Acceptable use policy (AUP)
A formal statement of policy signed by management and acknowledged by the user with their signature. This policy typically is enforced by the Human Resources department. The policy should state that computing resources are for company business only and that noncompany activities, including those related to religion or topics of questionable use, are prohibited. The AUP should state that possession of administrative system utilities and related system tools not specifically authorized are prohibited as contraband. This eliminates any excuses or misunderstanding and enforces separation of duties.
Access control list (ACL)
A table of user login IDs specifying each user’s individual level of access authorized ...