ironmonkus
Accidental CISOI swear, this acceptable use policy that I'm writing should just say:
"Use your computer for work. Don't be dumb, and we'll be cool."
Randy Rowland 
@accidentalciso
Throw a TL;DR at the bottom that says that 😂
Throw a TL;DR at the bottom that says that 😂
MatDef@accidentalciso Some users: “does being dumb include downloading copious amounts of pornography to my work device? Because I’m gonna keep doing that.”
RedGalahad 
@accidentalciso I just got finished doing all of our policies. I never thought I'd have to explain to someone why they should be locking a PC!
Oliver 
@accidentalciso Using my computer for work [on my secret startup that i'm moonlighting on]. Cool, thanks.
@accidentalciso in all seriousness, though, yes i wish we could have policies like that, but also https://dynomight.net/teaching/ applies here too :(
🛡️cr1mesc3ne🛡️@accidentalciso I can get behind this framework 🧐. Elegance in it's simplicity!
Theodore Peterson@accidentalciso I’m in the midst of the same task. I had 3 pages, Legal made it 18. Time to redline.
Lars Karlslund 
@accidentalciso lol, I had this discussion today with a customer.
Specifically it was "should we block porn using DNS" and the discussion then focused on whether it was better to let people use PornHub or block it and have them go to more obscure sites filled with malware.
Not really sure where we ended up, but "use common sense" was mentioned, and it was more about technical enforcement than policy about it
Larry@accidentalciso just add “don’t break the law or surf porn because we have your browser history and will send it to your partner, mom and grandmother if you do dumb stuff.”
David Seidl@accidentalciso Totally doable. You just need a standard that goes with it that defines dumb. 😆
Davis@accidentalciso highly recommend adding
“Use your work email for work purposes. Use your personal or burner email for personal purposes.”
Learned so much I didn’t want to know about coworkers back when I ran spam filtering at a past job.
Johnny Wheels @accidentalciso “don’t be a dumbass”
Dylan Owen@accidentalciso I had something similar on the security awareness slides I used to brief. If only the lawyers would let plainspeak exist in a policy 😀
Lady ParaBellum @accidentalciso if only people could resist the urge to be dumb for more than five consecutive seconds..
Will @accidentalciso I'm a big fan of AUP that give examples of yes/no examples. Make it something simple so it sticks with people.
Although, good grief. People really don't care
poxonus @accidentalciso "Stop doing stupid shit on your work computer" is my tldr AUP.
Avi Avivi@accidentalciso and in order to make it acceptable to auditors and customers you’ll need to add three pages of useless fluff.
Tim (They Call Me Tojo) Johnson@accidentalciso - Could have used a policy like that when an employee told me that if I didn't re enable Java on IE he couldn't upload his wife's blood sugar numbers and she could die (which would be my fault, of course).
Josh Lane@accidentalciso That feels like where AUP's always start. Then Legal and HR get their turns at improving the language...