The Language and Use of Acceptable Usage Policy - Essay Example

The Language and Use of AUPs Introduction Acceptable Usage Policy (AUP) protects the integrity of data. Recently, a large number of hacking events have been reported. This continuous increase clearly highlights that illegitimate use and access are globally preferred and used by hackers and terrorists. Keeping in view the growing number of reported hacking activities, it is highly essential that safety and security of virtual activities and access should be enhanced to more advanced level. This can only be done through developing and introducing new AUPs and other measures for detecting and preventing the unauthorized use and access of software programs, login and password information and other critical activities. In the following parts of this paper, usage reasons, such as detection of abuse, appropriate usage of technology and liability protection, have been detailed and discussed as well. It is followed by a description pertaining to international boundary, highlighting risk and complexity involved in detecting and preventing cyber crimes. Before the paper conclusion part, legitimate uses of AUPs with an example have been included. Definition of Acceptable Usage Policies (AUPs) Acceptable Usage Policy (AUP) refers to a set of policies that control and restrict access and usage of networks, systems, websites and information as well (Johnson, 2014). These are policies in which a range of user classifications, type of access, level of access, time of access and all those policy guidelines are provided which are highly essential for the related users. Additionally, policies not only highlight the given or provided accesses to the users but also stipulate restrictions which cannot and should not be violated by the users. Furthermore, the provided policies cannot be specified in a number of pages as they are developed by taking into account organisational factors, user requirements, legal and business framework in which the organisation operates; consequently, it can be deduced that the AUPs can be a long list of activities reflecting both dos and don’ts as well (Horwitz, 2003). In other words, it can be highlighted that general requirements or policies cannot be provided in the AUPs but only specific policies can be developed and that must be in cognizance with the related regulatory framework. For example, it is not possible for a Business 2 Business entity to develop an AUP by keeping in view the business model of Business 2 Customer entity because it will not be feasible and practical for the organisation to implement the AUP. Usage reasons Restrictions can be practically applied through enabling and controlling the access of users. The Internet is composed of numerous networks which have created their own virtual world in which they cross local, national and international boundaries and provide access to millions of users globally; so, in order to provide access only to legitimate users, it is highly essential to develop and implement AUP (Fielden, 2001). Detection of abuse Globally, hacking and other illegitimate activities have increased security threat for virtual organizations and users as well. In this type of activity, unauthorised users attempt to access to a particular account or network; for this purpose, the unauthorised user first steal login and password of the target user and after obtaining this information, use the stolen information for accessing to confidential or secure areas. Globally, hacking has become one of serious threats to the user privacy. And in order to reduce the chances of hacking, it is highly essential that organisation should develop their AUPs not only for protecting their users’ accounts and personal information but also for safeguarding organisation’s confidential information as well (Bleimann et al., 2007). Appropriate use of technology Technology can increase insecurity of users and common public. As mentioned above, technology in its very sense is not bad or disallowed but it is its use that can be good or bad. Currently, throughout the world, terrorist and extremist outfits are eyeing on the use of technology for damaging the global peace and insecurity. For this purpose, they can go to any extent. For example, many technology firms, in the Silicon Valley, are working on the use of big data, which has capacity to store, handle, process a very amount of data; and in its very sense, the data is and will be highly sensitive and confidential as well. In order to protect this critical data and only allow the appropriate and legal use of technology, it is highly imperative that firms only provide access and use to the positive and authorised users to access such information. Only allowing the legitimate access has capacity to prevent unauthorised access and use of technology. For example, SANS institute only allows those users (firms) that fully understand the legal ramifications of using the access; without understanding it properly, they do not provide user access to their clients (Edge, 2010). Liability protection Liability protection refers to avoid any current or future penalty that can be imposed because of knowingly or unknowingly allowing users to break any privacy or any other law (McBee, 2006). It has been observed that hackers normally have two objectives either to steal sensitive information or to harm the potential target by making its virtual operations or existence dysfunctional. In either case, if a hacker obtains unauthorised access and through this access, the hacker steals money or passwords of Federal Bureau of Investigation (FBI) or any other sensitive entity; the hacked entity would be in deep trouble if it has no AUPs or is unable to defend its case by providing evidence of hacking by the hacker. Through this measure, the hacked entity will be in a better position to protect itself from the potential penalty or liability that could be imposed if the hacked entity has no AUPs and proof of hacking. International boundary Transnational investigation of a virtual crime is hampered by the absence of the international boundary in the Internet (Bosworth and Kabay, 2002). The virtual world, known as the world inside the web of the Internet, has no inside physical boundary demarcating an international boundary line between countries which are non-virtually separate and have clear cut physical boundaries and effective law enforcement agencies for protecting the sanctity of their borders. On the other hand, the virtual world is borderless where every user has authority and access to leave its home and access to other country by accessing to their websites and other areas available inside the Internet. Under this condition, it is highly challenging for investigators to determine the scope of virtual crime and apprehend the cybercrime culprits. Additionally, till this point of time, there is no international legal regulation or law applicable to the activities taking place inside the web of the Internet (Jasper, 2012). Globally, the Internet is not purely regulated by any international law as there has been no consensus on terms and conditions applicable to governing the activities taking place inside the Internet. As a result, this has been gross failure on the part of the international community because they are still unable to grasp or fully understand the ramifications of allowing hackers and terrorists to use this technology and continue harming the entities and individuals whenever they want to do so. Usage of AUPs Fundamentally, the AUPs have been developed for facilitating users. They provide various types of facilities to the current and potential users. For the current users, the AUPs provide them user guide, user manual, login and password information, password retrieval information, privacy rights and accesses; additionally, they highlight user’s rights in the shape of claims and owner’s rights. Similarly, they also specifically mention certain happenings and the part of responsibility in such type of events. However, many users find and contend that the AUPs are unusually and excessively written and the additionally mentioned guidelines have little importance and use as well. For example, for a school or any academic institution, the prime and fundamental use of AUPs is to protect students and prevent access to the restricted websites besides providing user manual for accessing to the authorised websites (Provenzo et al., 2004). Based on this example, it can be extracted that AUPs are written by keeping in view the requirements of users and owners (entities). Without this consideration, developing an AUP will be little productive and useful for the current and potential users. Suggestions for improvements Customer specific An AUP must be developed by keeping in view the customer requirements. Fundamentally, the main users of the AUP are not web surfers or outside internet users but the customers of an entity. Consequently, it is highly essential that while developing the AUP, the developer should take into account the requirements of customers. At the same time, the developer should distinguish a common user from a special user. For the common user, AUP may not be stringent but for the special user, which is a subscribed or regular customer, the AUP should be constructed in a way that enables them to use and operate easily the required functions. Legal compliance An AUP must comply with the legal requirement. For this objective, it is highly essential that the developer should fully understand the legal framework in which the AUP will operate. If the developer finds it difficult to understand the legal aspect of AUP, the entity should hire the services of a legal expert and under the guidance of the legal expert, the AUP should be developed. Future liability establishment Some accesses are highly sensitive. Any unauthorised access can cost millions of dollars to an entity. Thereby, in order to determine and specify demarcation between user and service provider, it is essential to establish future liability in case of infringement of any legal position or legal right. This will enable both customer and owner to shield them from the future liability. And this process will work as a legal cover to the respective activities. Conclusion Detection and prevention of hacking and other cyber crimes can be controlled through the effective use and implementation of AUPs. The AUPs entail and detail policies controlling and restricting access and usage of information, systems and networks. The main usage objectives of AUPs include detection of abuse, liability protection and appropriate use of technology. However, despite having positive usage purposes, it has been observed that detection of abuse has remained a daunting task for investigators as the Internet has no international boundary separating one country from another. In that case, it is highly recommended that the AUPs should be developed by clearly stipulating the legal compliance requirements and by separating the legal rights between owner and user. By doing so, future liability will be easily ascertained and established as well. Additionally, it is highly recommended that the AUPs should be made by keeping in view the customer requirements. References Bosworth, S., & Kabay, M.E. (eds.). (2002). Computer Security Handbook. 4th edn. New York: Wiley. http://books.google.com.pk/books?id=rCx5OfSFUPkC&printsec=frontcover&dq=Bosworth,+S.,+%26+Kabay,+M.E.+%28eds.%29.+%282002%29.+%22Computer+Security+Handbook%22.+4th+edn.+New+York:+Wiley.&hl=en&sa=X&ei=251UVIThNLSQ7AbHt4DIAQ&ved=0CCQQ6AEwAQ#v=onepage&q&f=false viewed 29 October 2014 Bleimann, U.G., Dowland, P.S., & Furnell, S.M. (eds.). (2007). Proceedings of the Third Collaborative Research Symposium on Security E-Learning Internet and Networking. Plymouth: University of Plymouth. http://books.google.com.pk/books?id=M93S3qyyir0C&printsec=frontcover&dq=%22Proceedings+of+the+Third+Collaborative+Research+Symposium+on+Security+E-Learning+Internet+and+Networking%22&hl=en&sa=X&ei=SJxUVOLGOJfuaI_4gYgB&ved=0CBwQ6AEwAA#v=onepage&q=%22Proceedings%20of%20the%20Third%20Collaborative%20Research%20Symposium%20on%20Security%20E-Learning%20Internet%20and%20Networking%22&f=false viewed 30 October 2014 Dubrawsky, I. (2009). Comp TIA Security+ Certification Study Guide: Exam SYO-201. Miami: Syngress Publishing. http://books.google.com.pk/books?id=waDmmqRgBmIC&pg=PR3&dq=Comp+TIA+Security%2B+Certification+Study+Guide:+Exam+SYO-201&hl=en&sa=X&ei=OJ5UVPOzLM2V7AaP3YCQBg&ved=0CC8Q6AEwAQ#v=onepage&q=Comp%20TIA%20Security%2B%20Certification%20Study%20Guide%3A%20Exam%20SYO-201&f=false Viewed: 30 October 2014 Edge, C. (2010). Enterprise iPhone and iPad Administrator’s Guide. New York: Apress Publishing. http://books.google.com.pk/books?id=EoPxzGnlq_gC&pg=PP1&dq=%22Enterprise+iPhone+and+iPad+Administrator%E2%80%99s+Guide%22&hl=en&sa=X&ei=c55UVJjDJtSM7AaD0ICYBA&ved=0CBwQ6AEwAA#v=onepage&q=%22Enterprise%20iPhone%20and%20iPad%20Administrator%E2%80%99s%20Guide%22&f=false Viewed 31 October 2014 Fielden, N.L. (2001). Internet Research: Theory and Practice. 2nd edn. North Carolina: McFarland & Company. http://books.google.com.pk/books?id=mpWtJcHkYxIC&printsec=frontcover&dq=%22Internet+Research:+Theory+and+Practice%22+Internet+is+consisted+of+numerous+networks&hl=en&sa=X&ei=NptUVN-DCsmN7AaAjIFI&ved=0CCsQ6AEwAw#v=onepage&q=%22Internet%20Research%3A%20Theory%20and%20Practice%22%20Internet%20is%20consisted%20of%20numerous%20networks&f=false viewed 30 October 2014 Horwitz, J. (2003). Unix System Management Primer Plus. Indiana: SAMS Publishing. Retrieved: http://books.google.com.pk/books?id=-sue_SyjuCMC&pg=PA454&lpg=PA454&dq=%22Unix+System+Management+Primer+Plus%22+Acceptable+usage+policy&source=bl&ots=BXuqkg4_D0&sig=AotuBC8TzE9oLlpreLpCvYLgFVc&hl=en&sa=X&ei=MJlUVN--H-LV7Ab0s4DQDw&ved=0CB0Q6AEwAA#v=onepage&q=%22Unix%20System%20Management%20Primer%20Plus%22%20Acceptable%20usage%20policy&f=false Viewed 31 October, 2013 Jasper, S. (ed.). (2012). Conflict and Cooperation in the Global Commons: A Comprehensive Approach for International Security. Washington: Georgetown University Press. http://books.google.com.pk/books?id=Iw7r9n_Ck8AC&printsec=frontcover&dq=%22Conflict+and+Cooperation+in+the+Global+Commons:+A+Comprehensive+Approach+for+International+Security%22&hl=en&sa=X&ei=tJ5UVPCjBafW7Ab494DQDQ&ved=0CBwQ6AEwAA#v=onepage&q=%22Conflict%20and%20Cooperation%20in%20the%20Global%20Commons%3A%20A%20Comprehensive%20Approach%20for%20International%20Security%22&f=false Viewed 31 October 2014 Johnson, R. (2014). Security Policies and Implementation Issues. 2nd edn. Miami: Jones & Bartlett Learning. http://books.google.com.pk/books?id=UlktBAAAQBAJ&pg=PA81&dq=Acceptable+Use+Policy+%28AUP%29+%22Security+Policies+and+Implementation+Issues%22+page+81&hl=en&sa=X&ei=CYdUVIusC4qCPdzFgPgD&ved=0CBoQ6AEwAA#v=onepage&q=Acceptable%20Use%20Policy%20%28AUP%29%20%22Security%20Policies%20and%20Implementation%20Issues%22%20page%2081&f=false viewed on 31 October, 2014. McBee, J. (2006). Microsoft Exchange Server 2003 Advanced Administration. Indiana: Wiley. http://books.google.com.pk/books?id=AjNFn8RDDKkC&printsec=frontcover&dq=%22Microsoft+Exchange+Server+2003+Advanced+Administration%22&hl=en&sa=X&ei=4Z5UVPTONLSs7AaDtoHYBw&ved=0CCoQ6AEwAA#v=onepage&q=%22Microsoft%20Exchange%20Server%202003%20Advanced%20Administration%22&f=false viewed 31 October 2014 Provenzo, E.F., Breet, A., & McCloskey, G.N. (2004). Computers, Curriculum, and Cultural Change: An Introduction for Teachers. New York: Routledge. http://books.google.com.pk/books?id=YnNUQCKGOOAC&printsec=frontcover&dq=%22Computers,+Curriculum,+and+Cultural+Change:+An+Introduction+for+Teachers.%22&hl=en&sa=X&ei=O59UVNSPEMaQ7Aav1ICwCw&ved=0CBwQ6AEwAA#v=onepage&q=%22Computers%2C%20Curriculum%2C%20and%20Cultural%20Change%3A%20An%20Introduction%20for%20Teachers.%22&f=false Viewed 31 October 2014 Read More