Part 1: Research Acceptable Use Policies (0/1 completed)
Note: In this part of the lab, you will review scholarly research on AUPs in order to form a basis for their purpose and usage. Understanding the reason for developing an AUP is key to understanding its component policies and procedures. Please take the time to review the research thoroughly and think through the concepts of the policy itself.
1. Using your favorite search engine, locate and read the following scholarly, peer-reviewed research article referencing AUPs:
Cramer, M., & Hayes, G. R. (2010). Acceptable use of technology in schools: Risks, policies, and promises. IEEE Pervasive Computing, 9(3), 37–44. https://doi.org/10.1109/MPRV.2010.42
Note: If you are unable to locate or access this research, find a similar scholarly, peer-reviewed article and provide a citation in your response.
2. Write a brief summary of the article. In your summary, focus on the need for an AUP and its key elements.
Part 2: Design an Acceptable Use Policy (0/1 completed)
Note: In this part of the lab, you will use what you learned from your research to design your own acceptable use policy.
- Review the example of an AUP on the SANS site: https://www.sans.org/reading-room/whitepapers/policyissues/acceptable-policy-document-369.
Note: While you evaluate the document, notice the following items:
- The policy mentions positions rather than specific names.
- The policy provides an overview of the topic but does not provide specifics on how a task will be completed. This point is the difference between a policy and a procedure.
- The policy provides references to other policies or resources that were used to create it.
Keep this example in mind as you prepare for the next steps.
2. Consider the following fictional organization, which needs an acceptable use policy (AUP):
- The organization is a local credit union with several branches and locations throughout the region.
- A major focus for the organization is online banking.
- The organization’s most critical business function is its customer service department.
- The organization wants to be in compliance with the Gramm-Leach-Bliley Act (GLBA) and IT security best practices regarding its employees.
- The organization wants to monitor and control use of the internet by implementing content filtering.
- The organization wants to eliminate personal use of organization-owned IT assets and systems.
- The organization wants to monitor and control use of the e-mail system by implementing e-mail security controls.
- The organization wants to implement this policy for all the IT assets it owns and to incorporate this policy review into its annual security awareness training.
Note: The best style for writing IT policy is straightforward and easy to understand. Avoid unnecessary wording and phrasing that could be understood more than one way. Write in concise, direct language.
3. Design an AUP for this fictional credit union, using the online example of the AUP as a template. Your policy does not need to be exhaustive, but it should outline the key components of an AUP and provide policy statements that address the above requirements. You may want to create your policy using word processing software on your local computer and then copy and paste the text into the deliverable field.
Challenge Exercise (0/3 completed)Note: The following exercise is provided to allow independent, unguided work using the skills you learned earlier in this lab – similar to what you would encounter in a real-world situation.
For this portion of the lab, you will utilize the AUP that you designed in Part 2. This exercise is designed to challenge your creativity by not providing industry guidelines or clues as provided in Part 2.
Select an industry other than banking. For example, you could choose manufacturing, higher education, or utilities.
Create a list of unique attributes of the business in your chosen industry.
Instead of creating an AUP, write a formal letter to the company’s CEO and board to explain the need for an AUP and your suggestions on the content of that policy.