PEER POST # 1?
Hello class, I hope everyone is doing well this week. Businesses have been giving their employees equipment like phones, pc’s, laptops, and such to use for work. Giving more ways to look into how employees work every day. Some businesses are now allowing their workers to bring their own devices. In these scenarios, they use mobile device management programs to ensure employees do not use the devices to compromise corporate IT systems. Also, they have created standard use policies that govern how and when to use the devices.
Different companies have acceptable use policies. Most acceptable use policies have three components: security, appropriate use, and copyright. With the security component, organizations ensure that users have secure passwords, the network, all its data are secure, and nobody else gains access without permission. The copyright component makes users honor the info they are dealing within the company. They are trusted to make sure the information they are using is protected and used in the right way. Businesses have written agreements that set up the rules for the Internet, social media, and email use. It shows the rules, online behaviors, and punishment that workers will face in case of a violation to the policy. The AUP must include a clause about internet monitoring. Businesses must let their employees know they are being monitored so that employees will make the right decisions and not violate the policies set in place.
Acceptable use policies are not always enough in protecting IT systems and info. Businesses have to include higher level people, like the CIO, security system administrators, and other IT professionals, to make sure the IT system’s decisions focus on reaching the bottom line, information security and assurance. The right business decision should be good information security governance and good information security. It gives resources and pushes for stronger security programs. It creates and implements policies, standards, guidelines, and procedures that help achieve security goals.
PEER POST # 2 ?
How do acceptable use policies govern IT systems in various industries?
Most companies provide its employees with company dedicated equipment such as laptops, smartphones, etc. There are also companies that allow BYOD, however in both cases of Company dedicated or BYOD, companies will use some type of Mobile Device Management (MDM) feature to ensure security from compromises. The MDM provides a platform that will allow the company to some sort of control of the devices, which is normally to securely allow certain access to specific company networks, or if a device is lost or stolen the company can immediately remotely wipe the phone back to its factory settings to preserve any information from being stolen. Acceptable use policies are to create some baselines for several procedures and standards employees must adhere to, thus, to ensure information is secure.
What are important components to include in AUPs?
Different companies have their own acceptable usage policies. Normally most acceptable use policies contain three components like security, appropriate use, and copyright. The security component ensures users use secure credentials, access the network, secure all its data and no access without permissions. Appropriate use normally covers communication. For example, rules for talking and texting. The copyright component requires the users to honor the integrity of the information being used within the company. It outlines rules, online behaviors, and consequences from a policy violation. The AUP must include a clause that describes internet monitoring which informs the users that monitoring applications are implemented as part of the security program.
What additional aspects of governance should organizations consider?
Acceptable use policies are usually not enough to secure systems and information. Companies should involve the users in the higher-level company hierarchy. “Good information security governance must consider information security a business decision. It provides resources and advocates for strong security programs. It also creates and implements policies, standards, guidelines, and procedures that help achieve security goals” Grama, J. L. (2014).
0 comments