Acceptable Use

Definition: Acceptable Use, as part of an information security plan, describes to individuals within an organization what would constitute appropriate and inappropriate use of an information asset or resource. Written policies that describe when, how and who can use information resources should be specified in order to establish a valid security plan.

Its Relevance: An organization can encounter significant problems if its employees mis-use information system resources. For example, an employee who sends an inappropriate email could incur liability for the company. Unauthorized duplication of software or documents might be a copyright infringement. Adding or deleting records by a person who is unauthorized could be extremely dangerous to the integrity of an organization’s information resources. A company may very well find itself responsible for what has been referred to as "down stream liability".

Trend: A legal theory is evolving that is related to the responsibility of infrastructure owners. The concept is straight forward and simple. A company's Board is responsible for making a reasonable and prudent effort to prevent the use of information resources in a way that could potentially harm others. Network owners could be held liable for damages.

Every organization should have an "acceptable use" policy.

Return from "Acceptable Use" to Words [A - C]