What are Computer Policies

Computer policies are a group of rules that govern the use of computers and information systems (Rhodes-Ousley, 2013, p.124). The leading collection of rules that make up computer policies are authentication policies. Password policies are rules that govern creation and use of passwords. Password policies rank first in authentication policies. Boyle and Panko (2012) agree that good passwords prevent attackers from gaining access to computers and information systems (p. 262).

Example of Computer Policy

As an example, online banking system often employ different password policies. To begin with, they have a password length policy that requires all passwords to be at least 8 characters long. This policy ensures passwords cannot be guessed or cracked easily. They also implemented a password duration policy, for example, some banks set the online banking passwords to expire after 29 days hence the password must be changed every 29 days. The passwords must also be a mixture of numbers, characters, small and capital letters and a previously used password cannot be reused. Finally, any user that requests to change the password is authenticated often by email and text message confirmations.

The user is also require to pass the security and authentication questions before accessing the password reset page. When a user fails the authentication process or inputs a wrong password three times, the account is suspended and the user is asked to visit the nearest bank branch with valid identification documents.

References

Boyle, R. and Panko, R. (2012). Corporate computer security. 3rd ed. Boston: Pearson.

Rhodes-Ousley, M. (2013). Information Security: The Complete Reference (2nd ed.). New York, NY: McGraw-Hill.

Related Questions:

Explain Policy Categories and the Form and Organization Components

Explain the Different Security Positions Within Information Security

Explain What a Security Incident Response Team Handles