User Responsibilities
Policies covering user responsibilities should be used to allow the organization to define how they feel users should be using the connection to the Internet. Some of the organizations I have worked with have used this section to define the tone of their policies, especially considering these are the areas in which users are most interested.
Training
Users might think they do not need training to access the Internet, but the training I am referring to is not about access—it’s about having them understand their responsibilities. Organizations must be careful about how the type of traffic they allow represents their organization. Perceptions are important, and that should be brought forth in your training program.
Get Writing Information Security Policies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.