Discussion on:
View:
Show:
I Shubhashish sharma, a new for all. I am a software/web developer, want to discuss in the topic hacking.
You can do a search for hacking in the Discussions http://techrepublic.com.com/5234-6230-0.html?rankBy=9&numResults=20&select=in+Discussion+Center&q=hacking. If there are none of interest, you can start your own Discussion.
My apologies for adding to the topic and being off-topic!
My apologies for adding to the topic and being off-topic!
A acceptable use also needs to reflect the culture you are going for and its risks / rewards. Except for a very few rare cases, most places recieve more benefit from users home computers vs the amount of 'productivety' lost for non-buisness use.
My place is now wanting to send w-2's electronically to the employees. We can check our work email from home. Then there are those who have VPN connections, etc. All these are using my home computer. I have had to tell vendors to use my home email a couple of times because the company email system was sick. How much "extra work" like if I come in on saturday to take care of something (I am salaried so no overtime/comp/etc). For example, if a daycare has webcams, do you let a parent check on their kid during the day? All these are reflective of the colture.
One oil company that locked down the business computers saw a total reduction impact. Yes, the computers were not being used for solataire during the lunch hour. But no longer were people doing as much "homework" either. Your work computer was for work - period. Side effect - the home computer was not used for work.
Managers are responcible for making sure the staff is productive. It does not matter if they are wasting time chatting at the coffee pot or playing games on the computer. It is not the IS staff role to usurp this.
Some of the elements in the article's AUP, no illegal, pornagraphic, etc. are good restrictions. But some postive comments in the AUP to reflect the sensitivity of the culture should be included. Such as "...the company values the contribution done by people from home. To help we have..."
My place is now wanting to send w-2's electronically to the employees. We can check our work email from home. Then there are those who have VPN connections, etc. All these are using my home computer. I have had to tell vendors to use my home email a couple of times because the company email system was sick. How much "extra work" like if I come in on saturday to take care of something (I am salaried so no overtime/comp/etc). For example, if a daycare has webcams, do you let a parent check on their kid during the day? All these are reflective of the colture.
One oil company that locked down the business computers saw a total reduction impact. Yes, the computers were not being used for solataire during the lunch hour. But no longer were people doing as much "homework" either. Your work computer was for work - period. Side effect - the home computer was not used for work.
Managers are responcible for making sure the staff is productive. It does not matter if they are wasting time chatting at the coffee pot or playing games on the computer. It is not the IS staff role to usurp this.
Some of the elements in the article's AUP, no illegal, pornagraphic, etc. are good restrictions. But some postive comments in the AUP to reflect the sensitivity of the culture should be included. Such as "...the company values the contribution done by people from home. To help we have..."
Company culture should always be considered, but for reasons of morale, team building and company productivity. That is common sense. I would rather be part of a company where everyone comes to work and puts in a productive Monday to Friday work week, leaving time for personal growth and family time away from the work place.
If a company can filter out all the unauthorized activity that goes on in the workplace, it would find such a jump in worker productivity that no work would probably have to be done from home. Without all the unauthorized downloads dumping malware on systems, they would have more stability and reliability, and relieve your IT staff of a lot of unnecessary time-wasting activity.
If your home computers have to serve as a backup for your enterprise then that is a sad situation, even recognizing that "stuff" happens from time to time.
A technology that enforces security policies inside the network does not have to "brick" the system to the point that no one can access anything from home.
A proper user/group centric access and control system with proper auditing can regulate everything in the network by authorized users whether they work from home or the other side of the globe.
If one reads "the Insider" by Dan Verton, he says that people, process and policy will help reduce data loss by improving employees lack of awareness of bad practices, etc., but will not stop a vengeful attacker on a mission triggered by an event such as being outsourced or a stressful event in his personal life. Even one disgruntled employee can bring a company to its knees, if it is not careful. Imagine being locked out of its own database, or its most valuable trade secret sold to a competitor in another country. Things like this happen often.
If a company can filter out all the unauthorized activity that goes on in the workplace, it would find such a jump in worker productivity that no work would probably have to be done from home. Without all the unauthorized downloads dumping malware on systems, they would have more stability and reliability, and relieve your IT staff of a lot of unnecessary time-wasting activity.
If your home computers have to serve as a backup for your enterprise then that is a sad situation, even recognizing that "stuff" happens from time to time.
A technology that enforces security policies inside the network does not have to "brick" the system to the point that no one can access anything from home.
A proper user/group centric access and control system with proper auditing can regulate everything in the network by authorized users whether they work from home or the other side of the globe.
If one reads "the Insider" by Dan Verton, he says that people, process and policy will help reduce data loss by improving employees lack of awareness of bad practices, etc., but will not stop a vengeful attacker on a mission triggered by an event such as being outsourced or a stressful event in his personal life. Even one disgruntled employee can bring a company to its knees, if it is not careful. Imagine being locked out of its own database, or its most valuable trade secret sold to a competitor in another country. Things like this happen often.
Companies need to do more than just put work policies in place - they need to institute solutions that enforce them. Even small businesses can use email security software that enforce best practices and will protect their email transmissions.
http://www.essentialsecurity.com/products.htm
http://www.essentialsecurity.com/products.htm
We believe that preparing good computer facility usage policies is important, how to enforce these policies is even more important.
So the following steps to ensure we can implement the policy effectively.
1. Communication
The policy needs to inform users frequently. This is about how to let users know what the policy is, remind them easily and regularly.
2. Procedures
There is procedure to carry out implementation including how to present the policy, how often to remind users about the policy and where the policy should be displayed.
3. Options
Users should have an opportunity to accept or reject the policy. Once they accept the policy, they will have obligation to follow the policy.
4. Consequences
Users should know the consequences for violation of the policies. Users actions should be logged including when the user read the policy and whether they have accepted or not. These evidences can be presented in a court if it is necessary.
Squares Solutions Company
www.edeclaration.info
So the following steps to ensure we can implement the policy effectively.
1. Communication
The policy needs to inform users frequently. This is about how to let users know what the policy is, remind them easily and regularly.
2. Procedures
There is procedure to carry out implementation including how to present the policy, how often to remind users about the policy and where the policy should be displayed.
3. Options
Users should have an opportunity to accept or reject the policy. Once they accept the policy, they will have obligation to follow the policy.
4. Consequences
Users should know the consequences for violation of the policies. Users actions should be logged including when the user read the policy and whether they have accepted or not. These evidences can be presented in a court if it is necessary.
Squares Solutions Company
www.edeclaration.info
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
