The Fulcrum GroupAcceptable Use Policies By Steve Meek, CISSP, MCSE, CCNA
Agenda Definition Why companies don’t have policies End Company Benefits Policy Guidelines Why we want to provide to clients Planning policies Resources to help Discussion
Definition a set of rules applied by the owner/manager of a network, website or large computer system that restrict the ways in which the network site or system may be used. AUP documents are written for corporations, businesses, universities, schools, internet service providers, and website owners often to reduce the potential for legal action that may be taken by a user, and often with little prospect of enforcement.
Why companies don’t have policies because hard to develop making people adhere means work communicating policies out getting all departments to accept policies too much work
End Company Benefits Improve user productivity Reduce legal liability Reduce stress on network and systems Set end user expectations
Planning policies Organize your team Develop your policies Implement your policies Adhere to a communication plan (use of newsletters, posters and email reminders) Maintain policies (ensure they adhere to changing company needs)
Resources to help If bound by compliancy- utilize those rules for policies Some Web Resources http://csrc.nist.gov/publications/PubsSPs.html http://www.sans.org/resources/policies/ http://www.scmagazineus.com/The-Five-Critical-Stages-of-Policy-Management/article/30346/ http://blogs.techrepublic.com.com/hiner/?p=467 http://www.ruskwig.com/security_policies.htm