Definition: The phrase "Appropriate Use" is a security concept that should be part of the behavior of all information infrastructure users on a routine basis. Employees should always use the software and hardware in a manner that is both legal and consistent with the organization’s security policies. Individuals who are authorized to use the information infrastructure must be completely attuned to relevant policies and be held accountable. Infrastructure owners must be able to document that appropriate training has taken place and avoid becoming liable for failing to practice "due diligence".
Its Relevance: An organization can find itself legally liable for damages in a variety of ways if the information infrastructure is applied in an unsuitable manner. For example, if an employee were to use computer systems to harass or stalk another individual the owner could be held liable.