Crafting an Organization-Wide Security Management Policy for Acceptable Use.

I’m working on a Computer Science exercise and need support.

  • What are three risks and threats of the User Domain?
  • Why do organizations have acceptable use policies (AUPs)?
  • Can Internet use and e-mail use policies be covered in an acceptable use policy?
  • Do compliance laws, such as the Health Insurance Portability and Accountability Act (HIPAA) or GLBA, play a role in AUP definition?
  • Why is an acceptable use policy not a fail-safe means of mitigating risks and threats within the User Domain?
  • Will the AUP apply to all levels of the organization? Why or why not?
  • When should an AUP be implemented and how?
  • Why would an organization want to align its policies with existing compliance requirements?
  • In which domain of the seven domains of a typical IT infrastructure would an acceptable use policy (AUP) reside? How does an AUP help mitigate the risks commonly found with employees and authorized users of an organization’s IT infrastructure?
  • Why must an organization have an acceptable use policy (AUP) even for nonemployees, such as contractors, consultants, and other third parties?
  • What security controls can be deployed to monitor and mitigate users from accessing external Web sites that could potentially be in violation of an AUP?
  • What security controls can be deployed to monitor and mitigate users from accessing external webmail systems and services (for example, Hotmail®, GmailTM, Yahoo!®, etc.)?
  • Should an organization terminate the employment of an employee if he/she violates an AUP?

"Looking for a Similar Assignment? Order now and Get a Discount!