Skills
skills/hack23/homepage/Acceptable Use

Acceptable Use

SKILL.md

✅ Acceptable Use Skill

🎯 Purpose

Enforce behavioral expectations and professional standards for information technology use, based on Acceptable Use Policy.

Key Principle: "Clear expectations create secure behaviors."

📚 Scope

  • 💻 System Access & Authentication
  • 📊 Data Handling & Privacy (GDPR)
  • 💾 Software & Application Use
  • 🌐 Internet & Network Use
  • 📱 Mobile Device & Remote Work
  • 📢 Communication & Social Media

⚙️ Security Rules

MUST Requirements

acceptable_practices:
  authentication:
    - strong_unique_passwords: per_access_control_policy
    - mfa_enabled: all_business_critical_systems
    - password_managers: approved_tools_only
    - no_credential_sharing: never_share_passwords
  
  data_handling:
    - classify_data: per_classification_framework
    - encrypt_sensitive: cryptography_policy_standards
    - gdpr_compliance: privacy_policy_requirements
    - secure_disposal: shred_or_wipe_sensitive_data
  
  software_use:
    - licensed_software: valid_commercial_or_oss_licenses
    - security_updates: vulnerability_management_sla
    - approved_apps: documented_in_asset_register
  
  network_use:
    - https_required: secure_connections_for_sensitive_data
    - vpn_for_remote: network_security_policy_requirements
    - no_public_wifi: for_unencrypted_business_access
  
  professional_conduct:
    - business_purpose_primary: limited_personal_use_acceptable
    - reputation_protection: conduct_reflects_company
    - confidentiality: no_unauthorized_disclosure

MUST NOT Prohibitions

prohibited_activities:
  illegal:
    - hacking_unauthorized_access
    - software_piracy
    - illegal_content
    - fraud_theft
  
  malicious:
    - introducing_malware
    - circumventing_security
    - data_theft
    - sabotage
  
  policy_violations:
    - unencrypted_sensitive_data
    - unapproved_software
    - credential_sharing
    - excessive_personal_use
  
  reputation_damage:
    - disclosing_confidential_info
    - harassment_discrimination
    - inappropriate_content

💡 Examples

Example 1: Secure Work Practices (Compliant)

daily_routine:
  start_of_day:
    - use_strong_password: password_manager_autofill
    - enable_mfa: google_authenticator_totp
    - verify_screen_lock: automatic_5_minute_timeout
  
  during_work:
    - classify_documents: apply_classification_labels
    - encrypt_communications: signal_for_sensitive_discussions
    - vpn_for_aws: wireguard_for_console_access
  
  end_of_day:
    - log_out_all_systems: close_all_sessions
    - secure_documents: lock_in_cabinet_or_encrypt
    - shred_waste: cross_cut_shredder_for_sensitive

Example 2: Public Space Work (Non-Compliant → Corrected)

❌ Non-Compliant:

coffee_shop_work:
  - no_vpn: direct_aws_console_access
  - no_screen_privacy: client_data_visible
  - public_wifi: unencrypted_network

✅ Corrected:

remote_work_controls:
  location_assessment:
    - data_classification: only_LOW_MEDIUM_in_public
    - HIGH_CRITICAL: work_from_home_office_only
  
  required_controls:
    - screen_privacy_filter: prevents_shoulder_surfing
    - vpn_required: wireguard_for_business_access
    - screen_lock: immediate_when_leaving_seat

🔗 Integration

Policies: Acceptable Use, Information Security

Skills: physical-security, mobile-device-management, data-classification

Frameworks: ISO 27001 A.5.10, NIST CSF PR, CIS Control 16.8

📋 Document Control

  • Version: 1.0 | Updated: 2026-02-10
  • License: Apache-2.0
  • Classification: Public
Weekly Installs
0
Repository
hack23/homepage
GitHub Stars
5
First Seen
Jan 1, 1970
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass