Organization-Wide Security Management Policy
- What are three risks and threats of the User Domain?
- Why do organizations have acceptable use policies (AUPs)?
- Can Internet use and e-mail use policies be covered in an acceptable use policy?
- Do compliance laws, such as the Health Insurance Portability and Accountability Act (HIPAA) or GLBA, play a role in AUP definition?
- Why is an acceptable use policy not a fail-safe means of mitigating risks and threats within the User Domain?
- Will the AUP apply to all levels of the organization? Why or why not?
- When should an AUP be implemented and how?
- Why would an organization want to align its policies with existing compliance requirements?
- In which domain of the seven domains of a typical IT infrastructure would an acceptable use policy (AUP) reside? How does an AUP help mitigate the risks commonly found with employees and authorized users of an organization’s IT infrastructure?
- Why must an organization have an acceptable use policy (AUP) even for nonemployees, such as contractors, consultants, and other third parties?
- What security controls can be deployed to monitor and mitigate users from accessing external Web sites that could potentially be in violation of an AUP?
- What security controls can be deployed to monitor and mitigate users from accessing external webmail systems and services (for example, Hotmail®, GmailTM, Yahoo!®, etc.)?
- Should an organization terminate the employment of an employee if he/she violates an AUP?
Chapter 1 discussed the history of the vertically integrated corporate Chapter... Suppose the benefit and cost structure of a firm is: B(Q) = 100 Q – 2 Q 2...
Scroll to top
