Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

RE: Re: [FW1] OT - Acceptable Use Policy Legality
From: Jason Zann <jason.zann () maryville com>
Date: Tue, 21 Nov 2000 18:34:47 -0600

I would have to generally agree with the statements made below; however, it
is my experience the policies that are rigorously defined w/ specifics, are
very difficult to enforce. When giving advice on policy development, I take
the dictatorship approach, meaning no users have any rights and are held
liable for anywhere they go (i.e. web) or anything they send (i.e. email).
The idea here is that all rights are essentially taken away, and things like
'expectation of privacy' and the like are given back to the user community. 

Within the definition of the policies, I might suggestest using terminology
that makes it easiest for you to maneuver to enforce the policy. Use
examples, not specifics. example: unacceptable usage of the internet can
result in consequences up to and including termination. Examples of
unacceptable usage are: porn cruising, hate sites... you get the picture.
Make sure that the policy is in a public place (I prefer stapling to
everyone's forehead) however, a posting on an intranet, or having a monthly
email sent out with addendums should suffice. A login script that has to be
ok'd through to logon to the network is a  nice touch.

-----Original Message-----
From: CryptoTech [mailto:cryptotech () gmx de]
Sent: Tuesday, November 21, 2000 4:44 AM
To: Jeff Newton
Cc: firewall-wizards () nfr com; fw-1-mailinglist () lists us checkpoint com
Subject: [fw-wiz] Re: [FW1] OT - Acceptable Use Policy Legality

First of all, I'm not a lawyer, but in my job I encounter a LOT of large
using firewalls.  ALL of them that have AUP's require that the end user
sign a letter of acceptable use.  The reason is simple.  In the legal world,
is a '4 corners rule.'  That which is stated within the 4 corners of a
document that
is signed is legally binding.  This means that the letter should state what
acceptable or not acceptable (whichever is easier to define,) and the
of violating company policy.   IE, if you are caught looking at porn, you
will be
fired.  Sign here.


Jeff Newton wrote:

I'm looking for information regarding the legality of an AUP.  Is it
absolutely necessary to have every employee sign it or is it
sufficient to indicate the AUP is a condition of employment?

Can anyone offer some insight on the topic?  Any lawyers in the crowd?


Jeff Newton

     To unsubscribe from this mailing list, please see the instructions at


firewall-wizards mailing list
firewall-wizards () nfr com

firewall-wizards mailing list
firewall-wizards () nfr com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]