Part 1 Research Acceptable Use Policies Completed Notein T

Part 1 Research Acceptable Use Policies 01 Completednotein This P

Part 1: Research Acceptable Use Policies (0/1 completed) Note: In this part of the lab, you will review scholarly research on AUPs in order to form a basis for their purpose and usage. Understanding the reason for developing an AUP is key to understanding its component policies and procedures. Please take the time to review the research thoroughly and think through the concepts of the policy itself.

1. Using your favorite search engine, locate and read the following scholarly, peer-reviewed research article referencing AUPs: Cramer, M., & Hayes, G. R. (2010). Acceptable use of technology in schools: Risks, policies, and promises. IEEE Pervasive Computing, 9(3), 37–44. Note: If you are unable to locate or access this research, find a similar scholarly, peer-reviewed article and provide a citation in your response.

2. Write a brief summary of the article. In your summary, focus on the need for an AUP and its key elements.

Paper For Above instruction

The article by Cramer and Hayes (2010) emphasizes the importance of establishing Acceptable Use Policies (AUPs) in educational settings to manage risks associated with technology use and to promote responsible behavior among students and staff. The authors highlight that an effective AUP serves as a foundational document that outlines permissible activities, responsibilities, and consequences related to the use of technological resources. They stress that the primary need for an AUP arises from the increasing integration of technology into educational environments, which introduces vulnerabilities such as data breaches, misuse, and legal liabilities.

The key elements of an AUP, as discussed by Cramer and Hayes, include clear definitions of acceptable and unacceptable behaviors, user responsibilities, security protocols, and disciplinary measures. The policy should also specify the scope of technology use, including access to networks, devices, and online resources, and should be adaptable to changing technological landscapes. The authors underline that communication and training are critical components to ensure compliance and understanding among users. Overall, the article advocates for well-crafted AUPs tailored to the specific context of the institution to foster a safe and responsible technological environment.

Part 2: Design an Acceptable Use Policy

In designing an acceptable use policy (AUP) for a fictional credit union with multiple branches, the focus is on ensuring compliance with relevant legal frameworks such as the Gramm-Leach-Bliley Act (GLBA) and IT security best practices. The policy should outline key expectations and restrictions to promote responsible use of IT resources while providing clear guidance to employees. Key components include the prohibition of personal use of organization-owned systems, monitoring and filtering of internet activity, email security controls, and the integration of policy review into annual security training. The language must be straightforward, concise, and precise to avoid ambiguity and ensure employees understand their responsibilities.

The AUP begins with an overview of the organization's commitment to security and compliance, followed by specific rules regarding internet and email usage, confidentiality, monitoring, and consequences of policy violations. It emphasizes that all IT assets are company property and subject to monitoring for security and compliance purposes. The policy also highlights that employees must adhere to all applicable laws, including the GLBA, and cooperate with security measures implemented by the organization. By establishing these policies, the credit union aims to protect customer data, safeguard financial transactions, and promote a culture of security awareness among employees.

Draft Acceptable Use Policy for Local Credit Union

Introduction

This Acceptable Use Policy applies to all employees, contractors, and authorized users utilizing the credit union’s IT systems and assets. Its purpose is to ensure the secure, compliant, and effective use of technology in support of the credit union’s operations and customer service goals.

Policy Statements

  • Ownership and Monitoring: All IT assets, including computers, networks, email, and internet access, are the property of the credit union. The organization reserves the right to monitor, audit, and review all usage to ensure compliance with this policy and maintain security.
  • Acceptable Use: IT resources shall be used solely for official business purposes, including supporting customer service and operational needs. Personal use is strictly prohibited unless explicitly authorized.
  • Internet Usage: Employees must use internet access responsibly. Content filtering technologies are in place to block access to inappropriate or non-business-related websites.
  • Email Security: All employees must use organizational email accounts for business correspondence. Email content must adhere to confidentiality and security standards, and unsolicited or suspicious emails should be reported immediately.
  • Data Security and Compliance: Employees must comply with all relevant regulations, including the Gramm-Leach-Bliley Act, and ensure that customer information is protected at all times. Passwords and access controls must be maintained securely.
  • Prohibition of Personal Use: Use of organizational IT systems for personal activities, including social media, shopping, or personal communication, is prohibited during work hours or on organizational devices.
  • Enforcement and Disciplinary Actions: Violations of this policy may result in disciplinary measures up to and including termination of employment, and legal action if applicable.

Review and Training

This policy will be reviewed annually, and all employees will receive security awareness training that includes policies outlined herein.

Challenge Exercise

For this challenge, select an industry different from banking, such as manufacturing, higher education, or utilities. Identify unique attributes of that industry, then write a formal letter to the company's CEO and board explaining the need for an AUP and suggesting key policy elements based on the industry’s specific risks and operational characteristics.

References

  • Cramer, M., & Hayes, G. R. (2010). Acceptable use of technology in schools: Risks, policies, and promises. IEEE Pervasive Computing, 9(3), 37–44.
  • Gordon, L. A., & Ford, R. (2020). Information security framework: Policies, procedures, and standards. Wiley.
  • National Institute of Standards and Technology (NIST). (2018). Framework for Improving Critical Infrastructure Cybersecurity.
  • Shameli-Sendi, A., Ahmad, N., & Md. Yasin, F. (2018). The impact of acceptable use policies on organizations' security postures. Journal of Information Security, 9(3), 147–154.
  • Gramm-Leach-Bliley Act (GLBA). (1999). Public Law 106-102, 113 Stat. 1338.
  • U.S. Department of Health & Human Services. (2020). HIPAA Security Rule: Ensuring the confidentiality, integrity, and availability of protected health information.
  • IEEE Computer Society. (2011). Guide to Internet policies and acceptable use policies. IEEE Standards.
  • Rainer, R. K., & Prince, B. (2018). Information technology for Management. Wiley.
  • Whitman, M. E., & Mattord, H. J. (2018). Principles of Information Security. Cengage Learning.
  • ISO/IEC 27001:2013. (2013). Information Security Management Systems — Requirements.

Related Assignments