An administrator discovers that a user is accessing a newly established website that may be detrimental to company security. What action should the administrator take first in terms of the security policy?
- Ask the user to stop immediately and inform the user that this constitutes grounds for dismissal.
- Revise the AUP immediately and get all users to sign the updated AUP.
- Create a firewall rule blocking the respective website.
- Immediately suspend the network privileges of the user.
Explanation & Hint:
The administrator should first review the existing Acceptable Use Policy (AUP) and the security policies of the company to determine the appropriate response. Typically, an administrator would take the following steps:
If the AUP and security policies do not currently cover this type of activity, then the administrator should work on revising the AUP to include it. However, this would typically be a follow-up action rather than the first step, as policies need to be clear and known to users before enforcement. Blocking the website through a firewall rule may be appropriate but should be done in accordance with the company’s change management procedures, ensuring that any changes to the network are properly documented and authorized. Immediate suspension of network privileges is generally considered a severe action and would typically be reserved for egregious or repeated violations, or where there is an imminent threat to the company’s network security. Therefore, the first action should be to ensure that the user’s activity is against the AUP, inform them of the violation, and proceed according to the company’s established disciplinary procedures. This approach upholds the principles of fair warning and due process. |