Top-Rated Free Essay
Preview

Acceptable Use Policy

Powerful Essays
1267 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Acceptable Use Policy
Acceptable Use Policy
Artiesha Artis
CIS 462
Security Strategies and Policy
Professor Darrell Nerove
October 20, 2012

Working in many different arenas while pursuing my degree in Computer Security has opened my eyes to many things, one thing that I have noticed is that some companies felt that they were immune to data breaches. I have worked in smaller organizations that just didn’t have the knowledge to protect their network against security breaches. One inexpensive and very productive way to counteract lack of resources or know how is with an Acceptable use police. An acceptable use policy is not put in place to snoop on individuals rather than to protect the businesses assets.
The AUP (acceptable use policy) that I want to focus on is one that governs internet usage. Acceptable use policy regarding internet usage normally includes information about websites that are off limits as well as defining a scope for what sites are allowed to be accessed for personal surfing. Most AUP’s are put in place to protect the company’s employees, partners and the company itself from any illegal or damaging actions by individuals knowingly or unknowingly. Confidentiality, integrity and availability are the founding stables of insuring that information is secure. An acceptable use policy enforces confidentiality, integrity and availability by limiting access and disclosure to authorized users -- "the right people" -- and preventing access or disclosure to unauthorized ones -- "the wrong people.”, as well as requiring employees to authenticate themselves in order to control access to data system resources and in turn hold employees responsible if violations occur under their user id.
The company that I presently work for has an acceptable use policy it purposes is to highlight an outline the acceptable use of the computer equipment and systems that we are granted access to. It is always stated throughout all the acceptable use policies I have seen that users must be aware that data created on corporate systems are property of the company. Employees are to exercise sound judgment regarding personal usage of computer systems. To be quite honest the AUP at my current organization is very straight forward and what I consider to be week. It is literally a blurb in the handbook that states that the internet systems are for business purposes only, and that the company observes the right to monitor the usage of the software. I can only think of a few reasons why the AUP at my organization is so brief. I work in the healthcare industry and because we deal with a lot of member information we are more concerned with HIPPA violations. In conjunction with HIPPA we also focus on making sure we remain in compliance with the HITECH act. Since there are other rules that we become preoccupied with the focus is no longer place on the AUP at my job. You will notice although there is no strict regards to an AUP at my place of employment there are filters and blocks in place so that certain websites are not able to be accessed.
I have a few ideas on how I would implement a better AUP at my place of employment. I would first conduct a current policy review. By performing an audit of my current internet usage policy I would compare it with what I want my new policy to be. Taking into careful consideration the degree of policy enforcement required. Next I would want to gain visibility of your network traffic. Using a Web traffic assessment tool, such as a proxy appliance, to identify and monitor Internet traffic and to identify specific areas or groups that are engaging in inappropriate or excessive Web use. This would allow me to analyze how much time users and user groups spend on the Internet during an "average" workday and what policies may need to be implemented. I would then concentrate on working collaboratively with all departments to enforce my end goal concentrating on the departments that have a bearing on the companywide Internet use policy, especially human resources and IT ensuring that there are no mismatches between the policies established and the ability of the network infrastructure to support them.

After all this is completely then we would need to test my new policy by conducting an exercise with key users when the policy is at a draft stage. This will ensure that the policy is both practical in terms of achieving its objectives and sufficiently flexible to accommodate change or emergency situations. Then I would create a plan for announcing the new Internet usage policy throughout the organization to ensure that employee communication is well managed, the policy is understood and the restrictions imposed are fully justified. This would include denying access to Internet resources until users agree to accept the new policy. I would then ensure monitoring employee use is automated through Web monitoring software. I feel it would be a waste of human resources to assign a person or team to monitor the Internet activities of all company employees as a supervisor I know that there is just no time for looking over someone’s shoulder. Web monitoring software would provide efficient and comprehensive reports and data can be accessed within minutes. Stricter automation would allow management to set boundaries for site browsing, prevent downloading and installing of software and has multiple scanning engines to ensure that allowed downloads are free of viruses and other malware. By controlling downloads and browsing in real-time, the network is protected from malware. There is also the prevention of data leakage through socially-engineered websites and it also helps reduce cyber-slacking, thus boosting employee and business productivity.
In order to increase awareness of the importance of AUP and the need for them I would hold formal companywide training. I would also have quarterly reviews on what to do if. I have always believed that the only way for end users to truly embrace and understand the importance of any new policy or procedure implemented is to make them part of it, so during training I would ask for suggestions on how the employees feel they could make things smoother or easier and I would advise them to keep an eye out for violations. Having individuals keep an eye out on violations is the more challenging part of it all because no one wants to be a snitch but in order for any policy or procedure to work well to its fullest all wheels have to turn in the same direction. Of course the responsibility of reporting violations won’t be solely on staff because I would want monitoring in place to assist with that.
AUPs are put in place to protect a company 's data assets and confidential information while also safeguarding employees and maintaining standards concerning the use of the Internet during working hours. Implementing Web monitoring software is an investment in security and could prevent employees from cyber-slacking or abusing the company 's trust with work-related information. By implementing and enforcing a solid AUP and providing ongoing, end-user education and training, a company can minimize risk, allowing them to focus on growing their business rather than the need to repair it.

References
Gaskin, J. E. (1998). Internet acceptable usage policies. Information Systems Management, 15(2), 20
Johnson , R., Merkow, M. (2011). Security Policies and Implementation Issues. Sudbury, MA: Jones & Bartlett.
Palgi, R. D. (1996). Rules of the Road: Why You Need an Acceptable Use Policy. School Library Journal, 42(8), 32-33.
Siau, K., Nah, F., & Teng, L. (2002). ACCEPTABLE INTERNET USE POLICY. Communications of the ACM, 45(1), 75-79.

References: Gaskin, J. E. (1998). Internet acceptable usage policies. Information Systems Management, 15(2), 20 Johnson , R., Merkow, M. (2011). Security Policies and Implementation Issues. Sudbury, MA: Jones & Bartlett. Palgi, R. D. (1996). Rules of the Road: Why You Need an Acceptable Use Policy. School Library Journal, 42(8), 32-33. Siau, K., Nah, F., & Teng, L. (2002). ACCEPTABLE INTERNET USE POLICY. Communications of the ACM, 45(1), 75-79.

You May Also Find These Documents Helpful

  • Good Essays

    The User Domain will enforce an acceptable use policy (AUP) to define what each user can and cannot do with any company data shall he or she have access to it. As well as with company users, any outside contractor or third-party representatives shall also need to agree and comply with the AUP. All users must be properly identified and sign this AUP prior to gaining any access whatsoever to the company network. No exceptions. Any violation will be taken up with company executives and/or the authorities to assess further punitive action.…

    • 471 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    Discussion 1

    • 396 Words
    • 2 Pages

    A security policy defines limitations on individual behavior or system performance and details activities that are permitted, controlled or prohibited within the company. In order for policies to be effectual, senior management must endorse them, they must be communicated to all employees, undergo recurring reviews, and be assessed for usefulness. A security program encompasses all of the required pieces necessary to successfully protect a business. It should include policies, requirements, standards and procedures. Security plans should be operative at all levels of a corporation to be effective. Management should communicate a formal explanation of what is acceptable by all employees. Management should also clearly dictate what the consequences of noncompliance are. Organizations can use the ISO-27002:2005 as an outline to create a security policy.…

    • 396 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    unit 4 assignment 2

    • 303 Words
    • 2 Pages

    After research and careful consideration of some of the other policies listed by other companies such as AT&T, Sprint, T-Mobile, and Verizon Wireless, Richman Investments has come up with the an acceptable use policy (AUP).…

    • 303 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Unit 2 Lan

    • 272 Words
    • 2 Pages

    Define a LAN-to-WAN, Internet, and Web surfing AUP that restricts usage of the company’s Internet connection and permits the company to monitor usage of the corporate Internet connection. Carefully evaluate the implications of each policy and how implementations might impact the IT infrastructure, both positively and negatively. Weigh the benefits and the disadvantages of each method. Consider whether or not a proposed solution causes an interruption to the legitimate users and how it might bring security at the expense of preventing a perfectly legitimate…

    • 272 Words
    • 2 Pages
    Good Essays
  • Good Essays

    The purpose of this policy is to describe what steps must be taken to ensure that users connecting to the corporate network are authenticated in an appropriate manner, in compliance with company standards, and are given the least amount of access required to perform their job function. This policy specifies what constitutes appropriate use of network accounts and authentication standards.…

    • 1461 Words
    • 6 Pages
    Good Essays
  • Good Essays

    You Decide Assignment

    • 755 Words
    • 4 Pages

    The first policy I will be talking about is the general use and ownership. There are four major parts in this policy that are significant to its ruling. The first being that the "Company 's network administration desires to provide a reasonable level of privacy, users should be aware that the data they create on the corporate systems remains the property of the company" (it-security-policy.com, 2010). The company has the ownership of the equipment that the employees are using, any information that the employees leave in the system is considered to be the company 's property. Employees need to practice good judgment on what to save in the company system. Next, any information that is important to the company and considered to be vulnerable needs to be encrypted. This will prevent any sensitive information to be stolen, and will keep any data protected. Third, the company has the option to run an audit with its respected networks and systems. It 's a procedure that is used to ensure that all policies are met and followed. And lastly, "Employees are responsible for exercising good judgment regarding the reasonable of personal use"(Merkow, 2005, p. 377). From email usage, to data entry, as a company, employees are responsible for our own awareness, and be cautious about what we 're doing.…

    • 755 Words
    • 4 Pages
    Good Essays
  • Better Essays

    It255 Project Part 1

    • 634 Words
    • 3 Pages

    Conducting annual security training for the user in the user domain will cover the Acceptable Use Policy (AUP). Informing the users will be of what is acceptable and unacceptable use of the system. This layer also needs constant monitoring.…

    • 634 Words
    • 3 Pages
    Better Essays
  • Better Essays

    These standards and procedures apply to all information systems and resources under the control of Corporation Tech, including all computers connecting to the Corporation Tech network and all Corporation Tech System employees, contractors, and any other individuals who use and/or administer those systems and computers, particularly those involved with information system management.…

    • 4134 Words
    • 12 Pages
    Better Essays
  • Good Essays

    Richman Investments at all times is to establish acceptable and unacceptable use of electronic devices and network resources. All employees of Richman Investments must comply with the rules and regulations for use of the Internet, sending e-mail, going to social media sites, and downloading attachments. The Richman Investments AUP will help achieve these goals.…

    • 441 Words
    • 2 Pages
    Good Essays
  • Powerful Essays

    It 244 Appendix B

    • 3468 Words
    • 14 Pages

    Due in Week Nine: Write 3 to 4 paragraphs giving a bottom-line summary of the specific measureable goals and objectives of the security plan, which can be implemented to define optimal security architecture for the selected business scenario.…

    • 3468 Words
    • 14 Pages
    Powerful Essays
  • Good Essays

    Project for IS3350

    • 588 Words
    • 3 Pages

    You will gain an understanding of the aspects involved in the conception, enforcement, and implementation of security policies. You will also gain insight to risk analysis and will learn how to respond to any given situation that might arise from a violation of those security policies.…

    • 588 Words
    • 3 Pages
    Good Essays
  • Good Essays

    The user domain is the employees who access the organization network and IT infrastructure. There should be a policy in place that defines what the employee can do inside the organization. A employee handbook would be beneficial and should list all of the guidelines and procedures. Many smack threats can be avoided by the lack of knowledge and security violations. Reminders like emails and periodic meetings can help employees be more aware about threats and technology updates. If there is a security violation the employee should be under watch and have a meeting with their supervisor. Employee’s daily usage should also be supervised periodically to…

    • 347 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    Note. The Week Two assignment has been identified as a tool to assist in the university’s Programmatic Assessment Project. As such, completed student assignments may be periodically sampled for program analysis purposes. To assist in maintaining the integrity of the data collected, do not change the content of this assignment. Please delete this note before submitting to students.…

    • 627 Words
    • 4 Pages
    Satisfactory Essays
  • Satisfactory Essays

    lab 4

    • 451 Words
    • 2 Pages

    Compare the portions that address Internet and e-mail access of at least three different companies.…

    • 451 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    References: Johnson, Rob. with Merkow, Mike. Security Policies and Implementation Issues. First Edition. Copyright © 2011by Jones & Bartlett Learning, LLC, an Ascend Learning company…

    • 577 Words
    • 2 Pages
    Good Essays