Under which category of an information security policy does AUP fall into?

Assume that you are a network administrator and the company has asked you to draft an Acceptable Use Policy (AUP) for employees.

Under which category of an information security policy does AUP fall into?
A . System Specific Security Policy (SSSP)
B . Incident Response Policy (IRP)
C . Enterprise Information Security Policy (EISP)
D . Issue Specific Security Policy (ISSP)

View Answer

Answer: D

Explanation:

An Acceptable Use Policy (AUP) is a type of Issue Specific Security Policy (ISSP) that outlines the constraints and practices that users must agree to in order to access the corporate network, endpoints, applications, and the internet. It is designed to provide guidelines for the appropriate use of an organization’s IT resources, including employee conduct, data usage, system access privileges, and the handling of confidential information. The AUP is a crucial part of the security policy framework as it directly addresses specific issues related to the acceptable use of IT resources by employees.

Reference: The categorization of AUP as an ISSP is consistent with standard information security policy frameworks and best practices123.