Which of the following does an acceptable use policy relate to?

This policy details specific requirements for the use of all computing and network resources at the University of Rochester, including electronic and hardcopy data, information, and information assets.  Information resources and technology at the University of Rochester support the educational, patient care, instructional, research, and administrative activities of the University, and the use of these resources is a privilege that is extended to members of the University of Rochester community.  As a user of these services and facilities, you have access to valuable University resources, to high risk and/or moderate risk information, and to internal and external networks.  Consequently, it is important for you to behave in a responsible, ethical, and legally compliant manner.

In general, acceptable use means ensuring that the information resources and technology of the University are used for their intended purposes while respecting the rights of other computer users, the integrity of the physical facilities, the confidentiality of data, information, and information assets, and all pertinent license and contractual agreements.  If an individual is found to be in violation of the Acceptable Use Policy, the University may take disciplinary action, including restriction of and possible loss of network privileges or more serious consequences, up to and including suspension, termination, or expulsion from the University.  Individuals may also be subject to federal, state, and local laws governing many interactions that occur on the University’s networks and on the Internet.  These policies and laws are subject to change as state and federal laws evolve.

Purpose

This policy applies to all users of computing resources owned or managed by the University of Rochester. Individuals covered by the policy include, but not limited to, University faculty and visiting faculty, physicians, staff, students, alumni, contractors, volunteers, guests or agents of the administration, and external individuals and organizations accessing network services via the University’s computing facilities.

Computing resources include all University-owned, licensed, or managed hardware and software, data, information, information assets, University assigned user accounts, and use of the University network via a physical or wireless connection (including RESNET), regardless of the ownership of the computer or device connected to the network.

These policies apply to technology whether administered in individual departments and divisions or by central administrative departments.  They apply to personally owned computers and devices connected by wire or wireless to the University network, and to off-site computers that connect remotely to the University’s network services.

An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to a corporate network or the Internet. Many businesses and educational facilities require that employees or students sign an acceptable use policy before being granted a network ID.

An acceptable use policy is an integral part of your information security policy.

An Acceptable Use Policy is an important document that can demonstrate due diligence with regards to the security of your IT network and the protection of sensitive data in the event of a breach or regulatory audit.  This importantly protects the organisation from legal actions.

Sometimes referred to as an Internet Usage and E-mail Policy or Acceptable IT Use policy, an AUP policy provide statements as to what behaviour is acceptable from users that work in or are connected to a network.

Many surveys across the IT / IT Security sector such as SANS Institute and from vendors on the threat landscape help provide additional perspective on why an Acceptable Use Policy is critical for your organization.  Many of these studies reveal an increase in the loss of business data records over the past 3 years.  The most common entry point for threats into a network?  End user actions.

The arguments between productivity, protection and privacy can make mobile device security a difficult topic to address.  Users are now more comfortable blurring the lines between personal and work when it comes to personal mobile devices, not always thinking about the implications.  Most employees do not want to be the cause of a network breach or data loss, yet one in five will do so either through malware or malicious WiFi.  All it takes is one infection on one device to impact both corporate and personal data and networks.

We find many in the life-science / biotech sector either have basic UAP or not one at all.  Depending on the type of data that passes or is stored on your network, and who/what has access to your network – being lax on this, is a recipe for disaster.  An Acceptable Use Policy not enforced with appropriate systems relying on the end user alone to “do the right thing”, affords little protection.

Creating an effective AUP begins by collaborating with relevant stakeholders from human resources, finance, legal, IT, and security.  The questions below can provide a good starting point when creating your policy:

• When is it OK to send information outside the enterprise via e-mail, blogs and message boards, media sharing and instant messages – When is it not?
• What types of information is prohibited in the e-mail system? Personally, Identifiable Information? Payment data? Internal memos? Customer / patient / supplier data?
• What procedures will be necessary to discourage risky behaviour and enforce established policies? Who will be in charge of enforcing them?

As you create your AUP be sure to:

• Have an understanding of what records and data are vital to the survival of your organization and the internal and external forces that can affect them.
• Create policies that consider business assets, processes and employee access to files and data.
• Address employee-generated content, communication channels and connected devices.
• Evaluate security measures (physical and network-related) and potential solutions.
• Monitor and enforce policy via security technology and human oversight.
• Train employees to recognize risks and refrain from insecure behaviours.

A signed copy of the policy should be included in each employee file, backed up with your vital records and included in your business continuity plan.

If you need more info or would like your existing Acceptable Use Policies reviewed, please contact Exigence on 03-9568-5437 or [email protected]

What does an acceptable use policy relate to?

Which of the following best describes an acceptable use policy?

What is an acceptable use policy quizlet?

Which one of the following is a key element of an acceptable use policy?