Presentation is loading. Please wait.

Presentation is loading. Please wait.

Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.

Published byBruce Heath Modified over 7 years ago

Similar presentations

Presentation on theme: "Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use."— Presentation transcript:

1 Appendix A: Designing an Acceptable Use Policy

2 Overview Analyzing Risks That Users Introduce Designing Security for Computer Use

3 Lesson 1: Analyzing Risks That Users Introduce What Is an Acceptable Use Policy Why An Acceptable Use Policy Is Important Common Vulnerabilities That Users Introduce

4 An acceptable use policy regulates how users may use a network. It determines: What Is an Acceptable Use Policy? User behavior Computers and applications usage Network resource usage User behavior Computers and applications usage Network resource usage Policy Users Computers Applications Network and Internet Resources

5 Why an Acceptable Use Policy Is Important External Attacker Internal Attacker AttackerThreatExample External User indiscretion An employee leaves her portable computer at home unattended and unlocked. Her child deletes critical files from the corporate network. Internal Unsupported application An employee installs an unauthorized application with known vulnerabilities on a computer that is connected to the corporate network. An attacker exploits the vulnerability to attack the network.

6 Common Vulnerabilities That Users Introduce AreaVulnerabilities Confidential information Public discussion of confidential data Weak passwords Computers and applications Theft or loss of computer Unsupported or unapproved applications Network Personal use of network Misuse of remote access accounts Internet access Personal use of the Internet Exposure of the network to malicious, offensive, or illegal content

7 Lesson 2: Designing Security for Computer Use Process for Designing an Acceptable Use Policy Guidelines for Acceptable Use for Users Guidelines for Acceptable Use of Computers and Applications How to Design Acceptable Use of a Network How to Design Acceptable Use of Internet Access Security Policy Checklist

8 When planning an audit policy, you must: Identify vulnerabilities to that users introduce. Determine how much access to grant users. Create clear and concise acceptable use policies. Gather feedback on proposed policies. Revise policies based on feedback and create detailed procedures before implementing the policies. Identify vulnerabilities to that users introduce. Determine how much access to grant users. Create clear and concise acceptable use policies. Gather feedback on proposed policies. Revise policies based on feedback and create detailed procedures before implementing the policies. 1 1 3 3 4 4 2 2 Process for Designing an Acceptable Use Policy 5 5

9 The following guidelines help create an acceptable use policy: Define how users share and discuss information. Educate users about how to create strong passwords. Limit the use of an account to one individual. Grant local administrator rights only when necessary. Prohibit users from sharing accounts and passwords. Define how users share and discuss information. Educate users about how to create strong passwords. Limit the use of an account to one individual. Grant local administrator rights only when necessary. Prohibit users from sharing accounts and passwords. Guidelines for Acceptable Use for Users

10 Guidelines for Acceptable Use of Computers and Applications ResourceDefine Computers Intended and prohibited use of workstations Authorized operating systems and necessary patches Baseline security measures for workstations Guidelines for physical security of workstations Data that can be stored on workstations Applications Required applications Optional applications Prohibited applications

11 For network resources, define: Computers that can access the network. Rules that determine user access to internal resources. Methods and restrictions to storing data. Use of remote access. Computers that can access the network. Rules that determine user access to internal resources. Methods and restrictions to storing data. Use of remote access. How to Design Acceptable Use of a Network

12 How to Design Acceptable Use of Internet Access Define policies for how users use Internet services, such as: Web browsing E-mail Instant messaging File sharing programs Web browsing E-mail Instant messaging File sharing programs

13 Security Policy Checklist Create policies and procedures for acceptable use of: Computers and applications. Access to the network. Internal network applications and resources. Internet applications and resources. Computers and applications. Access to the network. Internal network applications and resources. Internet applications and resources.

Download ppt "Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use."

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Northside I.S.D. Acceptable Use Policy 2009-2010.

Northside I.S.D. Acceptable Use Policy
Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Policy 6460 Staff Use of Computerized Information Resources Regulation 6460 R-Staff Use of Computerized Information Resources Regulation 6460 R.2 Staff.

Policy 6460 Staff Use of Computerized Information Resources Regulation 6460 R-Staff Use of Computerized Information Resources Regulation 6460 R.2 Staff.
Appendix B: Designing Policies for Managing Networks.

Appendix B: Designing Policies for Managing Networks.
Information Security Policies and Standards

Information Security Policies and Standards
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Access to Electronic Media Acceptable Use Policy August 8, 2011 Meece Middle School.

Access to Electronic Media Acceptable Use Policy August 8, 2011 Meece Middle School.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.

ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.
Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.

Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Similar presentations

Ads by Google