Organization’s Responsibilities and Disclosures
The users are not the only ones with responsibilities according to your information security policies. The organization has a responsibility to let its users know what the policy says they are required to do and what it is going to do. Aside from being responsible, the organization has a legal obligation to disclose what they are doing, such as monitoring and collecting data crossing their network. Without the required disclosures, the courts have discounted data collected and policy violations by users.
Sometimes these policies are difficult to add to the AUP. There have been reports that users have looked upon these statements in a negative light. This has lead to an adversarial relationship ...
Get Writing Information Security Policies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
