End User's Responsibility
Users have to take a certain amount of responsibility for the security of the computing environment, so it is reasonable for IT professionals to clearly articulate what is expected of them. When these expectations are not met, denial of privilege or restricted use can be invoked. This list represents some of the practices that system administrators should expect of end users:
The selection of nonobvious passwords is the first line of defense. The user also should be periodically forced to change the password.
The password must never be written down or revealed to associates.
When leaving the work area, the user should be instructed to invoke a password-controlled screen saver or to log off. Logoff must be enforced at the end of each work period.
The user should be made aware of basic file and folder permissions parameters. This is particularly true if she moves or copies files. Additionally, the user should be aware of the implication of allowing another user to take ownership of a file.
No user should import applications that are not specifically approved by the system administrator. This is one of the easiest ways to introduce viruses or Trojan horses.