.: Developing a Standard AUP
By:Jennifer
Category:Home / Computers / Security
Developing an Acceptable Usage Policy (AUP) requires organizations to utilize a process that can ensure their AUP, once implemented, is as effective as possible. One popular method for this sort of Management Assessment is called RISK, an acronym that stands for requirements, identify, select and know. Employing RISK to build an effective AUP is important whether an organization is publicly or privately held. Even family-owned businesses need an AUP if their employees have access to the Internet.
RISK
The requirement of their RISK policy includes understanding that the company’s reputation and assets could be endangered by employee abuse or misuse of the company’s network or computers. When a company understands that email, instant messaging, peer-to-peer and web surfing technology can leave them vulnerable to exploitation or network and system damage, they have identified the key elements around which they must design their AUP.
Once the basic requirements have been identified, the next step is to construct a policy that will protect both their network security and the company’s reputation. Since breaches in computer network security can lead to substantial regulatory fines judicial settlements that can cost billions and negative media attention that can seriously damage a company’s reputation, the design of a comprehensive and relevant AUP is more important than ever.
Design & Educate
First of all, the AUP should be explicitly written and clearly presented to all employees. It should be comprehensive, covering all rules, polices and procedures appertaining to P2P, Internet, Instant Messaging and email activities. The use of any vague language should be strictly avoided in an effective AUP. For example, stating that email is to be used for business purposes can leaves wiggle room for an employee to state he was using his email for business when he actually means “personal” business rather than correspondence pertaining to his job.
Instead, the AUP should detail exact use and abuse terms. For example, the company should detail that downloading music, video and other copyrighted materials is expressly forbidden. Employees should be notified that all communications whether of a personal or business nature are monitored and stored. The need for such monitoring should be explained as well as the penalty for employee abuse. Employees should be made to understand that use of company computers and protocols such as email, IM and P2P are not rights, but rather privilege given to them by the company.
Penalties ranging from written warnings all the way up to termination should be clearly explained. The comprehensive nature of the policies and procedures should be updated regularly in order to govern developing concerns such as blogging. New technologies and communication protocols are appearing daily – a company’s best acceptable usage policy should be flexible enough to accommodate these emerging threats.
Monitor & Enforce
Developing the AUP and educating employees is only the first step. The implementation system should also include how the company will monitor and enforce their internal AUP. In an ideal world, simply telling an employee to not exercise bad judgment might be enough. But employees can be mislead themselves and endanger a host network security system despite good intentions.
Whether a company chooses a hardware or software solution will affect how well they are able to monitor and enforce their AUP. Although the education of employees will assist in the enforcement of the AUP because the judicial system could find that a corporation has made a reasonable effort to keep their corporation free of hostility, harassment and other abusive behaviors, it will not be enough to keep your networks safe from outside intrusion, whether intentional or not
The AUP will reduce the vicarious liability that a company may endure but the vicarious liability factor is further protected when the written AUP is enforced through disciplinary actions and filtering solutions. A filtering solution can prevent employees from accessing sites, software and other connections that may violate the company’s AUP and endanger its networks and systems. This will eliminate employee error on many levels.
Whatever the chosen filtering solution, it should also monitor behavior in order to provide for disciplinary action on the part of the company as needed. As previously mentioned, disciplinary action can be applied in stages from written warnings to suspensions to termination of employment. These rules should be detailed specifically in the AUP and presented clearly to the employees so that expectations and rulings are clearly defined prior to any action being taken.
The Solution is the Solution
Defining the AUP requires identifying the risk management issues, key software vulnerabilities and required employee behavior. When an effective AUP is combined with disciplinary action that is clearly stated and effectively enforced, companies are protecting their employees, networks and finances. However, an AUP’s ultimate success will hinge a great deal on the type of filtering solution a company chooses.
A filter that not only enforces the AUP, but also monitors the behavior of the employees provides a double layer of protection.. A powerful and effective filtering solution is the final piece of the puzzle to developing, maintaining and enforcing the company AUP.
Article keywords: internet filters, internet filtering, internet monitoring
Article Source: http://www.articles32.com
iPrism internet filters and web filters provide internet monitoring and network security. internet-filters.stbernard.com
.: New Security Articles
1). Phishing - How to Avoid Getting Caught
Phishing - what is it and how do you avoid it? Find out how you can protect yourself from the newest member of the fraud family in this article.
2). Save Your Computer Files From Hackers
In everyday practice, we have always regarded a computer as the safest place to store our important information.
3). The Important Needs of a Virus Scanner
Having a reliable virus scanner on your computer is a necessity if you use the internet at all. There are so many viruses and forms of spyware out there that it can be difficult to keep up with them.
4). Your Complete Guide to Shopping Online Safely
A discussion about how to stay safe when shopping online.
5). She Chainsawed The Furniture!-Online Public Records Search
Find out who they really are with an online public records search and even find out what is on you. Government bodies are building databases of public records for public viewing, safety, knowledge, and for law enforcement that can be accessed online.
6). How To Handle Your Passwords
To make your passwords more secure you have to consider some easy rules for your password management.
7). How To Keep Your Home Wireless Network Secure
If you have even a passing interest in the topic of wireless network, then you should take a look at the following information. This enlightening article presents some of the latest news on the subject of wireless network.
.: Top Security Articles
1). Why Not to Start using CGI Proxy sites?
Everyone now these days is concerned with protecting their personal information form prying eyes on the web. With the continuing increase cases of stealing personal web identities, many people have been misdirected about what information needs to be hidden on line and the best way to achieve a more secure Internet environment. One of the most common ideas is that when you start using cgi proxy sites the security level increases.
2). Phishing And Fraud – What Is It?
Phishing is a very sneaky type of fraud conducted over the Internet. Its name is a throw back to the early days of hacking and identity theft and the practice of phone phreaking. While there can be very complicated schemes devised, they are all based on a very simple concept.
Phishers try to persuade you, or trick you into giving them sensitive information which they can then use to make money out of the system.
3). Why Do You Need A Registry Cleaner?
Before we understand the need of registry cleaner, let us understand what registry is and why you need a registry cleaner to enhance PC performance. Just as you would store your documents in a file, the Windows stores all information about your computer in a Registry, such as all the software and hardware settings, and everything about the system configuration.
4). E-mail Tracking -The Truth Is Revealed.
Have you ever wondered whether your boss, coworkers or family read your e-mails? Well, now you can track your sent e-mails.
In fact, there are many approaches to e-mail tracking. We all know the "read-receipt" system, in which you send an e-mail requesting a read confirmation. When the recipient reads your e-mail, he or she is asked by the software, "Would you like to confirm you received this e-mail?" Then the recipient may choose "No", and we will never get a confirmation.
5). Norton: The Free Security Software You Need
Computer viruses are becoming so hard to battle. The more the technology becomes booming the more these viruses become more notorious.
6). Combating Viruses with Security Software
Do you know the difference between a worm, a Trojan, and spyware? When selecting your security software know exactly what it will do.
7). The Importance of Parental Control Software
Protecting children is the responsibility of every parent, and it is vital for them to keep up with the ever changing threats faced by children as they navigate the Internet. Perhaps the most important tool to help with this is Parental Control software.