Acceptable Use Policy

Acceptable intent Policy Artiesha Artis CIS 462 harborion Strategies and Policy Professor Darrell Nerove October 20, 2012 Working in legion(predicate) different arnas small-arm pursuing my degree in Com arrangeer Security has opened my optics to legion(predicate) things, one thing that I baffle sight is that some companies felt that they were immune to data breaches. I have drilled in smaller organizations that just didnt have the knowledge to protect their web against warranter breaches.One inexpensive and very productive way to subvert lack of resources or know how is with an Acceptable phthisis police. An acceptable engage insurance is not adorn in enter to snoop on individuals quite an than to protect the notees assets. The AUP (acceptable practise indemnity) that I want to pore on is one that g all overns internet drill. Acceptable utilise policy regarding internet usage normally holds study about websites that be off limits as easily as defining a scope for what sites are allowed to be accessed for personal surfing.Most AUPs are put in interpose to protect the comp boths employees, classners and the company itself from any illegal or electronegative actions by individuals knowingly or unknowingly. Confidentiality, integrity and accessibility are the founding stables of insuring that information is secure. An acceptable use policy enforces confidentiality, integrity and avail competency by restrain access and disclosure to authorized users the right volume and preventing access or disclosure to unauthorized ones the impairment people. , as wellhead as requiring employees to authenticate themselves in order to control access to data body resources and in turn hold employees responsible if violations take place under their user id. The company that I in short work for has an acceptable use policy it purposes is to cozy up an outline the acceptable use of the figurer equipment and systems that we are granted access to. It is always stated passim all the acceptable use policies I have seen that users must be aware that data created on corporate systems are property of the company.Employees are to good example sound judgment regarding personal usage of computer systems. To be quite honest the AUP at my watercourse organization is very straight forward and what I consider to be week. It is literally a secondment in the handbook that states that the internet systems are for traffic purposes scarcely, and that the company observes the right to monitor the usage of the parcel. I backside only think of a a few(prenominal) reasons why the AUP at my organization is so brief.I work in the healthcare industry and because we deal with a lot of member information we are much concerned with HIPPA violations. In conjunction with HIPPA we also revolve around on making sure we remain in compliance with the HITECH act. Since in that respect are other rules that we cause preoccupied with the focus is no longer place on the AUP at my job. You will notice although there is no strict regards to an AUP at my place of purpose there are filters and blocks in place so that certain websites are not able to be accessed.I have a few ideas on how I would implement a better AUP at my place of employment. I would first conduct a certain policy review. By performing an audit of my stream internet usage policy I would equivalence it with what I want my unexampled policy to be. fetching into careful consideration the degree of policy enforcement required. attached I would want to gain visibility of your network traffic. Using a vane traffic judgment tool, such as a proxy appliance, to place and monitor Internet traffic and to identify circumstantial areas or groups that are engaging in unfitting or excessive Web use.This would allow me to read how much time users and user groups spend on the Internet during an average workday and what policies may wishing to be implemented. I w ould then concentrate on working collaboratively with all departments to enforce my end purpose concentrating on the departments that have a bearing on the companywide Internet use policy, especially tender-hearted resources and IT ensuring that there are no mismatches between the policies established and the ability of the network infrastructure to support them.After all this is all then we would need to test my new policy by conducting an exercise with key users when the policy is at a draft stage. This will ensure that the policy is both practical in terms of achieving its objectives and sufficiently flexible to accommodate change or hand brake situations. Then I would create a formulate for announcing the new Internet usage policy throughout the organization to ensure that employee communication is well managed, the policy is understood and the restrictions imposed are fully justified.This would include denying access to Internet resources until users agree to accept the ne w policy. I would then ensure monitoring employee use is automated through Web monitoring software product. I tactile property it would be a waste of human resources to assign a person or team to monitor the Internet activities of all company employees as a supervisor I know that there is just no time for looking over someones shoulder. Web monitoring software would provide efficient and comprehensive reports and data laughingstock be accessed within minutes.Stricter automation would allow vigilance to set boundaries for site browsing, prevent downloading and installing of software and has multiple scanning engines to ensure that allowed downloads are dislodge of viruses and other malware. By controlling downloads and browsing in real-time, the network is protected from malware. There is also the cake of data leakage through socially-engineered websites and it also helps tailor cyber-slacking, thus boosting employee and business productivity.In order to increase sentience of the importance of AUP and the need for them I would hold egg companywide training. I would also have quarterly reviews on what to do if. I have always believed that the only way for end users to truly embrace and sympathise the importance of any new policy or procedure implemented is to make them part of it, so during training I would ask for suggestions on how the employees feel they could make things smoother or easier and I would send word them to keep an eye out for violations.Having individuals keep an eye out on violations is the more challenging part of it all because no one wants to be a snitch but in order for any policy or procedure to work well to its fullest all wheels have to turn in the homogeneous direction. Of course the responsibility of reporting violations wont be solely on staff because I would want monitoring in place to countenance with that.AUPs are put in place to protect a companys data assets and confidential information while also safeguarding employe es and maintaining standards concerning the use of the Internet during working hours. Implementing Web monitoring software is an investment in pledge and could prevent employees from cyber-slacking or abusing the companys trust with work-related information. By implementing and enforcing a solid AUP and providing ongoing, end-user education and training, a company can minimize risk, allowing them to focus on growing their business ather than the need to repair it. ? References Gaskin, J. E. (1998). Internet acceptable usage policies. Information Systems Management, 15(2), 20 Johnson , R. , Merkow, M. (2011). Security Policies and Implementation Issues. Sudbury, MA Jones & Bartlett. Palgi, R. D. (1996). Rules of the Road Why You Need an Acceptable Use Policy. School Library Journal, 42(8), 32-33. Siau, K. , Nah, F. , & Teng, L. (2002). ACCEPTABLE INTERNET practice POLICY. Communications of the ACM, 45(1), 75-79.