End users are actively informed on the organisational policies regarding acceptable use of assets. Organisationally offered IT assets and services must be used for professional purposes, the usage of free/private alternatives is not allowed.
Templates & References
Specification
At a minimum, an acceptable use policy is formulated and communicated covering the expected behavior of end-users regarding information, systems, applications, infrastructure and hardware made available to them and specifying what users can expect from the IT department(s) in terms of monitoring and enforcement of rules.
Secure Terms of Use cover at least:
- What’s allowed
- What’s not allowed
- Reporting security issues
- Sanctions
- Network performance
- Solving network problems
- Monitoring security
- Fixing vulnerabilities for which the user is responsible
- Reporting Security Incidents
If Terms of Use are not followed, the usage of the IT assets and services can and should be suspended until the associated risks are addressed.
ISO 27001 & 27002:2022
5.2,
A5.1,
A6.3
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
GO.02 Beleid