Scribd
Upload
184 views

IAP301 SE161501 Lab1

The document provides a scenario for a lab assignment to create an organization-wide acceptable use policy (AUP) for ABC Credit Union/Bank. The scenario outlines that ABC is a regional bank with multiple branches that wants to implement an AUP to be compliant with privacy laws and security best practices. The document includes instructions for students to create the AUP using a specific template that defines the policy statement, purpose/objectives, scope, standards, procedures, and guidelines. It also includes assessment questions about AUPs, their purpose, implementation, and relationship to compliance laws.

Uploaded by

Le Trung Son (K16HCM)
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
184 views

IAP301 SE161501 Lab1

The document provides a scenario for a lab assignment to create an organization-wide acceptable use policy (AUP) for ABC Credit Union/Bank. The scenario outlines that ABC is a regional bank with multiple branches that wants to implement an AUP to be compliant with privacy laws and security best practices. The document includes instructions for students to create the AUP using a specific template that defines the policy statement, purpose/objectives, scope, standards, procedures, and guidelines. It also includes assessment questions about AUPs, their purpose, implementation, and relationship to compliance laws.

Uploaded by

Le Trung Son (K16HCM)
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Lab #1 – Organization-Wide Security Management AUP Worksheet

Course Name: IAP301


Student Name: SonLTSE161501
Instructor Name: DinhMH
Lab Due Date: 6/1/2023
Overview
In this lab, you are to create an organization-wide acceptable use policy (AUP)
that follows a recent compliance law for mock organization. Here is your scenario:
• Regional ABC Credit union/bank with multiple branches and locations
throughout the region
• Online banking and use of the Internet is a strength of your bank given
limited human resources
• The customer service department is the moist critical business
function/operation for the organization
• The organization wants to be in compliance with GLBA and IT security best
practices regarding its employees
• The organization wants to monitor and control use of the Internet by
implementing content filtering
• The organization wants to eliminate personal use of organization owned IT
assets and systems
• The organization wants to monitor and control use of the e-mail system by
implementing e-mail security controls
• The organization wants to implement this policy for all the IT assets it owns
and to incorporate this policy review into an annual security awareness
training
Instructions
Using Microsoft Word, create an Acceptable Use Policy for ABC Credit union/bank
according to the following policy template:
ABC Credit Union
Organization-Wide Security Management Acceptable Use Policy

Policy Statement
The following policy will be applied for individual ABC Credit union/bank:
• Using a firewall to record traffic each time, the traffic log can only be
viewed by the administrator.
• Security personnel should monitor the machinery, computer, and system.
• In charge of reporting any theft, loss, or illegal use of an ABC Credit asset.
Purpose/Objectives
The purpose of this policy is to defined rules and requirements and applied to ABC
Credit union/bank employees. These rules and requirements are designed to
monitor and control use of the Internet and the email system. By implementing
content filtering and e-mail security control, the organization is in compliance
with GLBA and reduce the security risk of all the IT assets it owns.
Scope
This rule applies for all employees, contractors, consultants of ABC bank, including
3rd staff.
Standards
• Password policy
• Data protection on computers
• Policy on access company asset
• Policy on using social networks on computer
Procedures
Ask for strict control of the application of the policy and remind staff to use
specific documents to implement the policy.
Guidelines
All policy infractions must be dealt with in accordance with the guidelines in the
document.
Course Name: IAP301
Student Name: SonLTSE161501
Instructor Name: DinhMH
Lab Due Date: 6/1/2023
Overview
In this lab, create an Organization-Wide Security Management Acceptable Use
Policy (AUP), the student participated in a classroom discussion about what is
considered to be “acceptable use.” The weakest link in the seven domains of a
typical IT infrastructure was identified as the User Domain. When given a
scenario, the students created an organization-wide acceptable use policy for ABC
Credit Union/Bank.
Lab Assessment Questions & Answers
1. What are the top risks and threats from the User Domain?
Users and social engineering.
2. Why do organizations have acceptable use policies (AUPs)?
To safeguard the organizations and to pursue legal action If a violation occurs.
3. Can internet use and e-mail use policies be covered in an Acceptable Use
Policy?
Yes, an AUP will apply to everything done on work time and using work
equipment.
4. Do compliance laws such as HIPPA or GLBA play a role in AUP definition?
Absolutely, this should be used as a template for the AUP
5. Why is an acceptable use policy not a failsafe means of mitigating risks and
threats within the User Domain?
Because humans are fallible and we are powerless to stop them
6. Will the AUP apply to all levels of the organization, why or why not?
Yes, the AUP should be applied to all levels. Since it will protect employees,
reduce risk, and cover the company
7. When should this policy be implemented and how?
This policy should be put into effect on one day by explaining it to the employee
or holding the firm.
8. Why does an organization want to align its policies with the existing compliance
requirements?
It is logical to have the same policies since the organization will need to comply
with the law.
9. Why is it important to flag any existing standards (hardware, software,
configuration, etc.) from an AUP?
This will guarantee that everyone will understand the regulations and procedures.
10. Where in the policy definition do you define how to implement this policy
within your organizations?
In the middle of the AUP.
11. Why must an organization have an Acceptable Use Policy (AUP even for non-
employees such as contractors, consultants, and other 3rd parties.
Because it forces all workers, regardless of their status, to assume responsibility
for their work.
12. what security controls can be deployed to monitor and mitigate users from
accessing external websites that are potentially in violation of an AUP?
Use firewall or Websense to block specific sites and specific key words.
13. What security controls can be deployed to monitor and mitigate users from
accessing external webmail systems and services (i.e., Hotmail, Gmail, Yahoo,
etc.)?
Use firewall to check it.
14. What security controls can be deployed to monitor and mitigate users from
imbedding privacy data in e-mail messages and/ or attaching documents that may
contain privacy data?
Use mail-server to filter.
15. Should an organization terminate the employment of an employee if he/she
violates an AUP
Depending on how many times he or she violates it.

You might also like