Page 715 - StudyBook.pdf
P. 715

Operational and Organizational Security: Policies and Disaster Recovery• Chapter 12  699

                 modify, or delete important data or improperly make changes to a system.A good
                 method of determining what level of security a person needs is to match the new
                 person’s security level to that of someone else in the same job, or to use the same
                 settings as the employee the new employee is replacing. It is also important to
                 determine whether a person was issued any equipment that belongs to the com-
                 pany that should be returned. If a person was issued a laptop, wireless handheld
                 device, mobile phone, pager, or other equipment, the items belong to the company
                 and must be returned. Failure to do so could be considered theft, and may leave the
                 former employee open to prosecution.

                 Code of Ethics

                 Many companies have a code of ethics, or a statement of mission and values, which
                 outlines the organization’s perspective on principles and beliefs that employees are
                 expected to follow. Such codes generally inform employees that they are expected
                 to adhere to the law, the policies of the company, and other professional ethics
                 related to their jobs.As is the case with acceptable use policies, many companies
                 require employees to sign a code of ethics as an agreement.Anyone failing to
                 adhere to this code could face dismissal, disciplinary actions, or prosecution.



                 EXAM WARNING

                      For the Security+ exam you will need to know the difference between
                      an acceptable use policy and a code of ethics. A code of ethics outlines
                      the ethical behavior expected from employees, and may outline princi-
                      ples dealing with such issues as racism, sexism, and fair business prac-
                      tices. It explains the type of person a company expects you to be. This is
                      different from an acceptable use policy, which may address the same
                      issues, but also addresses how they relate to equipment and technolo-
                      gies. For example, the code of ethics may say racism is not tolerated,
                      while the acceptable use policy would address sending racist jokes or
                      comments via e-mail.





                 Incident Response Policy

                 No matter how secure you think your network is, there may come a time when a
                 security breach or disaster occurs.When such problems do occur, an incident
                 response policy provides a clear understanding of what decisive actions will be



                                                                              www.syngress.com
   710   711   712   713   714   715   716   717   718   719   720