are an all-too-common problem and examines these Web-based enterprise application issues from two perspectives: that of an online customer and that of a site manager.

Resource Centers

Browse

Applications for Mid-size Businesses

Applications that mid-sized businesses can use to improve operational efficiency, accelerate growth, and maintain profitability.

Featured Whitepapers

Leveling the Field: Powerful Software Solutions for Midsize Companies

Cost Cutting through Server Consolidation

Products, management tools, and industry insights that enhance the value of virtualization for your business.

Featured Whitepapers

The Business Case for Virtualization

Laptop Security

Answers to the ongoing challenges of the mobile office: to work anywhere, securely and efficiently.

Featured Whitepapers

Into the Wild: Managing Laptops Outside the Office

Data Deduplication

Data manipulation strategies that make data stores more manageable and reduce the need for storage capacity and its associated costs.

Featured Whitepapers

Minimizing the Impact of Economic Difficulties by Migrating from DAS to Networked Storage

Premium Tools

Browse

Disaster Recovery & Business Continuity Template Pack

Prepare your company for any type of disaster you can envision and those you cannot. Immediately download this comprehensive set of templates and tools for documenting your business contingency plans.

Learn more >

IT Security Manual Template

Immediately download a customizable set of documents and templates that covers every aspect of IT Security. These templates are compliant with ISO27000, HIPPAA and Sarbanes oxley standards.

Learn more >