Learn About SY0-201 – CompTIA Security+ (2008 Objectives)1 | 2 |
An acceptable use policy defines how users are allowed to employ company hardware. For example, an acceptable use policy, which is sometimes referred to as a use policy, might answer the following questions: Are employees allowed to store personal files on company computers? Are employees allowed to play network games on breaks? Are employees allowed to "surf the Web" after hours?
An information policy defines the sensitivity of a company's data. In part, a security policy defines separation of duties, which determines who needs access to certain company information. A backup policy defines the procedure that administrators should use to back up company information.
Acceptable Use Policy (PDF), http://www.sans.org/resources/policies/Acceptable_Use_Policy.pdf