원클릭으로
acceptable-use
Behavioral expectations, professional standards, and responsible technology use
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Behavioral expectations, professional standards, and responsible technology use
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
GitHub Agentic Workflows (gh-aw) - markdown-based AI automation with 5-layer security, safe outputs, and Continuous AI patterns
gh-aw CLI usage, compilation, testing, debugging, add-wizard, and CI/CD practices for GitHub Agentic Workflows
Multi-agent coordination, orchestrator-worker patterns, /plan decomposition, and project coordination for GitHub Agentic Workflows
5-layer defense-in-depth security for GitHub Agentic Workflows - safe outputs, threat detection, AWF firewall, and zero-trust patterns
Continuous AI patterns from Agent Factory - issue triage, documentation sync, code quality, security scanning, and project coordination
GDPR compliance including privacy by design, data protection requirements, consent management, right to be forgotten, and data breach response
| name | Acceptable Use |
| description | Behavioral expectations, professional standards, and responsible technology use |
| license | Apache-2.0 |
| version | 1.0 |
| author | Hack23 AB |
| tags | ["acceptable-use","professional-standards","system-usage"] |
| category | security |
| frameworks | ["ISO 27001:2022","NIST CSF 2.0"] |
| related_policies | ["Acceptable_Use_Policy.md"] |
Enforce behavioral expectations and professional standards for information technology use, based on Acceptable Use Policy.
Key Principle: "Clear expectations create secure behaviors."
acceptable_practices:
authentication:
- strong_unique_passwords: per_access_control_policy
- mfa_enabled: all_business_critical_systems
- password_managers: approved_tools_only
- no_credential_sharing: never_share_passwords
data_handling:
- classify_data: per_classification_framework
- encrypt_sensitive: cryptography_policy_standards
- gdpr_compliance: privacy_policy_requirements
- secure_disposal: shred_or_wipe_sensitive_data
software_use:
- licensed_software: valid_commercial_or_oss_licenses
- security_updates: vulnerability_management_sla
- approved_apps: documented_in_asset_register
network_use:
- https_required: secure_connections_for_sensitive_data
- vpn_for_remote: network_security_policy_requirements
- no_public_wifi: for_unencrypted_business_access
professional_conduct:
- business_purpose_primary: limited_personal_use_acceptable
- reputation_protection: conduct_reflects_company
- confidentiality: no_unauthorized_disclosure
prohibited_activities:
illegal:
- hacking_unauthorized_access
- software_piracy
- illegal_content
- fraud_theft
malicious:
- introducing_malware
- circumventing_security
- data_theft
- sabotage
policy_violations:
- unencrypted_sensitive_data
- unapproved_software
- credential_sharing
- excessive_personal_use
reputation_damage:
- disclosing_confidential_info
- harassment_discrimination
- inappropriate_content
daily_routine:
start_of_day:
- use_strong_password: password_manager_autofill
- enable_mfa: google_authenticator_totp
- verify_screen_lock: automatic_5_minute_timeout
during_work:
- classify_documents: apply_classification_labels
- encrypt_communications: signal_for_sensitive_discussions
- vpn_for_aws: wireguard_for_console_access
end_of_day:
- log_out_all_systems: close_all_sessions
- secure_documents: lock_in_cabinet_or_encrypt
- shred_waste: cross_cut_shredder_for_sensitive
❌ Non-Compliant:
coffee_shop_work:
- no_vpn: direct_aws_console_access
- no_screen_privacy: client_data_visible
- public_wifi: unencrypted_network
✅ Corrected:
remote_work_controls:
location_assessment:
- data_classification: only_LOW_MEDIUM_in_public
- HIGH_CRITICAL: work_from_home_office_only
required_controls:
- screen_privacy_filter: prevents_shoulder_surfing
- vpn_required: wireguard_for_business_access
- screen_lock: immediate_when_leaving_seat
Policies: Acceptable Use, Information Security
Skills: physical-security, mobile-device-management, data-classification
Frameworks: ISO 27001 A.5.10, NIST CSF PR, CIS Control 16.8