In a world where information is a crucial resource, security for such a vital resource to any organization is necessary. The increased use of digital platforms to undertake business and major activities have attracted more security threats such as information theft and distortion. Therefore, organizations have instituted a chief security officer whose key responsibility is to safeguard an organization’s information. Extensively they also oversee the physical security of organizations’ assets and personnel (Moore, 2021). International Monetary Fund (IMF) is a global organization constituted of 190 countries whose aim is to promote global financial cooperation, push for favorable economic conditions, and ensure its member countries' financial stability (IMF, 2021). In the recent past, this organization has been faced with serious cyber security threats. This is partly attributed to the varying level of digitization in the member countries since some developing countries lag on technology matters. Therefore, this paper seeks to discuss the IMF's computer and internet security policy as per the Chief Security Officer (IMF, 2021). The paper will focus on three significant internet security policies: Computer and email acceptable use policy, Internet acceptable use policy, and Password protection policy.

            International Monetary Fund has heavily invested in its computing and networking infrastructure as it forms a good percentage of its total assets. This massive investment in equipment such as printers, computers, and accessories has been necessitated by the dynamic nature of technology and the need to remain relevant in the current world. In this regard, there is a need for a policy that seeks to protect the usage of such infrastructure. Under the Computer and email acceptable policy, the chief security officer developed acceptable and unacceptable use (City, 2014). For instance, authorized users of the computers and related devices are restricted to only trained and certified personnel working in the organization who can access these devices. The use of such equipment is also restricted to only IMF-related duties and any other duty that seeks to improve the functions and dispensation of organization duties. Under the unacceptable use, the policy spells out that the organization's computer hardware and devices shall not be utilized in activities that are non-related to the organization's activities. Also, these devices should not be used to perform tasks that contradict the organization's policy or the member country's laws. For instance, computers should be used to store or transmit data that threaten the safety of the organization's data security, such as containing a virus or may expose vital information of the company.

            Additionally, the policy denies one permission to install unapproved software or unauthorized personal accounts such as email. The computers and networks shall solely be used for the IMF and not any other individual interest (IMF, 2021). Installing software, including but not limited to videogames, specialized applications, and screensavers is not permitted under the policy. The organization also has a communications desk responsible for receiving and dispatching information through whichever medium is available. Therefore it is illegal for unauthorized staff or users to gain access to the communication mediums such as organization’s mail and toll-free lines (Gollmann, 2010). Only permitted personnel are allowed to receive and act accordingly to the information and respond to the sender. This policy seeks to address information mismatch, misinterpretation, and information loss that would likely occur when several users.

Finally, under the Computer and email acceptable use policy, guidelines are set on when the hardware and software should undergo routine maintenances and the personnel responsible for the same.  The policy spells out that the systems department is the only unit responsible for system maintenance and that routine maintenance should be done periodically to avoid system failures.

            The second part of the policy is about the internet acceptable use policy, which spells out the dos' and don'ts for employees while using the organization's internet. This policy targets all the organization staff that only has access to the organization’s computers and internet (City, 2014). For instance, all employees are required to use the internet responsibly and in a productive manner without requiring the organization to incur additional charges. The authorized users of the organization’s internet are expected to only use the internet as per their job description or research to further their knowledge relating to their areas of specialization. Additionally, all the data or information formulated, received, or sent through the organization's internet and communication platforms entirely belong to the organization and are subject to disclosure for either third party or any legal reasons. It is presumed that all devices and appliances accessing the organization's internet belong to IMF. Therefore IMF reserves the right to monitor data access and internet traffic in those particular devices (IMF, 2021).  The policy also declines the use of the organization's internet for accessing controversial sites such as pornographic sites, terrorism, politics, and other sensitive topics such as religious inclinations.

            According to SHRM (2021), passwords are an essential aspect of computer security as they offer frontline protection for accounts against unpermitted access. Password Protection Policy spells out the standards required for creating, protecting, and changing passwords in organizations. Also included in the policy are all authorized employees who manage different organization's accounts. The policy spells require that users never share their passwords with anyone either within or without the organization. Any damages resulting from a breach of this policy would mean full responsibility on the password holder. Any distortion or loss of data traceable to the shared password would attract heavy penalties. It is also included in the policy that passwords should conform to a particular order for strength and reduce their predictability (SHRM, 2021). Common names or items relating to the organization in the public domain should not also be used.  Routine password changing is also provided in the policy. Employees are advised to routinely review their passwords to prevent any chances of hacking or leakage. Password changing or setting should be done with the assistance of the IT department while still maintaining privacy (Gollmann, 2010). The organization should also seek to test the strength of their passwords by employing the services of authorized penetration testers who perform password checks by cracking or guessing along with given patterns. Generally, passwords reliability entirely depends on the discipline of employees as they are the first users and can create passwords with varying strengths.

In conclusion, the current global trend has shifted from analog to digital, where most online space is being explored. This shift has brought along magnificent opportunities and convenience. However, the digital era has not been short of challenges as cyber security has posed a significant threat. These challenges have pushed for organizations, IMF included, to have a Chief Security Officer oversee the physical assets and data stored in space. The above-discussed policies, if well implemented, would guarantee utmost security to the organization. However, due to the ever-changing nature of technology, these policies should be regularly reviewed to remain relevant. The Computer and email acceptable use policy hold a critical point as it contains a significant component related to the other policies.