Like this CertiGuide? Get it in PDF format!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search

Table Of Contents  CertiGuide to Security+
 9  Chapter 5:  Operational/Organizational Security (Domain 5.0; 15%)
      9  5.4  Policy and Procedures
           9  5.4.1  Security Policy

Previous Topic/Section
5.4.1  Security Policy
Previous Page
Pages in Current Topic/Section
Next Page  Due Care
Next Topic/Section  Acceptable Use

There is no single template that applies to all for Acceptable Use Policy. The Electronic Freedom Foundation has a large repository that serves as a guideline by individual industries430, as noted in the general FAQ from the site.

General guidelines include:

As much as possible use existing legislation and law enforcement mechanisms rather than creating your own.

  • Cite statutes or ordinances based upon which the authority to make this policy is based.

  • Make policies reasonable and narrow.

  • Have legal counsel check policy.

  • “Common sense, reason and sensitivity should be used to resolve issues in a constructive and positive manner without escalation.”

  • Train staff. Include empathy training.

  • Consider any policy that the limits access carefully.

  • Provide a clear description of the behavior that is prohibited so that a reasonably intelligent person will have fair warning.

Policies should be clear on a number of specific topics. Examples include:

  • Responsibility of users to protect the data they are using.

  • Modifying database entries.

  • Providing passwords or sharing user accounts with other workers.

  • Copying software.

  • Installing software or hardware.

  • Policies regarding email and web access.

  • Password requirements including how often they must be changed.

  • Remote access capabilities.

  • Auditing of computer accounts.

AUP Should Be Signed By All Employees

As with any legal document or contract, each employee should sign a copy of the AUP, signifying that he has read the document and agrees to the terms outlined in it. This makes it more difficult for the employee to claim ignorance of the policy at a later date.



Previous Topic/Section
5.4.1  Security Policy
Previous Page
Pages in Current Topic/Section
Next Page  Due Care
Next Topic/Section

If you find useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $

Home - Table Of Contents - Contact Us

CertiGuide for Security+ ( on
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al. Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.