1. Three principles that I think should be part of an ethical computer use policy are-
- Treat organization’s resources with respect – no manhandling, abusing, stealing, misusing, intentional damaging.
Justification: Employees/guests/contractors should at all times be aware that all equipment, network services, and infrastructure are company-owned and should be mindful of their activities.
- Use resources for intended purposes – the Internet to supplement and support your work, the email system for work-related communication, the computer for work-related functions and files.
Justification: Employees/guests/contractors should understand that all resources have been provided to help them function better and that it is necessary to use them for official purposes only. This is will cover Internet misuse (pornography/gambling/personal social media etc.)
This would also address the “integrity” core value of Saint Leo.
- All activities on the organization’s resources are pertaining to your job function, role, under the implicit or explicit consent of your supervisor, and for the benefit of the organization.
Justification: Employees/guests/contractors should perform activities to fulfill their daily tasks for the benefit of the organization. If an employee needs to hide what he is doing from his supervisor – he must certainly should NOT be doing it on office equipment and work time.
2. I don’t personally think any company is known for its “cultural cybersecurity awareness”, and it is always a “work-in-progress”, as it should be. Complacency and resting on your cyber-safe laurels would be a disaster waiting to happen.
However, I would like to discuss the cultural security atmosphere at Harvard University as seen from their public media presence: https://security.harvard.edu/