Case Study 1: Acceptable Use Policy
CIS 462: Security Strategy And Policy
An organization’s acceptable use policy is an agreement that stipulates limitations that a client must to in order to give an organization the right to enter their corporate system. Most organizations require that an acceptable use policy be signed by representatives or understudies before any credentials are transferred over. An acceptable use policy can set limits on anything from disregarding laws, to breaking into the security of the system, to sending spam messages to any individuals.
At Brown University, the computing resources are used to support research, education, and the instructional and managerial activities that the university takes part in, including the way that these assets can be used to benefit the individuals that attend it. When working within this environment, the university grants entry into assets, information, and the internal and external systems. The stipulation that comes with this is that the use of these aspects of the university must be used in lawful and ethical ways. As a general rule, the acceptable use policy sets boundaries so that this access is not used in exploitative ways. If there is an instance of the acceptable use policy being infringed upon, the university management decides whether or not to enact disciplinary measures, including suspension or termination from the university. In addition to these consequences, the infringer is also subject to state and government laws regarding internet regulations and policies regarding privacy. These policies apply to all of the clients that are employed by the university, as they are incorporated into the official personnel workforce of the university. These policies extend from the computers on the grounds to remote devices that are granted access to the network. The university grants access to the academic and business related systems, including servers, PC frameworks, and the programming databases with little oversight, and require very specific degrees of security and insurance against misuse. The policy enacted can cover anything from limits on utilization of systems and their accounts and documents, to limits on information that can be used in order to further any ulterior motives. The acceptable use policy must be followed at all time to ensure integrity, confidentiality, availability, and accountability.
In order to avoid liability and mitigate risk exposure, the university can enact policies that ensure a fair share of resources. The university network, system, and servers are broadly shared among users. The university can place restrictions on who can use what and who has authority to access what information and when. In this way, no special point of interest is prioritized over another, and no complaints can be levied against the university. The acceptable use policy must also make sure that users adhere to local, state, and federal laws. In addition to this, users must also adhere to any copyright laws and licenses that might need to be used in order to complete any projects. This includes any recordings, music, pictures, writings, and other media that might be used. It is far too simple for any media to be used without the proper authorization required to use them, and that can lead to a lot of trouble down the line. The best way to prevent any negligence is to provide training to employees. Once an acceptable use policy is implemented, anyone that is affected by it needs to know exactly what is expected of them.
To create awareness of the acceptable use policy, employees must know exactly what the policy entails. To do this, the employer can put the policy in writing and require that each employee be given a copy at different points throughout the year. In addition to this, the organization can keep the policies physically posted in places where employees can continuously see them. At some point, the employees will find some time to refresh themselves on the policies and make sure that they are following the predetermined procedures. The organization can also provide their employees with learning seminars that aim to explain and emphasize the policies and stress just how important they are to the organization. To make the awareness sink in, the organization can seek out a third-party presenter, as hearing from someone not associated with the organization itself can increase the level of excitement about learning.
Acceptable use policies are important for management because they set guidelines for employees who might use their position in order to exploit information. The important consideration to make is to keep a balance between protecting privacy and information and enhancing the level of employee participation in the activities of the organization. Setting policies that are too prohibitive can limit the amount of access that employees need to competently perform their jobs, but policies that are too lax can put the organization at risk.
getsafeonline.org. (n.d.). Sample Acceptable Usage Policy . Retrieved from www.getsafeonline.org: https://www.getsafeonline.org/themes/site_themes/getsafeonline/download_centre/Sample_Acceptable_Usage_Policy.pdf
gfi.com. (n.d.). The importance of an Acceptable Use Policy . Retrieved from www.gfi.com: http://www.gfi.com/whitepapers/acceptable_use_policy.pdf
techtarget.com. (n.d.). acceptable use policy (AUP). Retrieved from whatis.techtarget.com: http://whatis.techtarget.com/definition/acceptable-use-policy-AUP