You are a security engineer and discovered an employee using the company’s computer systems to operate their small business. The employee installed their personal software on the company’s computer and is using the computer hardware, such as the USB port. What policy would you recommend the company implement to prevent any risk of the company’s data and network being compromised?

An acceptable use policy (AUP) is a document stating what a user may or may not have access to on a company’s network or the Internet. A clean desk policy ensures that all sensitive/confidential documents are removed from an end-user workstation and locked up when the documents are not in use. Mandatory vacation policy is used by companies to detect fraud by having a second person, familiar with the duties, help discover any illicit activities. Job rotation is a policy that describes the practice of moving employees between different tasks. Job rotation can help detect fraud because employees cannot perform the same actions for long periods of time.