Security Network Policy Enforcement

Hello -

I'm interested in finding out what other IT managers/admins are doing to enforce Network security policies when an employee violates a policy. For example; if our policy states not to use internet for personal usage and an employees is caught, what then? Do you give a warning? What is the response process that is recommended. My goal is to educate user as much as possible regarding the threats and vulnerabilities of our network, but they must play their part. I would evaluate each violation and then take displanary action. I just want some advice how to create a response process according to best practices. I appreciate your help.  
LVL 1
Jaime CamposAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

wkCommented:
Did your environment having a written security policy?

Usually, a written security policy state Do's and Don'ts.  It will also state what if anyone breach the policy.  Just like the law enforcement system in any country, you must state it in written, have your management/HR endorsed, announcement to staff and finally get their wriiten confirmation on they understand the security policy.

With this (and your management support), you can do enforcement if someone breach the policy.  You can act accroding to the punlishment stated in the security policy.

Hope this helps,

William Lee     CISA
Hong Kong
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jaime CamposAuthor Commented:
Our policies states this if a violation occures, however I may want to give a warning before termination, so I'd like to know if there is a better way to list disciplinary actions.  

Violations of these policies can lead to revocation of system privileges and/or disciplinary action including termination.  
0
wkCommented:
Then you should work this out with your HR.  

"If termination is listed in the security policy, then warning is a discretion that can be executed by the HR authorised representative."  - From an auditor point of view.

Hope this helps,

William Lee     CISA
Hong Kong
0
Jaime CamposAuthor Commented:
Do you know where I can find examples of disciplinary actions? We are a health care practice.
0
jimmmgCommented:
here is a smart tool we had for enforcing discipline on internet usage.
http://www.monitoring-softwares.com/
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Project Management

From novice to tech pro — start learning today.