This report provides an analysis of information security threats and vulnerabilities, focusing on the development of appropriate control measures to mitigate risks. The report centers on the crucial role of a security policy in maintaining data confidentiality and addressing employee conduct within an organization, particularly concerning internet usage. It outlines the Internet Usage Policy, detailing allowed and prohibited activities, access protocols, software license agreements, public information review, and monitoring procedures. The report emphasizes the importance of adhering to these guidelines to ensure network security, protect corporate image, and maintain the confidentiality of sensitive information. It also addresses penalties for policy violations and the legal actions that may be taken in such instances. The discussion highlights the significance of security policies in general and internet usage policies in specific, providing insights into the responsibilities of employees and the limitations they face in the context of organizational resources.