Hands-On Workshop for GRC Professionals on Drafting an Acceptable Use Policy

The video provides a hands-on workshop for GRC (Governance, Risk, and Compliance) professionals on drafting an acceptable use policy (AUP) from scratch, targeting employees, contractors, and third-party users accessing company resources. It outlines a structured approach, beginning with defining the purpose and objectives (e.g., protecting resources, preventing unauthorized activities) and scope/applicability (e.g., all devices, networks, and systems owned by the organization). Key sections include roles and responsibilities (e.g., employees, IT, managers), policy statements (e.g., prohibiting password sharing, restricting device use to work purposes), and compliance/enforcement (e.g., disciplinary action up to termination). The video emphasizes peer review for clarity and completeness, offering policy templates and resources from sources like NIST, ISACA, and the SANS Institute, alongside tools such as Confluence, PolicyTech, and SharePoint for policy management. Supplemental materials include templates for information security, compliance, and IT operations, while Learning Management Systems (LMS) are suggested for training and compliance tracking. The exercise concludes with a focus on iterative refinement and leveraging external best practices to maintain effective policies.