This policy is designed to establish acceptable and appropriate use of computer and information systems, networks and other information technology resources at XYZ Credit Union. It is meant as an application of the principles of respect and reverence for every person that are the core of XYZ Credit Union Identity.
Purpose / Objective
Explain the concepts of Acceptable Use Policy (AUP) as applied to an IT infrastructure.
- Use of Information Technology Resources
- Technical Restrictions
- Network and Usage Transactions
- E-Mail Management requirements
- Network Management describes Multiple Locations and Internet Access
Use Policies have three primary purposes, one is to ensure compliance with all applicable federal, state and local law, second is to provide protection to all system that support the mission and functions of XYZ Union Bank, and Last was to safeguard and protect all It resources from anything other than authorized and intended use.
Technical and Security Policies needs to include assessments, notification and importance of this Thirteen Policies:
These Procedures were designed to balance five issues: (1) Protecting User’s Privacy; (2) Protecting the System or Network Administrator (SNA) in the performance of his or her job; (3) allowing routine administrative actions that might affect user’s files; (4) providing a mechanism to allow non –routine, non-emergency access to user’s files when it can be justified; and (5) providing guidelines for the occasional need to take immediate action. The ability of an SNA to read a user’s files does not imply that he or she may do so without obtaining the approval by these procedures.
- Routine Operations
- Non-Emergency Situations
- Emergency Situation
Administrative and implementing while respecting confidentiality and privacy, the XYZ Union Bank reserves the right to examine all multiple branches and operated computer systems and electronic/digital resources. The Company takes this step to enforce its policies regarding harassment and the safety of individuals; to prevent unauthorized reproduction or distribution of proprietary software; to safeguard the integrity of computers, networks, and data either; and to protect against seriously damaging consequences. The Company may restrict the use of its computers and network systems for electronic communications when faced with evidence of violation of policies, or federal or local laws and respond to all validly issued legal process, including subpoenas. The Company reserves the right to limit access to its networks through company-owned or other computers, and to remove or limit access to material posted or distributed on computers.
Answer for question 3-6
3. Risks or threats
- Creating, editing or deleting files on a shared network on another user’s file.
- Allows other user to modify client data or obtain sensitive information about product activities by providing access to different domain.
- Obtaining sensitive information by monitoring the network.
- Peer-to-peer trusted library
- It provides support for digital certificates and peer authentication
- IP Spoofing
- It suggested some way to avoid unknown users in monitoring sensitive information
- The article suggest to use random initial sequence numbering for the IP address so that unknown users such as hackers cannot easily get the IP address of the organization
- Health Care
- Must respect intellectual property, ownership of data, social system security mechanisms, and individuals’ right to privacy and freedom on information.
- Higher Education
- It establishes acceptable and appropriate use of information systems, computers and networks inside the school premises.
- U.S. Federal Government
- The information systems will not allow any unauthorized processes and transactions.
Proper analysis of the policy might get the possible risk and threat the information system might encounter on the future. Minimizing user in the information system can lessen any possible threats that may arise in the future. Maximizing policy procedure can protect the information system from any threats coming from unknown users. Proper analysis and risk management can help minimize and avoid risk in the information systems.