Download presentation
Presentation is loading. Please wait.
Published byEvan Gray Modified over 9 years ago
1
James Fox Shane Stuart Danny Deselle Matt Baldwin Acceptable Use Policies
2
Concept Map
3
LaStreichmoors’s Questions 1.What kind of content is required in the AUP for our specific industry? 2.Is an AUP necessary in our industry? 3.What are the repercussions of not having one? 4.How will the implementation of an AUP benefit LaStreichmoor Inc.?
4
Acceptable Use Policies Set of rules applied by network and website owners. Integral to information security. Restrict the ways in which the network or web-site may be used. To protect Company's networks and equipment. To reduce the Unsolicited Commercial Email " Spam" that is flooding Company's mail server. To protect Company and its employees from activities that might expose them or Company to legal action. Example. Example.
5
Acceptable Use Policies Elements A preamble Explains why the policy is needed. A definition section Defines key words used in the policy. A policy statement Must tell what computer services are covered by the AUP and the circumstances under which employee/customer can use computer services.
6
Acceptable Use Policies Elements Cont. An acceptable uses section Must define appropriate employee/customer use of the computer network. An unacceptable uses section the AUP should give clear, specific examples of what constitutes unacceptable employee/customer use. A violations/sanctions section should tell employee/customer how to report violations of the policy or whom to question about its application.
7
Acceptable Use Policies Specific to Banking Security Strict security procedures are needed in the storage and disclosure of personal information. When personal information is requested on-line, it should be ensured that the users browser encrypts it. Cookies There should be a statement about 'cookies' is information that a website stores on your computer so that it can remember something about you at a later time. Cookies are commonly used on the Internet and do not harm your system. Application Information When a user applies for a product or service on the LaStreichmoor’s Bank website, there should be a statement concerning request for personal information that is needed to process your application. The information that is provided should only be used for the purposes described at the time of your application and where applicable in the Terms and Conditions that apply to the relevant product or service.
8
Acceptable Use Policies Specific to Banking Cont. Digital Banking There should be banking instructions concerning the use of secure Digital Banking services, for access to the users account.
9
About LaStreichmoor Inc. Online banking resource Most of customers in US, but expanding globally Worried about the security of their customers To this point they do not have an AUP Looking to find out if an AUP
10
Reasons for an AUP in banking? To protect customers To protect themselves Way to control storage of personal information Control employee contact with valuable information Help control application information
11
AUP Example The Royal Bank of Scotland Protecting customers privacy
12
Components of RBS AUP Security Ensure browser encrypts personal information “Secure Sockets Layer” Cookies Information a website stores about you Contains cookies that hold no valuable information about you Used in variety of ways Application information Information provided only used for purpose stated Digital banking instructions All information is confidential after you are “logged in” Information used for your instructions only
13
Is an AUP necessary in banking? Not necessary, but preferred! Banks deal with valuable information Must control use and storage of information Customers feel more comfortable with an AUP To be a trusted bank you need an AUP!
14
AUP Guidelines A strong AUP gives strict behavioral guidelines within a company for: Employees What behavior is allowed, both professionally and in a personal sense Customers Whether the company is a safe bet to do business with, and what their stance is on customer security Also gives managers a way of enforcing ethical and behavioral violations
15
Ramifications of no AUP No way of enforcing rule or law violations No real guidelines or ground rules there to follow in the first place No protection for private, sensitive customer information Third party or criminal infringement an issue Responsibility for online behavior is not established Very important issues in banking!
16
Example: Comcast Comcast Shuts Down Users Comcast Shuts Down Users In August of 2007, Comcast began hearing complaints fromcustomers who were unexpectedly being disconnected orsuspended from downloading Comcast reported that they had a bandwidth limit, andcustomers that continuously exceeded the bandwidth limitwere suspended for up to a year The company would send a warning to the customer to cutback on the amount of downloading Unfortunately, the phantom limit was not stated in Comcast’sAUP, leaving them open to lawsuits from customers
17
LaStreichmoor’s AUP Statement The AUP policy should: Protect company resources Limit liability outside of what is expressed in the AUP Establish a strong code of conduct for customers and employees Make sure customers are well informed of the best way to ensure their own protection Take measures to prevent against third party invasion Be updated consistently to keep up with current standards
18
Benefits of AUP Customer Security: Ensures customer that their cookies will not containconfidential information Lets the customer know there information will besecure and what methods of encryption will be used Allows the customer to feel confident whenconducting banking online with company.
19
Benefits of AUP Reduce the likelihood of legal liability Ensures the customers knows the risks involved withonline banking and is forced to accept them as termsof using the service Makes the customer agree to safe procedures in casethere is a problem with confidentiality
20
Our Recommendations LaStreichmoor should implement an AUP Follow model put forth by other banks AUP will ease the minds of customers Will make their bank more trustworthy Also will help take preventative measures to prevent identity theft Keep AUP consistently updated
21
Sources http://en.wikipedia.org/wiki/Acceptable_Use_ Policy http://en.wikipedia.org/wiki/Acceptable_Use_ Policy http://www.education- world.com/a_curr/curr093.shtml http://www.education- world.com/a_curr/curr093.shtml http://www.rbs.co.uk/corporate/electronic- services/g3/secure-messaging/aup.ashx http://www.rbs.co.uk/corporate/electronic- services/g3/secure-messaging/aup.ashx
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.