Get immersion-style cyber security training from industry experts in Philadelphia. Save $150 thru 2/26!

Reading Room

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

Acceptable Use

Featuring 6 Papers as of October 26, 2015

  • Email Acceptable Use: Balancing the Needs of the Organization and the Need to Comply with National Labor Relations Board Rulings STI Graduate Student Research
    by Paul Hershberger - October 26, 2015 

    Organizations strive to enact policies that protect intellectual property, including the reputation of their brand, and support a productive work environment, while at the same time respecting employee privacy and freedom of expression. Despite good intentions, organizations sometimes discover that their existing policies suddenly conflict with the legal system. Unexpected legal rulings can arise as authorities assess how technology changes the workplace. What is acceptable policy within an organization one day may be in violation of law the next. This paper examines National Labor Relations Board (NLRB) rulings regarding the use of email by employees for protected purposes such as union organizing and then presents an analysis of the implications of those rulings. Suggestions as to how policies and practices must evolve to meet the needs of the organization are made, while also complying with the NLRB's interpretation of employment law.

  • Choosing corporate level instant messaging system and implementing audit controls by Mikko Niemelä - September 14, 2010 

    Instant messaging (IM) is an efficient way of real-time communication that enables messKageye,  ffiinlegearnpdrpinrte  s=e  nAcFe1t9r  aFnAs2fe7r  2oFve9r4t  h9e98InDte  FrDneBt.5B  DuEsi3nDes  Fs8cBa5n  b0e6nEe4fi  tAf1ro6m9  4IME4a6s   it is a cost-effective alternative for teleconferences by reducing phone call bills, need for meeting rooms and travel. IM systems can be hosted inside a corporate network or hosted off-site. In this paper we present criteria for choosing a suitable IM system and show how to implement reliable audit controls for the IM system using Snort rules.

  • How to Implement a Content Filtering System by Joshua Dean - March 2, 2004 

    This paper provides a guide for implementing a content filtering system, along with the basics of an Internet Usage Policy (IUP), installing devices for content filtering, and enforcing policy through disciplinary action.

  • Acceptable Use: Whose Responsibility Is It? by Patti Lawrence - March 20, 2002 

    This paper focuses on the Information Technology and Information Security ramifications of acceptable computer use policy and attempts to show how responsibility can be shared with the less technical Human Resources and Legal departments.

  • Internet Content Filtering by Carol Woody - January 9, 2002 

    The challenge to all organizations establishing access to the Internet is the inability to limit use of these capabilities to the specific content areas appropriate for the organization.

  • Attack of the 50-Pixel (Naked) Woman by Ben Malisow - August 18, 2001 

    The risky nature of downloading untrusted data, sexual harassment issues in the workplace, time wasted by unproductive employees, and simple bandwidth loss are all tangible concerns with associated real financial costs

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact

All papers are copyrighted. No re-posting or distribution of papers is permitted.

STI Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.