Acceptable Use Policies for Web 2.0
What are you doing about Web 2.0 and formal acceptable use policies? As a blogger from a state known to be a leader in the use of technology in government, I get that question a lot. The answer: quite a bit right now.
In Michigan, we are in the process updating our current statewide accepable use policy policy, which you can read at: www.michigan.gov/pcpolicy. We hope to have a new policy in place by this Spring (2009).
Meanwhile, Federal Computer Week (FCW) just ran a few good articles on this topic. The first one was called: A new take on personal-use rules. Here's an excerpt:
"...But the proliferation of Web 2.0 technologies and the evolving regulatory compliance landscape have compelled many agencies to re-examine their acceptable-use policies. Security executives point out that many of the acceptable-use documents in use today predate the advent of blogs, wikis and social-networking sites. Policies may also fail to reflect the requirements of such regulations as the Payment Card Industry Data Security Standard and the Health Insurance Portability and Accountability Act."
I must admit that I am a bit shocked by a statement from an expert at the National Institute of Standards and Technology (NIST). Here is the quote: “From a technology perspective, we don’t do Web site blocking or content filtering,” Szykman said. “We do perform network monitoring, but it’s done to monitor how people are using our network in order to help IT management and operations, and to help ensure security.”
So NIST doesn't block websites that are downloading malware or known porn sites? If that is true, I think they have set themselves up for some major problems. I am concerned if this is the filtering example (or best practice) for the federal government - but that's for another blog.
A related article from FCW discussed: The limits of technology. What is clear to me from these and other recent articles on Web 2.0 and employee behaviors, is that we need to offer training and additional cultural change as we role out new acceptable use policies that allow Web 2.0 and also accountability.
What are your thoughts?
Reduce Email Archives up to 60%
Are you considering implementing a proactive archiving and eDiscovery solutions? This paper summarizes 15 separate soft cost savings when implementing Symantec Enterprise Vault and the Clearwell eDiscovery Platform.
Aberdeen Report: To Patch, or Not to Patch? (Not If, But How)
The report explores the correlation between the current use of patch management and the level of endpoint-related risk that companies are effectively accepting.
Recent Comments
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection

