Title of the Issue: DEVELOPING AND IMPLEMENTING AN ACCEPTABLE USE POLICY IS ONE OF THE FIRST STEPS IN CREATING A COMPANY WIDE CULTURE OF TECHNOLOGY RISK MANAGEMENT.
Title of the Article: Privacy and Security
Source:https://www.itispivotal.com/post/how-to-create-an-acceptable-use-policy
Author: BETH STEWART


a) Summary Narrative:
            Sometimes referred to as an Internet Policy, an Acceptable Use Policy (AUP) is a formal set of rules governing computer, network and data usage that can help limit your exposure to data breaches, minimize cyber risks and protect your business’ reputation. Recent technology developments, laws and regulations have made creating an effective AUP more challenging.
Cybersecruity training can help to ensure end-users adhere to your AUP.   When the reasoning behind your policy is understood, employees are more likely to recognize the value of it and to adhere to it.  By educating your employees about how quickly your entire network can be infected by irresponsible browsing, a stealthily malware downloaded onto a single computer or connecting an unauthorized personal device, you are also helping them understand your policies are not meant to “micro-manage” or deny them all access rights to the internet.



b) What lesson have you learned?
            I have learned the vital role of Acceptable Use of Policy (AUP) in the security of our network. And the important elements to consider including when creating and customizing an effective Acceptable Use Policy. One of the most important parts of your Acceptable Use Policy is the Code of Conduct, which outlines the expectations and behavior for end users while connected to your network. Prohibited activities should be clearly defined and include items such as activities that violate any local, state or federal laws, disclosing or sharing confidential information about your company, its clients or partners, using appropriate language online, ensuring activities do not disturb or disrupt other users on the network. As an employer, your policy regarding on business interests, should include a clear definition of business use, inform employees of expected ethical conduct while using these resources, and their accountability for all use of corporate accounts.  
And if you allow personal devices of any kind they need to be included as part of your Acceptable Use Policy.   Rules for what organizational data is allowed on personal devices and expectations for how that data is accessed, transmitted and stored should be clearly outlined.  You should also address any required mobile device management software, antivirus software, security controls, identity management measures and remote wipe tools.
Social Media platforms can offer tremendous benefits for marketing and communication, but they can also pose serious security risks. Some of the greatest risks are the accidental disclosure of sensitive information, and accounts being compromised by phishing/malware attacks either directly or through password reuse and single sign on.  Your Acceptable Use Policy can provide you the ability to actively put restrictions in place to help you mitigate security risks and limit the amount sensitive information shared on social sites.

c) What suggestions can you offer?
            The suggestions I can offer is to arm ourselves with as much information as possible to customize our policy to fit our unique processes and operations.  An effective policy not only outlines the rules (and the potential consequences for breaking them), explained why the rules existed. Your AUP should clearly define the systems, devices, communications and information that fall within the policy’s scope.  Don’t forget to include often overlooked items such as password requirements, corporate text messaging, voice-mail, storage media, and company software and cloud computing accounts.
Arming yourself with industry specific security information can help you craft an acceptable use policy to addresses your specific risk factors.  Knowing that your industry may be a target can also help you advice and educate your employees accordingly which can help to lessen the chances of a successful attack.
There are many options to help you discreetly enforce your Acceptable Use Policy such as restricting access to sensitive information, configuring laptops and desktops to prevent installation of applications and content filters and/or firewall rules to block prohibited activities. 



Comments

Post a Comment

Popular posts from this blog

Lesson 1: ICT Competency Standards for Philippine Pre-Service Teacher Education

I learned that hav ing Information, Communication, and Technology (ICT) in our curriculum is significant because every future teacher teachers should possess/should be computer literate and as we are also part of 21 st century learners, we should know how to utilize the ICT resources to make good quality teaching-learning process. It can also make our work easier when it comes to making or printing out designs for classroom learning environment, facilitating a variety of effective assessment and evaluation strategies such as collecting and analyze data, interpreting the results, communicate findings and also in collaborating with colleagues to access information in support of professional learning. By the use of technology tools we can include images, videos, audio and readable texts in teaching and it would become more interesting especially for elementary grades. I felt that maybe I should explore more about the ICT in order to familiarize and develop my skills in using computer ...
Read more

Online Resources, Educational Sites and Portal.

The Profile of a Modern Teacher             Others says that 21 st century teachers are not experts in technology – they are experts in habits of mind. Maybe because of the rapid change of technology regarding on promoting quality teaching-learning process so some teachers have difficulty to cope up with the rapid change because they were used to some habits of mind.   Some modern teachers see themselves as co learners, not teachers because they are still in the process of learning or adjusting from the development of technology when it comes to teaching-learning process. They need also to step outside their comfort zone in order to practice and demonstrate proficiency in the development and utilization of ICT in promoting quality teaching-learning process. Embrace change and allow yourself to fail often, practice makes good because there is no such perfect. Allow your students to teach each other because some students kno...
Read more