You have just been hired as the Security Manager of a medium-sized Financial Services company employing 250 people in New Hampshire, and have been asked to write two new security policies for this company. The first one is an e-mail policy for employees concentrating on personal use of company resources. The second policy is that of WIFI and Internet use within the company. There are many resources available on the web so researching these topics and policies should be easy. The most difficult part of this exercise will be determining how strict or how lenient you want to make these policies for this particular company. Project Plan You are asked to create two separate policies on use of EMAIL and a WIFI/INTERNET USE within the company. Be specific in your terms and conditions of use. Consider these items to be included in your policies (as applicable). 1. Overview 2. Purpose 3. Scope 4. Policy 5. Policy Compliance 6. Related Standards, Policies and Processes 7. Definitions and Terms

Title: Security Policies for Email and WIFI/Internet Use in a Financial Services Company

1. Overview:
The purpose of this policy is to establish guidelines and provisions for the use of company resources, specifically email and WIFI/Internet within a medium-sized Financial Services company. This policy aims to enhance security, promote professional conduct, and protect the company’s assets and reputation.

2. Purpose:
The purpose of this policy is to provide employees with clear and concise instructions regarding the appropriate use of company email and WIFI/Internet resources. It aims to minimize risks associated with unauthorized use, data breaches, information leaks, and productivity loss.

3. Scope:
This policy applies to all employees, contractors, and third parties who are granted access to the company’s email and WIFI/Internet network. It covers all devices owned or provided by the company, including computers, laptops, mobile devices, and any other electronic communication tools.

4. Policy:

4.1 Email Usage:
4.1.1 All company email accounts are to be used for business purposes only. Personal use should be limited and kept to a minimum.
4.1.2 Employees should exercise caution when sending or receiving emails and refrain from using offensive, derogatory, or inappropriate language.
4.1.3 Electronic communications should not be used for transmitting confidential or sensitive information unless properly protected and authorized.
4.1.4 Employees are responsible for regularly monitoring and managing their email accounts for security and storage purposes.
4.1.5 Email forwarding to personal email accounts is strictly prohibited unless approved by the authorized personnel.
4.1.6 Usage of email for unauthorized or illegal activities, including but not limited to spamming, phishing, or sending unauthorized messages, is strictly prohibited.

4.2 WIFI/Internet Usage:
4.2.1 WIFI/Internet access is provided solely for business purposes and should be used in accordance with the company’s policies, procedures, and applicable laws.
4.2.2 All WIFI networks and Internet connections should be secured with strong passwords and encryption protocols.
4.2.3 Employees are prohibited from accessing, downloading, or distributing unauthorized, offensive, or illegal materials. This includes but is not limited to pirated software, adult content, and discriminatory or hate speech.
4.2.4 Employees should refrain from excessive personal Internet browsing that may impact their productivity or consume excessive network resources.
4.2.5 The company reserves the right to monitor and log all Internet usage, including websites visited, time spent, and data transferred.

5. Policy Compliance:
5.1 Failure to comply with this policy may result in disciplinary action, up to and including termination of employment or contract.
5.2 All employees are required to review and acknowledge their understanding and acceptance of this policy.

6. Related Standards, Policies, and Processes:
6.1 This policy should be read in conjunction with other relevant company policies, including but not limited to the Acceptable Use Policy, Data Protection Policy, and IT Security Policy.
6.2 Regular training and awareness programs will be conducted to educate employees on this policy and related security practices.

7. Definitions and Terms:
7.1 Email: Electronic mail, a method of exchanging digital messages.
7.2 WIFI/Internet: Wireless network technology for accessing the Internet or other computer networks.
7.3 Authorized Personnel: Individuals designated by the company to oversee and manage email and WIFI/Internet access.
7.4 Data Breach: Unauthorized access or disclosure of confidential or sensitive information.