Rules provide direction and assist employees to become independent and self-reliant. Businesses and owners operate under these principles in order to create repetitive systems that increase profits and/or work flow. Usually, any deviation from the plan results in inefficiencies, redoing work, wasted time, and et cetera. Your company's information system (IS) should operate no different from the other business functions, with rules, policies, and guidelines. Every employee should know what they can and cannot do when using the IS, whether that be installation, configuration, or general daily use. This should be recorded through a form called the Acceptable User Policy (AUP) which describes what is not only allowed or not, but what the potential punishment could be. After the AUP is created, technical controls should be put into place to monitor the the employees use and to ensure the traffic is authorized according to the policy. After technical controls are implemented and tested, each user should sign the AUP proving they read and understand the rules. Furthermore, every system configuration or setting should be set because there is a corresponding guideline or policy. That is, a port closed or open on the firewall should be set due to the Firewall or Network policy. The character length and complexity of passwords should be set to match the Password Policy, which also describes how long a password is good for and more. Gray Space Defense has some ready made policies that can be customized for any organization.