Editor pass - Adding acceptable use policy (#5492)

Editor pass for: https://github.com/fleetdm/fleet/pull/5417

@GuillaumeRoss, should this be its own page or should this be with the rest of security?

Co-authored-by: Guillaume Ross <guillaume@fleetdm.com>

handbook/security-policies.md

@@ -2,11 +2,11 @@
 
 ## Information security policy and acceptable use policy
 
-This Information Security Policy is intended to protect Fleet Device Management Inc's employees, contractors, partners, customers and the company from illegal or damaging actions by individuals, either knowingly or unknowingly.
+This Information Security Policy is intended to protect Fleet Device Management Inc's employees, contractors, partners, customers, and the company from illegal or damaging actions by individuals, either knowingly or unknowingly.
 
 Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, web browsing, and file transfers, are the property of Fleet Device Management Inc. These systems are to be used for business purposes in serving the interests of the company, and of our clients and customers in the course of normal operations.
 
-Effective security is a team effort involving the participation and support of every Fleet Device Management Inc employee or contractor who deals with information and/or information systems. It is the responsibility of every team member to read and understand this policy, and to conduct their activities accordingly.
+Effective security is a team effort involving the participation and support of every Fleet Device Management Inc employee or contractor who deals with information and/or information systems. It is the responsibility of every team member to read and understand this policy and conduct their activities accordingly.
 
 ### Acceptable Use of End-user Computing
 *Created from [JupiterOne/security-policy-templates](https://github.com/JupiterOne/security-policy-templates). [CC BY-SA 4 license](https://creativecommons.org/licenses/by-sa/4.0/)*
@@ -15,11 +15,11 @@ Effective security is a team effort involving the participation and support of e
 | -------------- | -------------- |
 | @GuillaumeRoss | 2022-06-01     |
 
-Fleet requires all workforce members to comply with the following acceptable use requirements and procedures, such that:
+Fleet requires all workforce members to comply with the following acceptable use requirements and procedures, such as:
 
-1. Use of Fleet computing systems is subject to monitoring by Fleet IT and/or Security teams.
+1. The use of Fleet computing systems is subject to monitoring by Fleet IT and/or Security teams.
 
-2. Fleet team members must not leave computing devices (including laptops and smart devices) used for business purpose, including company-provided and BYOD devices, unattended in public.
+2. Fleet team members must not leave computing devices (including laptops and smart devices) used for business purposes, including company-provided and BYOD devices, unattended in public.
 
 3. Device encryption must be enabled for all mobile devices accessing company data, such as whole-disk encryption for all laptops.
 
@@ -27,17 +27,17 @@ Fleet requires all workforce members to comply with the following acceptable use
 
 5. Avoid sharing credentials. Secrets must be stored safely, using features such as GitHub secrets. For accounts and other sensitive data that need to be shared, use the company-provided password manager.
 
-6. At Fleet, we are public by default. Sensitive information from logs, screenshots or other types of data (memory dumps for example), must be sanitized to remove any sensitive or confidential information prior to posting.
+6. At Fleet, we are public by default. Sensitive information from logs, screenshots, or other types of data (memory dumps, for example), must be sanitized to remove any sensitive or confidential information prior to posting.
 
 7. Anti-malware or equivalent protection and monitoring must be installed and enabled on all endpoint systems that may be affected by malware, including workstations, laptops and servers.
 
-8. It is strictly forbidden to download or store any secrets used to sign Orbit installer updates on end-user computing devices, including laptops, workstations and mobile devices.
+8. It is strictly forbidden to download or store any secrets used to sign Orbit installer updates on end-user computing devices, including laptops, workstations, and mobile devices.
 
-9. Only company owned and managed computers are allowed to connect directly to Fleet auto updater production environments.
+9. Only company-owned and managed computers are allowed to connect directly to Fleet autoupdater production environments.
 
-10. Fleet team members must not let anyone else use Fleet provided and managed workstations unsupervised, including family members and support personnel of vendors. Use screen sharing instead of allowing them to access your system directly.
+10. Fleet team members must not let anyone else use Fleet-provided and managed workstations unsupervised, including family members and support personnel of vendors. Use screen sharing instead of allowing them to access your system directly.
 
-11. Device operating system must be kept up to date. Fleet managed systems will receive prompts for updates to be installed, and BYOD devices are to be updated by the team member using it, or might lose access. 
+11. Device's operating system must be kept up to date. Fleet-managed systems will receive prompts for updates to be installed, and BYOD devices are to be updated by the team member using it or they might lose access. 
 
 12. Team members must not store sensitive data on portable storage.