This policy should be in effect from day 1 of operation and periodically needs to be audited for weaknesses and vulnerabilities. 8. Why does an organization want to align its policies with existing compliance requirements? This way they do not have to do double work with keeping up with two policies and the organization will need to be compliant regardless so this makes sense to have the same policies. 9. Why is it important to flag any existing standards (hardware, software, configuration, etc.) from an AUP?
This way there are no hidden surprises for anyone and everyone will be on the same page when it comes to policies and procedures 10. Where in the policy definition do you define how to implement this policy within you organization? In the middle of the AUP this way you can know the expectations before the implementations. 11. Why must an organization have an Acceptable Use Policy (AUP) even for non-employees such as contractors, consultants, and other third parties?
Because it makes everyone responsible that works regardless of what type of worker they are. 12. What security controls can be deployed to monitor ad mitigate users form accessing external websites that are potentially in violation of an AUP? You can use services like Websense to block specific sites and specific key words. 13. What security controls can be deployed to monitor and mitigate users form accessing external webmail systems and services (i.e., Hotmail, Gmail, Yahoo, etc.)?
Depending on the organization there should only be work emails allowed. 14. What security controls can be deployed to monitor and mitigate users from imbedding privacy data in email messages and/or attaching documents that may contain privacy data? You could have any email that goes to a personal email address and non-authorized web based email blocked all together. 15. Should an organization terminate the employment of an employee if he/she violates AUP? Yes, chances are if someone is violating the AUP then they know they are and should be terminated.