Problem 1: What are the three risks and threats of the user domain?
Problem 2: Why do organizations have acceptable use policies (AUPs)?
Problem 3: Can Internet use and e-mail use policies be covered in an acceptable use policy?
Problem 4: Do compliance laws, such as HIPAA or GLBA, play a role in AUP definition?
Problem 5: Why is an acceptable use policy not a fail-safe means of mitigating risks and threats within the user domain?
Problem 6: Will the AUP apply to all levels of the organization? Why or why not?
Problem 7: Why does an organization want to align its policies with the existing compliance requirements?
Problem 8: Why must an organization have an acceptable use policy (AUP) even for non-employees, such as contractors, consultants, and other third parties?
Problem 9: What security controls can be deployed to monitor users that are potentially in violation of an AUP?
Problem 10: Should an organization terminate the employment of an employee if he/she violates an AUP? Why?