Be sure to post an initial, substantive response by Thursday at 11:59 p.m. MST a

Be sure to post an initial, substantive response by Thursday at 11:59 p.m. MST and respond to 2 or more peers with substantive responses by Sunday at 11:59 p.m. MST. Be sure you write a substantive initial post, answer the question presented completely and/or ask a thoughtful question pertaining to the topic. Also ensure your substantive peer responses has a thoughtful question pertaining to the topic and/or has answers to a question (in detail) posted by another student or the instructor.
Response 1
Many of the companies I worked for utilized some form of an acceptable use policy (AUP). Many of the acceptable use polices contained varying levels of restrictions but most of the restrictions revolved around access to the internet. Typical restrictions included not visiting certain sites or using the company’s systems for personal use. Another one I see in AUPs identifies that anything on the company’s network is subject to monitoring and that I am guaranteed no expectation of privacy while using the company’s systems. This also includes personal devices that connect to the company’s email servers, to access email on my personal device. The policy does state that if I request to use a personal device on the company’s network my device then becomes subject to monitoring and forced security updates. I also found a different AUP depending on the job role. For example, since I have more access to the system, I am required to ensure, to the best of my abilities, that I don’t leak personal information about employees. The AUP also states that any software program must require approval before downloading to the system and that any attempt to circumvent the process will result in the loss of access to the network. From what I have seen my current employer uses kind of a standard AUP with amendments depending on the job role.
I never worked for a company that didn’t have any AUP for information technology. At a basic level, the companies always had some form saying that an employee couldn’t visit certain websites or use the internet inappropriately. These companies were typically small. The larger companies that I worked for almost always had a more in-depth or robust AUP that went into greater detail about the different polices. Like I mentioned, the company I work for now uses amendments for different job roles, due to different levels of access. Companies that have no AUP are asking for legal trouble because Whitman and Mattord (2019) state that AUPs don’t just meet legal requirements that are necessary to protect the organization and the jobs of the employees. Having no AUP just sounds like a company asking for legal trouble.
Response 2
Acceptable Use Policies (AUP) are usually given to the employees during the onboarding process are expected to be strictly followed by the employees. Given below are just a few of the general AUPs that are applicable to any organization including mine. Although the policies are security focused, these are written with the guidance of lawyers and can be used in a court of law, if the need arises. * Company Property: All Company Information Systems purchased, leased, rented or licensed using Company funds are Company’s property and should be treated as such by users. In addition, Company’s Information Systems are valuable assets, and the unauthorized use, alteration, or disclosure of these Company assets is a computer-related crime, punishable by law.
* Limitations on Use: Users of Company’s Information Systems shall use such systems only for legitimate Company-related purposes, and the personal use of these resources (except Incidental Personal Use as noted below), or for any commercial purposes is prohibited. Without limiting the foregoing, users shall not use Company’s Information Systems to solicit or proselytize for any commercial ventures, religious or political causes, or charitable organizations. Company reserves the right to limit personal privacy rights in the use of these resources. Users shall use Company’s Information Systems in a productive, professional, effective, ethical and lawful manner. * Incidental Personal Use: Users of Company’s Information Systems shall limit the time spent on personal calls, personal browsing of the Internet, and personal email through any such system to incidental use that shall not materially affect the system status, the material cost of the system, or interfere with the performance of their duties to the Company.
* Access Limitations: Users may not access Company computing and communication resources without appropriate authorization, and then only for the purposes for which such access is authorized. The Information Owner or the administrator of these resources shall approve a user’s access to Company’s Information Systems. Any attempt to access, or to assist in the access of Company’s Information Systems, through any unauthorized means is a violation of this Policy and may be subject to disciplinary action and/or criminal penalties.
* Data Protection: Users shall assure and protect the availability, confidentiality and integrity of any data stored on or transmitted through Company’s Information Systems, taking particular care with any financial data or any personally identifiable information (PII) relating to customers using security measures consistent with this Policy.
Note that the CIA Triad is also included of the AUPs. Inappropriate systems use arise once in a while and result usually in warnings to the first-time offenders. One such example was when a contractor accessed a system using another contractor’s credentials due to delays in setup of his own credentials. Both users and their management were given warnings and advised such behavior was not acceptable.