There are two parts to any security policy. One deals with preventing external threats to maintain the integrity of the network. The second deals with reducing internal risks by defining appropriate use of network resources.. . .
There are two parts to any security policy. One deals with preventing external threats to maintain the integrity of the network. The second deals with reducing internal risks by defining appropriate use of network resources.

Addressing external threats is technology-oriented. While there are plenty of technologies available to reduce external network threats -- firewalls, antivirus software, intrusion-detection systems, e-mail filters and others -- these resources are mostly implemented by IT staff and are undetected by the user.

However, appropriate use of the network inside a company is a management issue. Implementing an acceptable use policy (AUP), which by definition regulates employee behavior, requires tact and diplomacy.

At the very least, having such a policy can protect you and your company from liability if you can show that any inappropriate activities were undertaken in violation of that policy. More likely, however, a logical and well-defined policy will reduce bandwidth consumption, maximize staff productivity and reduce the prospect of any legal issues in the future.

These 10 points, while certainly not comprehensive, provide a common-sense approach to developing and implementing an AUP that will be fair, clear and enforceable.

The link for this article located at ComputerWorld is no longer available.