- Updating Security Knowledge: Employees must consistently enhance their security knowledge through training.
- Commitment to Entry and Exit Rules: Employees must use their identification cards and not share them.
- Handle Sensitive Data with Caution: Protect sensitive information and avoid using unsecured channels.
- Use of Licensed Software Only: Only use software approved by the IT department.
- Report Suspicious Activity: Report any abnormal or suspicious activities to the Information Security Department immediately.
Unacceptable Practices:
- Exceeding Powers: Accessing information or systems beyond one's authorized scope is a breach.
- Using Other People's Accounts: Sharing or using others' login credentials is prohibited.
- Negligence in Handling Devices: Leaving devices without password protection or in insecure locations is not allowed.
- Transferring Information in Unsecured Ways: Sending sensitive data unencrypted or storing it on unsecured personal devices is forbidden.
- Sharing Passwords: Exchanging passwords increases hacking risk.
Process Simulation:
- Acceptable Scenario: An HR employee uses their ID and strong password to access the system securely, keeps their computer locked when away, and properly logs out afterward.
- Unacceptable Scenario: A new employee, Samir, leaves his computer unlocked, allowing a colleague to access sensitive data, violating security policies.
Procedures to Correct Errors:
- Immediate Training: The employee at fault must undergo additional training on security best practices.
- Issuing a Formal Warning: A written warning is given to reiterate the importance of adherence to policies.
- Review and Restrict Powers: For repeated violations, access privileges may be reviewed and reduced.
- Activating Control Systems: Increased monitoring of system access through specialized programs to detect abnormal behavior.
This policy aims to minimize human errors and enhance employees' security while using organizational technological systems.
