1. What are the top risks and threats form the User Domain. Top risks are Users and social engineering
2. Why do organizations have acceptance and policies? (AUPS) In order to protect the company and for a legal action to take If there is a violation. 3. Can internet use and email use policies be covered in an Acceptable Use Policy? Yes anything done on work time and on work devices will be covered in an AUP 4. Do compliance laws such as HIPPA or GLBA play a role in AUP definition? Absolutely, this should be used as a template for the AUP.
5. Why is an acceptable use policy not a failsafe means of mitigating risks and threats within the User Domain? Because you cannot control humans
6. Will the AUP apply to all levels of the organization, why or why not? Yes this will apply to all levels from the lower level to the executive level. The AUP protects all employees. 7. When should this policy be implemented and how?
This policy should be in effect from day 1 of operation and periodically needs to be audited for weaknesses and vulnerabilities. 8. Why does an organization want to align its policies with existing compliance requirements? This way they do not have to do double work with keeping up with two policies and the organization will need to be compliant regardless so this makes sense to have the same policies. 9. Why is it important to flag any existing standards (hardware, software, configuration, etc.) from an AUP? This way there are no hidden surprises for anyone and everyone will be on the same page when it comes to policies and procedures 10. Where in the policy definition do you define how to implement this policy within you organization? In the middle of the AUP this way you can know the expectations before the implementations. 11. Why must an organization have an Acceptable Use Policy (AUP) even for non-employees such as contractors, consultants, and other third parties? Because it makes everyone responsible that works regardless of what type of...