Development of Acceptable Use Policy

Verified

Added on 2023/01/17

AI Summary

This article discusses the development and implementation of an Acceptable Use Policy (AUP) for network access in organizations. It explains the importance of setting boundaries and accountability for internet use, and provides a list of key policies that should be included in an AUP.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION ASSURANCE RISK AND COMPLIANCE
INFORMATION ASSURANCE RISK AND COMPLIANCE
Name of the Student
Name of the Organization
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1INFORMATION ASSURANCE RISK AND COMPLIANCE
Development of Acceptable Use Policy
An acceptable use policy or AUP is a particular document which is used to stipulate all
the practices which any user should agree for getting access to any network of any corporate
sector. Several facilities of business as well as educational organizations need that every
employees or students must sign an acceptable use policy (AUP) before being granted an ID of
the network (McMenemy, 2014). AUP can also be defined as a usage policy which is acceptable
comprising of a set of rules and regulations by the creator or rather the administrator of a
particular network or service.
Whenever an Internet service Provider of ISP is signed up, it has been noticed that an
AUP will be provided which will clearly several policies and stipulations which are needed to be
followed by all the members of that particular network (Isaacs et al., 2014). An Acceptable Use
policy is mainly implemented within any organizations by giving all the staffs with a set of two
copies. There will be a signed copy which will remain on the file (Gallagher, McMenemy &
Poulter, 2015). An appropriate and a clear Acceptable Use Policy will be capable of setting a
boundary of the use of the internet and keeps all the staffs accountable for that. Several strict
actions may be taken if there is even a slight deviation from the policy which will be developed
for a particular organization (Shepherd & Mejias, 2016). The main purpose of this policy will
define what type of actions the users will perform for accessing systems and the equipment of
networking.
The main Acceptable Use Policies which are developed are listed below:

2INFORMATION ASSURANCE RISK AND COMPLIANCE
 All kinds of proprietary data and information which are stored on several devices of
computing or networks whether owned or rather leased by any particular authority,
authorised member or a third party, must remain the sole property of that authority.
 Reservation of the rights for auditing networks as well as systems on a basis which will be
periodic for ensuring compliance with the policy.
 All computing systems which are connected to the network internally should comply with
that of the Minimum Access Policy.
 The level of system and the password of the user level should comply with the policy of
password. Providing with the access to some other user, either mistakenly or deliberately for
securing the access, is totally prohibited.
 There is a strict prohibition in copying all the copyrighted materials which are unauthorised.
 Exporting information which are technical, software of encryption or any other software
present in the control laws of export is totally illegal.
 Sharing of the password of the account to other people or allowing the utilisation of the
account by others is strictly prohibited.
 Specially, for the purposes of maintenance of security as well as network, all the individuals
which are not authorised may monitor systems and the traffic of network at any time
whenever they want as per the Policy of Audit.
 All the authorized users should utilise an extreme caution while opening all the attachments
of e-mail which are mostly received form all the senders who are totally unknown. They may
contain a lot of malware.

3INFORMATION ASSURANCE RISK AND COMPLIANCE
Privacy Policy
The privacy policy is capable of providing all the privacies as well as the procedures for the
use of personal information within any particular organizations (Namada, 2018). These privacy
policies are needed to be followed by all the users. This policy will help in providing all the
essential guidelines needed for protecting the employees of the organization from causing harm
by the misuse of the resources, systems and data (Safa, Von Solms & Furnell, 2016). This policy
will outline how all the organizations utilise all the personal information which they collect. All
employees of their respective organizations must abide to follow the privacy policy for ensuring
high integrity, confidentiality as well as the availability of data as well as assets (Bennett &
Raab, 2017). This policy is applicable for all the employees who are belonging to any particular
organization.
 Accessing the information of the company which do not belong to the scope of the work of
an employee is strictly prohibited. This will include a reading which will be unauthorized of
some other’s information of the account, unauthorized access of the file information of a
personnel and access of the information which is not at all required for an appropriate
execution of the functions of job (Cockcroft & Rekker, 2016).
 Misusing or altering any data or information of the organization is prohibited. This will
include sharing of information or files with a consumer electronically with personnel who is
not authorized. Any individual found to be doing this will be expelled from the organization.
 Transmission of any kind of confidential or rather sensitive information will be directly
treated as an act of violation.
 Employees within the organization should not upload or send any kind of confidential
information on media hard drives which will be portable like mobile or pen drives.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4INFORMATION ASSURANCE RISK AND COMPLIANCE
 Utilization or duplication of the material which mostly infringes on the copyrights or the
rights of the organizations which are patent must be stopped. Transmission of any kind of
personal information or rather very sensitive information must be treated as an act of
violation. Any employee found doing such an activity will directly be expelled out of the
organization.
 Use of computers, laptops, mobile or some other resources for personal purposes without any
kind of approval from the manager of the organization will be considered as an indiscipline
action and may also include termination.
 Access to the system, resources or the network will be approved properly as well as provided
to an employee if and only if it is identified that all the business needs are reasonable.
 The system, information and other resources of the employees will be reviewed on a periodic
basis by mainly the departments of IT for ensuring that continuation needs exist.
 All the personal information within the organization must be kept secure, confidential and
with much care. Employees will be held responsible if there is any kind of leak of the
confidential information.

5INFORMATION ASSURANCE RISK AND COMPLIANCE
References
Isaacs, N., Kaminski, K., Aragon, A., & Anderson, S. K. (2014). Social networking: Boundaries
and limitations part 2: Policy. TechTrends, 58(3), 10.
Shepherd, M. M., & Mejias, R. J. (2016). Nontechnical deterrence effects of mild and severe
internet use policy reminders in reducing employee internet abuse. International Journal
of Human-Computer Interaction, 32(7), 557-567.
Gallagher, C., McMenemy, D., & Poulter, A. (2015). Management of acceptable use of
computing facilities in the public library: avoiding a panoptic gaze?. Journal of
Documentation, 71(3), 572-590.
Namada, J. M. (2018). Organizational learning and competitive advantage. In Handbook of
Research on Knowledge Management for Contemporary Business Environments (pp. 86-
104). IGI Global.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model
in organizations. Computers & Security, 56, 70-82.
Bennett, C. J., & Raab, C. D. (2017). The governance of privacy: Policy instruments in global
perspective. Routledge.
Cockcroft, S., & Rekker, S. (2016). The relationship between culture and information privacy
policy. Electronic Markets, 26(1), 55-72.
McMenemy, D. (2014, August). Towards a public library standard for acceptable use of
computing facilities. In IFLA World Library and Information Congress. 80th IFLA
General Conference and Assembly.