Security Policy

In business, a security policy is a document that states in writing how a company plans to protect the company's physical and information technology (IT) assets. A security policy is often considered to be a "living document", meaning that the document is never finished, but is continuously updated as technology and employee requirements change. Our security policy may include an acceptable use policy, a description of how the company plans to educate its employees about protecting the company's assets, an explanation of how security measurements will be carried out and enforced, and a procedure for evaluating the effectiveness of the security policy to ensure that necessary corrections will be made.

An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to a corporate network or the Internet. 

Many businesses and educational facilities require that employees or students sign an acceptable use policy before being granted a network ID.

When you sign up with an Internet service provider (ISP), you will usually be presented with an AUP, which states that you agree to adhere to stipulations such as:

• Not using the service as part of violating any law
• Not attempting to break the security of any computer network or user
• Not posting commercial messages to Usenet groups without prior permission
• Not attempting to send junk e-mail or spam to anyone who doesn't want to receive it
• Not attempting to mail bomb a site with mass amounts of e-mail in order to flood their server

Users also typically agree to report any attempt to break into their accounts.