Issue Specific Security Policy (ISSP)

For my CIS-608 class, i need to draft a generic, sample Issue Specific Security Policy (ISSP)  that would be useful to any home computer user. So I have prepared a sample Issue Specific Security Policy (ISSP) for my house hold : "Security Policy Document for use of personal devices in Khadka household". Please review and provide the feed back on my work:

Statement of Policy

PURPOSE

This document establishes a policy for use of personal devices (cell phones, tablets, home computers, etc.) within the Khadka household premises to protect the sensitive information of the family members, relatives, visitors, and security of the Khadka house.

BACKGROUND

This document was developed because the use of personal devices within the Khadka household from the visitors, guest and neighbors increased during the last year which created the threat over the security of household assets. The use of the personal devices in the household network for personal communication, work related connections, gaming, television networks and use of the software created more thereat on the firewalls and injected malware in the network that created lots of downtime for the network repair during the peak hours and slowness in the browsing capacity.

SCOPE

This policy applies to all members of the Khadka family, guests, visitors and others using personal devices (Cell phones, tablets, laptops etc.) within the premise.

Failure to comply with the security requirements and policies will result in disciplinary action, legal issues and also restriction over the access of the network at any time inside the premise. Non- compliance includes willful or negligent violation of the personal devices, use of personal devices for the personal communication at family gathering, use of home network in personal devices at the dining table, use of computer software for gaming and video streaming over 2 hours continuously, negligence of the security policies that endanger the interest of Khadka family members.

Authorized access and usage of the equipment

All the users agree to comply by the household code of conduct to protect the household data. The use of the personal devices and connection to the household network should be authorized and authenticated. Access to the Khadka housed network must be:

• Authenticated and verified for visitors and guests
• Use of computer, laptops, and other devices within the household should be authorized
• Gaming station and use of TV network should be authorized and monitored
• Children under age of 16 should follow the guidelines of time limit (2 hours) for use of gaming devices, use of TV networks, mobile devices, computer usage
• Restricted use of the personal devices and connecting to the network during family gathering and after waking hours.
• Revoked when visitors, guests, outside family members tries to change the password and perform any infringement to the network.
• Visitors, guest and outside members should require use of guest access to connect the network.

Security Policies agreement

All the users and devices are required to comply all the existing security policies developed by Khadka hose hold and the current security policy. Some of the existing policies include:

• Information security policy for Khadka household
• Use of mobile and laptop policy
• Wireless use policy
• Remote access and device use policy
• Network/Malware/Virus policy
• Khadka family Privacy policy
• Copyright Information policy

Guests use of personal device

Personal devices including mobile devices, laptops, tablets, person computers, USB etc. are authorized to bring in the household premise but connection to the network should be authorized and monitored. These devices are prohibited to access the Khadka household’s communication, any personal information, sharing family member’s personal information to public. All guests/visitors should use guest password protected network to complete the use of the devices. Any guests/visitors required to use the personal devices for any emergency should be approved by the authorized house member.

Systems Management

Khadka house member is solely responsible for monitoring the use of external devices in the home network. Khadka household member should safeguard the software, networks and any household devices provided to the guests/visitors in any use. Khadka household is responsible for creating the guidelines of the device use in the Intranet and also publish all the lists of the approved devices, hardware, and password encrypted user accounts.

Prohibited Uses

Guests/visitors/neighbors are prohibited from adding any software, personal passwords, network password and household data in the personal devices. Data includes email communication, house member’s information, financial information, household personal files, any persona bookmarks, passwords, user accounts. Capturing images and videos of the personal data are not authorized within the household premise. Paring the household devices with the personal using the Bluetooth is strictly prohibited and only permitted with authorization. Any form of personal USBs are not allowed to use in the family network, hardware and software to store Khadka family information and data.  

Violations of the policy

Failure to comply with the security requirements and policies will result in disciplinary action, legal issues and also restriction over the access of the network at any time inside the premise.

Policy Review and modification

This policy will be reviewed and modified based on the family member’s agreement at the end of every year.

Limitations of Liability

Khadka household is not responsible for any lost or stolen devices during the unauthorized use within the Khadka home premise. Any devices borrowed from the house has to be reported to the Khadka household if they are stolen or lost.