Scribd
Upload
18 views

Lab 1 IAP301

This document provides instructions for students to complete a lab assignment to create an organization-wide acceptable use policy (AUP) for a mock organization. The AUP is to define the scope and standards for appropriate internet, email, and device use within the organization in order to comply with relevant privacy laws and security best practices.

Uploaded by

trungvdhe172721
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
18 views

Lab 1 IAP301

This document provides instructions for students to complete a lab assignment to create an organization-wide acceptable use policy (AUP) for a mock organization. The AUP is to define the scope and standards for appropriate internet, email, and device use within the organization in order to comply with relevant privacy laws and security best practices.

Uploaded by

trungvdhe172721
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

IAP301 - Lab 1

Lab #1: Craft an Organization-Wide


Security Management Policy for
Acceptable Use
INSTRUCTOR: Hoang Tuan Anh
[email protected]

Learning Objectives and Outcomes

Upon completing this lab, students will be able to complete the following tasks:

● Define the scope of an acceptable use policy as it relates to the User Domain
● Identify the key elements of acceptable use within an organization as part of an overall
security management framework
● Align an acceptable use policy with the organization’s goals for compliance
● Mitigate the common risks and threats caused by users within the User Domain with the
implementation of an acceptable use policy (AUP)
● Draft an acceptable use policy (AUP) in accordance with the policy framework definition
incorporating a policy statement, standards, procedures, and guidelines

The following student steps are required to perform

1. Logon to your classroom.


2. Discuss the risks and threats within the User Domain
3. Discuss what organizations can do to mitigate the risks and threats identified within the
User Domain. Explore issues related to the following circumstances:
a. User apathy towards policies
b. User inserts a CD or USB hard drive into the organization’s workstation
c. User downloads music, video, or other hidden malicious software or code
d. User loses productivity by surfing the web

1
e. User destruction or deletion of sensitive files and data
f. Disgruntled employee
g. Office romance “gone bad”
h. Employee blackmail or extortion
4. Open your web browser, and go to the following web sites:
a. https://www.facebook.com/legal/FB_Work_AUP
b. https://www.paypal.com/us/legalhub/acceptableuse-full
5. Review the key elements and scope of these sample acceptable use policies
6. Discuss how a risk can be mitigated within the User Domain with an acceptable use
policy (AUP)

2
Lab #1 – Organization-Wide Security Management AUP
Worksheet

Course Name: _____________________________________________________________

Student Name: _____________________________________________________________

Lab Due Date: _____________________________________________________________

Overview

In this lab, you are to create an organization-wide acceptable use policy (AUP) that follows a
recent compliance law for a mock organization. Here is your scenario:

● Regional ABC Credit union/bank with multiple branches and locations throughout the
region
● Online banking and use of the Internet is a strength of your bank given limited human
resources
● The customer service department is the most critical business function/operation for
the organization
● The organization wants to be in compliance with GLBA and IT security best practices
regarding its employees
● The organization wants to monitor and control use of the Internet by implementing
content filtering
● The organization wants to eliminate personal use of organization owned IT assets and
systems
● The organization wants to monitor and control use of the e-mail system by implementing
e-mail security controls
● The organization wants to implement this policy for all the IT assets it owns and to
incorporate this policy review into an annual security awareness training

Instructions

Using Microsoft Word, create an Acceptable Use Policy for ABC Credit union/bank according to
the following policy template:

3
ABC Credit Union

Policy Name
Policy Statement

{Insert policy verbiage here}

Purpose/Objectives

{Insert purpose of the policy as well as the objectives – bulleted list of the policy definition}

Scope

{Define this policy’s scope and whom it covers.

Which of the seven domains of a typical IT infrastructure are impacted?

What elements or IT assets or organization-owned assets are within the scope of this policy?}

Standards

{Does this policy point to any hardware, software, or configuration standards? If so, list them
here and explain the relationship of this policy to these standards.}

Procedures

[In this section, explain how you intend to implement this policy throughout this organization.}

Guidelines

[In this section, explain any road blocks or implementation issues that you must overcome and
how you will overcome them per the defined policy guidelines.}

Note: Your policy document should be no more than 3 pages long.

4
Lab Assessment Questions & Answers

1. What are the top risks and threats from the User Domain?
2. Why do organizations have acceptable use policies (AUPs)?
3. Can internet use and e-mail use policies be covered in an Acceptable Use Policy?
4. Do compliance laws such as HIPPA or GLBA play a role in AUP definition?
5. Why is an acceptable use policy not a failsafe means of mitigating risks and threats
within the User Domain?
6. Will the AUP apply to all levels of the organization, why or why not?
7. When should this policy be implemented and how?
8. Why does an organization want to align its policies with the existing compliance
requirements?
9. Why is it important to flag any existing standards (hardware, software, configuration,
etc.) from an AUP?
10. Where in the policy definition do you define how to implement this policy within your
organization?

You might also like