James Fox Shane Stuart Danny Deselle Matt Baldwin Acceptable Use Policies

Concept Map

LaStreichmoors’s Questions 1.What kind of content is required in the AUP for our specific industry? 2.Is an AUP necessary in our industry? 3.What are the repercussions of not having one? 4.How will the implementation of an AUP benefit LaStreichmoor Inc.?

Acceptable Use Policies  Set of rules applied by network and website owners.  Integral to information security.  Restrict the ways in which the network or web-site may be used.  To protect Company's networks and equipment.  To reduce the Unsolicited Commercial " Spam" that is flooding Company's mail server.  To protect Company and its employees from activities that might expose them or Company to legal action.  Example. Example.

Acceptable Use Policies Elements  A preamble  Explains why the policy is needed.  A definition section  Defines key words used in the policy.  A policy statement  Must tell what computer services are covered by the AUP and the circumstances under which employee/customer can use computer services.

Acceptable Use Policies Elements Cont.  An acceptable uses section  Must define appropriate employee/customer use of the computer network.  An unacceptable uses section  the AUP should give clear, specific examples of what constitutes unacceptable employee/customer use.  A violations/sanctions section  should tell employee/customer how to report violations of the policy or whom to question about its application.

Acceptable Use Policies Specific to Banking  Security  Strict security procedures are needed in the storage and disclosure of personal information. When personal information is requested on-line, it should be ensured that the users browser encrypts it.  Cookies  There should be a statement about 'cookies' is information that a website stores on your computer so that it can remember something about you at a later time. Cookies are commonly used on the Internet and do not harm your system.  Application Information  When a user applies for a product or service on the LaStreichmoor’s Bank website, there should be a statement concerning request for personal information that is needed to process your application. The information that is provided should only be used for the purposes described at the time of your application and where applicable in the Terms and Conditions that apply to the relevant product or service.

Acceptable Use Policies Specific to Banking Cont.  Digital Banking  There should be banking instructions concerning the use of secure Digital Banking services, for access to the users account.

About LaStreichmoor Inc. Online banking resource Most of customers in US, but expanding globally Worried about the security of their customers To this point they do not have an AUP Looking to find out if an AUP

Reasons for an AUP in banking? To protect customers To protect themselves Way to control storage of personal information Control employee contact with valuable information Help control application information

AUP Example The Royal Bank of Scotland Protecting customers privacy

Components of RBS AUP Security Ensure browser encrypts personal information “Secure Sockets Layer” Cookies Information a website stores about you Contains cookies that hold no valuable information about you Used in variety of ways Application information Information provided only used for purpose stated Digital banking instructions All information is confidential after you are “logged in” Information used for your instructions only

Is an AUP necessary in banking? Not necessary, but preferred! Banks deal with valuable information Must control use and storage of information Customers feel more comfortable with an AUP To be a trusted bank you need an AUP!

AUP Guidelines A strong AUP gives strict behavioral guidelines within a company for:  Employees  What behavior is allowed, both professionally and in a personal sense  Customers  Whether the company is a safe bet to do business with, and what their stance is on customer security Also gives managers a way of enforcing ethical and behavioral violations

Ramifications of no AUP  No way of enforcing rule or law violations  No real guidelines or ground rules there to follow in the first place  No protection for private, sensitive customer information  Third party or criminal infringement an issue  Responsibility for online behavior is not established Very important issues in banking!

Example: Comcast  Comcast Shuts Down Users Comcast Shuts Down Users  In August of 2007, Comcast began hearing complaints fromcustomers who were unexpectedly being disconnected orsuspended from downloading  Comcast reported that they had a bandwidth limit, andcustomers that continuously exceeded the bandwidth limitwere suspended for up to a year  The company would send a warning to the customer to cutback on the amount of downloading  Unfortunately, the phantom limit was not stated in Comcast’sAUP, leaving them open to lawsuits from customers

LaStreichmoor’s AUP Statement The AUP policy should:  Protect company resources  Limit liability outside of what is expressed in the AUP  Establish a strong code of conduct for customers and employees  Make sure customers are well informed of the best way to ensure their own protection  Take measures to prevent against third party invasion  Be updated consistently to keep up with current standards

Benefits of AUP  Customer Security:  Ensures customer that their cookies will not containconfidential information  Lets the customer know there information will besecure and what methods of encryption will be used  Allows the customer to feel confident whenconducting banking online with company.

Benefits of AUP  Reduce the likelihood of legal liability  Ensures the customers knows the risks involved withonline banking and is forced to accept them as termsof using the service  Makes the customer agree to safe procedures in casethere is a problem with confidentiality

Our Recommendations  LaStreichmoor should implement an AUP  Follow model put forth by other banks  AUP will ease the minds of customers  Will make their bank more trustworthy  Also will help take preventative measures to prevent identity theft  Keep AUP consistently updated

Sources  Policy Policy  world.com/a_curr/curr093.shtml world.com/a_curr/curr093.shtml  services/g3/secure-messaging/aup.ashx services/g3/secure-messaging/aup.ashx