An Acceptable Use Policy (AUP)
An Acceptable Use Policy (AUP)
In a more straightforward definition, an Acceptable Use Policy (AUP) is an outlined document that elaborates a set of described rules that are supposed to be followed by the users or customers of a set and existing computing resources, which may be a website, a computer network or even a large computer system (Doherty, 2011, pg. 209). It is an Acceptable Use Policy that guides the user on what is acceptable and what is not acceptable in handling these resources. AUPs are applicable in organizations in the process of deploying the networks for the internal uses like schools, universities, and commercial corporations.
One case example of an Acceptable Use Policy that is well-known is the Electronic Resource Acceptable Use Policy utilized in Amherst College. The Amherst College is among the most proactive colleges in the United States that have utilized technology advancement among the students, faculties, and the members of staff. The college is in full support of an intensive information-technology development even among the members of the community (Flowers & Rakes, 2000, pg. 365). The primary objective behind the implementation of this policy is to supplement the already existing set of standards through a clear description of the exclusive rights and responsibilities of the users that are attached to the use of the E-resources of the college.
At Amherst College, it is the role of the entire community to ensure the availability of high-quality Eresources that will benefit the College and all its constituents. To ensure integrity, the policy provides easy access to the resources of all persons without any limitation regarding faculty, alumni, staff or students basis. Among the constituent colleges that benefit from this policy includes Smith College, Hampshire College, University of Massachusetts Amherst, and Mount Holyoke College. These colleges use this Acceptable Use Policy in communication, creation, processing, storage, distribution, and disposal of the critical information to the users with a central control point at the Amherst main college. To ensure confidentiality, the college has utilized the main point at the college headquarter to make sure that all the information is under a central control among the users and the entire college constituents.
Even though the Electronic Resources Acceptable Use Policy at the Amherst College has gained popularity among the users, the college has an explicit access path to the College Electronic Resources without any limitation. Although this approach is a good intention to ensure availability of the resources to the users, the idea of removing the barriers of access to the information makes the situation arguably accessible to the hackers. This may raise the alarm among the users, with quite some users feeling unsafe in cases of very confidential information.
For any Acceptable Use Policy to work out effectively, the compliance measures must be put in place. Such platforms as COSO and ISO require effective data center operation control measures, and effective transaction management approaches. ISAC ‘S COBIT involves power supply measures that should remain strictly uninterruptible and a comprehensive Management Facilities section. In any case, an effective Acceptable Use Policy requires continuity and contingency plans and management.
The institution ensures compliance through the implementation of a general rule, and involvement of a team of knowledgeable internal auditors, who are prequalified, and they should report to a different member of the board. The internal auditors should embark on a test to ensure that the plans and processes meet the outlined compliance requirements. Oher measures that have been put in place to ensure compliance includes maintaining, testing and reassessing a business continuity plan that will provide the business operations are followed to the latter. Integrity and availability are the primary measures that every Acceptable Use Policy works towards safeguarding.
The continuity of any business operation requires critical risk mitigation approach or business impact assessment; a measure which will help identify the sensitive recovery objectives for all the critical systems of the organization in place. The risks that any organization might be vulnerable may come in different dimensions, and the management should ensure they have a concise approach that will ensure they identify the continuity-related risks that may come along with time. The standards, legislative measures, and directives that govern a particular organization should fit positively into the financial aspects of all the areas of the organization.
The risk mitigation procedures address various kinds of risks that strive to ensure the continuity of the organization and streamline the methods that the risk management team should abide by. The organization should operate effectively with appropriate locations in place, and appropriate mechanisms that will help reduce effects of system failures or damages that may result from such issues like fire outbreaks, terrorist attacks, fires, to mention a few. Uninterruptible power supply facilities and measures also contribute directly to risk assessment in the management of the acceptable use policy.
To be precise, there are various critical prevention mechanisms that the organization should put in place to ensure they avoid or systematically reduce the effects of any system failure or damages. An effective system policy is the one that provides there are appropriate security measures like security staff, closed-circuit TV cameras, physical security mechanisms, receptionists, security fences, and such measures like building design (Perks, 1997, pg. 148). The risk assessment area of any business unit that is aiming at achieving continuity should always be tested by qualified internal auditors, who should obtain a copy of risk assessment documentation, and ensure it complies with all the procedures of the Acceptable Use Policy in place.
Information system security policy applies to a specific domain or outlined set of computers in a given constitution. The Amherst College has heeded the controller security policy which helps the organization to involve several users concurrently. An effective information system security policy is that which is all-inclusive and that which can be accessed by an unlimited number of users, provided the appropriate security measures are put in place.
In conclusion, the awareness of the Acceptable Use Policy works well if the awareness measures are put in place in a timely and cost-effective manner. Microsoft Operating Systems (OS) and other operating systems are among the appropriate and affordable measures that can be used to ensure the awareness is put in place (Wu, 2010, pg. 198). The users are given a platform to control security measures like changing the password policy, account lock policy and other domain security measures and approaches. In other cases, the users may opt to use advanced control measures that will customize the domain security measures and policies.
Doherty, N. F., Anastasakis, L., & Fulford, H. (2011). Reinforcing the security of corporate information resources: A critical review of the role of the acceptable use policy. International journal of information management, 31(3), 201-209.
Flowers, B. F., & Rakes, G. C. (2000). Analyses of Acceptable Use Policies Regarding the Internet in Selected K–12 Schools. Journal of Research on Computing in Education, 32(3), 351-365.
Perks, D. J., Gavitt, D. R., & Olivo, J. J. (1997). Do you have an internet acceptable use policy?. Computers & Education, 29(4), 147-151.
Wu, H. C., Chou, C., Ke, H. R., & Wang, M. H. (2010). College students’ misunderstandings about copyright laws for digital library resources. The electronic library, 28(2), 197-209.