In light of your discovery as a security engineer that an employee is utilizing the company's computer systems for personal business, including the installation of personal software and use of computer hardware such as the USB port, what policy recommendations would you propose for the company to uphold in order to mitigate potential risks that could compromise the company's data and network?

An acceptable use policy (AUP) is a document that outlines the resources and activities that a user is permitted or prohibited from accessing on a company's network or the internet. A clean desk policy mandates that sensitive or confidential documents must be removed from an end-user workstation and securely locked up when not in use. Mandatory vacation policy is utilized by companies to detect fraudulent activities by having a second person familiar with the duties help identify any illicit actions. Job rotation is a policy that involves shifting employees among different tasks. Job rotation can aid in fraud detection because employees cannot perform the same actions for prolonged periods.