What is an acceptable use policy (AUP)?An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to a corporate network, the internet or other resources. Many businesses and educational institutions require employees or students to sign an AUP before being granted a network ID. Show
From an information technology (IT) perspective, an AUP states what a user can and cannot do when using computers and computing resources. This applies whether the organization provides the device or it is a personal device that the user provides. One of the benefits of an AUP is that it spells out acceptable and unacceptable employee behavior and actions. AUPs also provide a company with a legal mechanism to compel compliance, and they describe penalties for noncompliance. 9 key elements of an acceptable use policyInternet service providers (ISPs) usually require new customers to sign an AUP. It may be part of a service level agreement (SLA) between the ISP and customer. The following are nine stipulations that might be included in an ISP's acceptable use policy:
A disclaimer is often included in an AUP absolving the organization from responsibility for a data breach, malware or other issue. Statements about when a person is in violation of this policy and when law enforcement might be called in could also be included. Examples of how AUPs are usedThe following are examples of areas where an acceptable use policy could be helpful:
Best practices to ensure AUPs are followedSigning an acceptable use policy may be required as part of an employment contract. It often happens during the employee onboarding process or as needed with existing employees. However, employees must be reminded periodically of their responsibility to understand and adhere to the rules spelled out in the AUP. Some best practices that help employees comply with these policies include the following:
BYOD acceptable use policies are becoming common. Find out more about BYOD policy enforcement and creation. This was last updated in June 2022 Continue Reading About acceptable use policy (AUP)
Which of the following are control categories?Internal controls fall into three broad categories: detective, preventative, and corrective.
What is the security plan?The purpose of a Security Plan is to enhance and maintain the security of a licensee's operation by assessing a site for security risks, developing measures to address security issues by incorporating current security programs and developing new ones if necessary, and formalizing responses to and reporting procedures ...
Which of the following are often identified as the three main goals of security select three?Confidentiality, integrity and availability together are considered the three most important concepts within information security. Considering these three principles together within the framework of the "triad" can help guide the development of security policies for organizations.
Which term describes hackers who do not have any affiliation with a company but risk breaking the law by attempting to hack systems?Black hat hackers are malicious hackers, sometimes called crackers. Black hats lack ethics, sometimes violate laws, and break into computer systems with malicious intent, and they may violate the confidentiality, integrity, or availability of an organization's systems and data.
|