- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Acceptable Use: Whose Responsibility Is It?
- Abstract
- Responsibility for investigating acceptable computer use violations often falls within the scope of the Information Technology department of an organization, because that is where the technical expertise resides. Either the system administrator or a focused information security response team member becomes the coordinating point of the effort. But is acceptable use really an Information Security policy, or is it a Human Resources policy? Where does the Legal department fit into the equation? This paper focuses on the Information Technology and Information Security ramifications of acceptable computer use policy and attempts to show how responsibility can be shared with the less technical Human Resources and Legal departments. The goals of the policy are to (1) meet productivity goals of the Human Resources department; (2) meet liability concerns of the Legal department; (3) protect the organization's information and technical resources; and (4) meet the security goals of the Information Technology and Information Security departments.