Lab 1
1- What are three risk and threats of the user domain?
Top risks are users and social engineering
2- Why do the organizations have acceptable use policies (AUPs)?
The AUPs is very important to any organization. The organizations should have AUPs to a- Protect the organizations from any attack weather from inside or outside. The organization can do that by preventing the employees from downloading any services not needed that may be come with threat such as virus or any kind of malware. b- Protect the organization’s assets. For example, the organization should have AUP to demonstrate how, where, and when can the employees uses the mobile devices, computer or any organization’s assets c- Save the bandwidth. The organization, for example, has AUP for using the internet
By having a good AUPs, the organizations can save money and protect them self against attack that can lead to waste money too.
3- Can Internet use and e-mail use policies be covered in an acceptable use policy?
Yes it can. When using company resources to access and use the Internet, users must realize they represent the company. Whenever employees state an affiliation to the company, they must also clearly indicate that "the opinions expressed are my own and not necessarily those of the company".
4- Do compliance laws, such as HIPAA or GLBA, play a role in AUP definition?
HIPAA defines security guidelines that enforce the protection of privacy. Specifically, HIPAA protects the privacy of medical records including the transmission of these records.
GLBA requires all banks and financial institutions to implement financial privacy rule, safeguard rule and pretexting protection. Before we create AUP, we should review all the laws that relate to privacy, by doing that will prevent violate employees’ privacy further more will protect the company from prosecution.
5- Why is an acceptable use policy not a fail-safe means of mitigating risks and threats within the user domain?
Top risks are users and social engineering
2- Why do the organizations have acceptable use policies (AUPs)?
The AUPs is very important to any organization. The organizations should have AUPs to a- Protect the organizations from any attack weather from inside or outside. The organization can do that by preventing the employees from downloading any services not needed that may be come with threat such as virus or any kind of malware. b- Protect the organization’s assets. For example, the organization should have AUP to demonstrate how, where, and when can the employees uses the mobile devices, computer or any organization’s assets c- Save the bandwidth. The organization, for example, has AUP for using the internet
By having a good AUPs, the organizations can save money and protect them self against attack that can lead to waste money too.
3- Can Internet use and e-mail use policies be covered in an acceptable use policy?
Yes it can. When using company resources to access and use the Internet, users must realize they represent the company. Whenever employees state an affiliation to the company, they must also clearly indicate that "the opinions expressed are my own and not necessarily those of the company".
4- Do compliance laws, such as HIPAA or GLBA, play a role in AUP definition?
HIPAA defines security guidelines that enforce the protection of privacy. Specifically, HIPAA protects the privacy of medical records including the transmission of these records.
GLBA requires all banks and financial institutions to implement financial privacy rule, safeguard rule and pretexting protection. Before we create AUP, we should review all the laws that relate to privacy, by doing that will prevent violate employees’ privacy further more will protect the company from prosecution.
5- Why is an acceptable use policy not a fail-safe means of mitigating risks and threats within the user domain?