james fox shane stuart danny deselle matt baldwin acceptable use policies
Post on 17-Jan-2018
217 Views
Preview:
DESCRIPTION
TRANSCRIPT
James FoxShane Stuart
Danny DeselleMatt Baldwin
Acceptable Use Policies
Concept Map
LaStreichmoors’s Questions1. What kind of content is required in the AUP for our
specific industry?
2. Is an AUP necessary in our industry?
3. What are the repercussions of not having one?
4. How will the implementation of an AUP benefit LaStreichmoor Inc.?
Acceptable Use Policies
Set of rules applied by network and website owners.
Integral to information security. Restrict the ways in which the network or web-site
may be used. To protect Company's networks and equipment. To reduce the Unsolicited Commercial Email "
Spam" that is flooding Company's mail server. To protect Company and its employees from
activities that might expose them or Company to legal action.
Example.
Acceptable Use PoliciesElements A preamble
Explains why the policy is needed. A definition section
Defines key words used in the policy. A policy statement
Must tell what computer services are covered by the AUP and the circumstances under which employee/customer can use computer services.
Acceptable Use PoliciesElements Cont. An acceptable uses section
Must define appropriate employee/customer use of the computer network.
An unacceptable uses section the AUP should give clear, specific examples of what
constitutes unacceptable employee/customer use. A violations/sanctions section
should tell employee/customer how to report violations of the policy or whom to question about its application.
Acceptable Use PoliciesSpecific to Banking Security
Strict security procedures are needed in the storage and disclosure of personal information. When personal information is requested on-line, it should be ensured that the users browser encrypts it.
Cookies There should be a statement about 'cookies' is information that a
website stores on your computer so that it can remember something about you at a later time. Cookies are commonly used on the Internet and do not harm your system.
Application Information When a user applies for a product or service on the
LaStreichmoor’s Bank website, there should be a statement concerning request for personal information that is needed to process your application. The information that is provided should only be used for the purposes described at the time of your application and where applicable in the Terms and Conditions that apply to the relevant product or service.
Acceptable Use PoliciesSpecific to Banking Cont. Digital Banking
There should be banking instructions concerning the use of secure Digital Banking services, for access to the users account.
About LaStreichmoor Inc.
• Online banking resource
• Most of customers in US, but expanding globally
• Worried about the security of their customers
• To this point they do not have an AUP
• Looking to find out if an AUP
Reasons for an AUP in banking?
• To protect customers
• To protect themselves
• Way to control storage of personal information
• Control employee contact with valuable information
• Help control application information
AUP Example
• The Royal Bank of Scotland
• Protecting customers privacy
Components of RBS AUP• Security
• Ensure browser encrypts personal information
• “Secure Sockets Layer”
• Cookies
• Information a website stores about you
• Contains cookies that hold no valuable information about you
• Used in variety of ways
• Application information
• Information provided only used for purpose stated
• Digital banking instructions
• All information is confidential after you are “logged in”
• Information used for your instructions only
Is an AUP necessary in banking?
• Not necessary, but preferred!
• Banks deal with valuable information
• Must control use and storage of information
• Customers feel more comfortable with an AUP
• To be a trusted bank you need an AUP!
AUP Guidelines
A strong AUP gives strict behavioral guidelines within a company for:
Employees What behavior is allowed, both professionally and in
a personal sense Customers
Whether the company is a safe bet to do business with, and what their stance is on customer security
Also gives managers a way of enforcing ethical and behavioral violations
Ramifications of no AUP
No way of enforcing rule or law violations No real guidelines or ground rules there to
follow in the first place No protection for private, sensitive customer
information Third party or criminal infringement an issue Responsibility for online behavior is not
established
Very important issues in banking!
Example: Comcast Comcast Shuts Down Users
In August of 2007, Comcast began hearing complaints from customers who were unexpectedly being disconnected or suspended from downloading
Comcast reported that they had a bandwidth limit, and customers that continuously exceeded the bandwidth limit were suspended for up to a year
The company would send a warning to the customer to cut back on the amount of downloading
Unfortunately, the phantom limit was not stated in Comcast’s AUP, leaving them open to lawsuits from customers
LaStreichmoor’s AUP StatementThe AUP policy should:
Protect company resources Limit liability outside of what is expressed in the AUP Establish a strong code of conduct for customers and
employees Make sure customers are well informed of the best
way to ensure their own protection Take measures to prevent against third party invasion Be updated consistently to keep up with current
standards
Benefits of AUP Customer Security:
Ensures customer that their cookies will not contain confidential information
Lets the customer know there information will be secure and what methods of encryption will be used
Allows the customer to feel confident when conducting banking online with company.
Benefits of AUP Reduce the likelihood of legal liability
Ensures the customers knows the risks involved with online banking and is forced to accept them as terms of using the service
Makes the customer agree to safe procedures in case there is a problem with confidentiality
Our Recommendations
LaStreichmoor should implement an AUP
Follow model put forth by other banks AUP will ease the minds of customers Will make their bank more trustworthy Also will help take preventative
measures to prevent identity theft Keep AUP consistently updated
Sources
http://en.wikipedia.org/wiki/Acceptable_Use_Policy
http://www.education-world.com/a_curr/curr093.shtml
http://www.rbs.co.uk/corporate/electronic-services/g3/secure-messaging/aup.ashx
top related