CIS 462 Acceptable Use Policy

Strayer CIS 462 Security Strategy and Policy, Case Study 1: Acceptable Use Policy, 6 pages, 1123 words, Graded A, Security Policies and Implementation Issues
An Acceptable Use Policy (AUP) is a very important policy within organizations to define acceptable employee behavior when accessing company resources. Additionally, there are also legal implications within AUPs. Use an existing AUP that you are familiar with, such as from a current or previous workplace, or search on the Internet for an example AUP to complete this case study.
Exclusive and Original document Available only on Course Answer
Write a three to five page paper in which you:
1. Describe the purpose of an Acceptable Use Policy you have selected and explain how the AUP helps provide confidentiality, integrity, and availability within the organization.
2. Critique the AUP you selected and provide recommendations for improving the AUP.
3. Explain methods that organizations can implement to help ensure compliance with the AUP, mitigate their risk exposure, and minimize liability. Describe how your selected AUP accomplishes these goals.
4. Describe methods for increasing the awareness of the AUP, and other policies, within the organization.

Download Now
(sent via email)

Discussion 1

From the e-Activity, describe the purpose of CIPA and whom it applies to. Determine why it is important for people attending schools and libraries affected by CIP A to know which schools and libraries must comply with CIP A versus those that do not. The Children’s Internet Protection Act (CIPA) is to protect children from gaining access to obscene or harmful content over the Internet. It states that schools or libraries that receive discounts for Internet access or internal connections that receive discounts through the E-rate program to make communication services and products more affordable must meet certain requirements. Congresses spending clause gives them the authority to enforce requirements for the funding that it gives out. The law only applies to the ones who receive the funding. It would be important for a parent who has a minor attending school or going to the library to know that there are legal requirements for the protection of their children on the Internet from being able to access inappropriate material., but they also may not be able to access some material they might need. If a school or library has to comply with CIP A they all must participate in being educated about proper online use. From thee-Activity, determine some of the legal and technical challenges and issues with the implementation of CIP A. The filtering of the content that a minor can look at is the primary concern. Technical issues could be the filtering technology software, The software companies make the decision on how the product works, not the school or library. Some pages are blocked that shouldn’t be blocked and a lot of times there is not a list of blocked URL’s disclosed. Legal issues would arise if their was unauthorized access or minors were doing unlawful activities online; also if their was unauthorized access to minors person information. If minors were not educated on proper online use it would be a violation of the Protecting of Children in the 21st Century Act.

Discussion 2

Select one of the seven domains of IT responsibility and describe what is encompassed within that domain from a security perspective. Include an explanation of the common security controls implemented within the domain that you selected. I chose to look at the user domain. The user domain refers to any end user acccessing information in any form. In simplest term, that means people, whether it be employees, customers, or partners. The user domain typically consists of several types of policies that focus anything related to users. There are the acceptable use policy, the email policy, the privacy policy, and the system access policies. Each of these policies address and outline expectations and requirements that the organization will abide by and that all users will abide by. Authentication and authorization are particularly important in this domain because it deals with controlling user access and privilege. Even though there are acceptable use policies and other policies that users agree to and abide by, it is still important to have technical controls to back them up as well. That means that users should be able to authenticate and become authorized to a system in some way. Some controls used for this domain would be mandatory training classes for policy awareness, complex password requirements, and issuing badges. Describe the business challenges associated with the domain you selected. Determine the security controls and policies needed to • overcome these challenges. “People” are any organization’s nightmare when it comes to security. Even with all of the technical controls and policies in place, it is very hard to control people, especially those with authorized access. In this domain, I would say that privilege escalation and other internal threats are probably the biggest challenge. Organizations have to trust and allow employees to have access to sensitive information, and even though they do their best to ensure they have respectable employees, people are always capable of anything. In order to counter these types of threats, there should be regular audits performed to make sure that databases and other sensitive areas are in order. Also, it is good to have constant training and awareness programs and reminders to make sure that employees understand their duties and honor them. The textbook mentions handling sensitive information in physical form, which is a good example of how vulnerable an organization is to the user domain. It is much easier to protect against a known threat, but because employees and customers are not the usual threats, it is hard to protect against them. Not to mention that employees can make mistakes. It could be a complete accident that leakes sensitve organization information, but the damage would be the same. Doing all that an organization can do to protect this area is crucial to maintaining a strong security posture.

Close Menu