Internet, e-Mail, Social Networking
Mobile Device, Electronic Communications, and Record Retention Policy
Organizations that have or want to establish a companywide telecommuting program should establish a formal, written telecommuting policy document that is regularly reviewed and updated by IT, human resources, legal, and finance. This will ensure that managers and the corporate services and technical support groups within the organization are aware of their respective role and responsibilities for enabling and supporting telecommuting. It also will help ensure that telecommuting employees know about their responsibilities too, along with new company and approved third-party applications and support services available outside company facilities.
Telecommuting Treats
Today’s email threats are far more dangerous than yesterday’s. On the inbound side, blended email and web attacks masterminded by profit-seeking criminals are now the norm. Spam is no longer about selling, it’s about stealing. Attacks are targeted and fast moving. The perpetrators are more sinister, organized, and sophisticated. Orchestrated botnet armies strike globally and quickly go dormant. Harmful payloads morph continuously to evade signature-based defenses, and are more often delivered through an embedded web link rather than a direct file attachment. Every malicious email that penetrates the perimeter carries dramatically more risk than ever before.
Over 50% of all companies do not have policies for the appropiate use of the Internet. The problem now is that when you Twitter or post to a blog information that might be sensitive thousands of people can see it immediately, and then thousands more could see it as it's forwarded on to others. The ramifications of making a mistake, of putting things that shouldn't be on there on those sites, are even greater than they used to be.

This policy is is compliant with all recent legislation (SOX, HIPAA, Patriot Act, and Sensitive information), and
covers: 
- Appropriate Use of Equipment
- Social Networks
- Mobile Devices
- Internet Access
- Electronic Mail
- Retention of Email on Personal Systems
- E-mail and Business Records Retention
- Copyrighted Materials
- Banned Activities
- Ownership of Information
- Security
- Sarbanes-Oxley
- Abuse
Included with the policy are forms that can be used to facilitate the implementation of the policy. Included are these ready to use forms:
- Internet & Electronic Communication Employee Acknowledgement
- E-Mail - Employee Acknowledgement
- Internet Use Approval Form
- Internet Access Request Form
- Security Access Application Form
The WORD
template uses the latest CSS style sheet and can easily be modified
to conform to the style used in your enterprise policy manual.
Other Individual Policies
All of the policies that are provided here are contained within one or more of the templates that are on this site. These policies have been added as individual documents in WORD format (WORD 2003 and WORD 2007) for those clients who just need this particular policy. All policies are Sarbanes-Oxley, HIPAA, PCI-DSS, and ISO compliant.
Outsourcing Policy
Outsourcing Policy - This policy is eighteen page in length and defines everything that is need for function to be outsourced. The policy comes as a Microsoft Word document that can be modified as needed. The template has been updated to include a HIPAA audit program definition in length and covers:
- Outsourcing Management Standard
- Service Level Agreement
- Responsibility
- Outsourcing Policy
- Policy Statement
- Goal
- Approval Standard
- Base Case
- Responsibilities
Note: Look at the Practical Guide for Outsourcing over 110 page document for a more extensive process for outsourcing
Sensitive Information Policy
Includes HIPAA Audit Program Guide and a PCI Audit Program
This
policy is easily modified and defines how to treat Credit Card,
Social Security, Employee, and Customer Data. The template is 29
pages in length and complies with Sarbanes Oxley Section 404,
ISO 27000 (17799), and HIPAA. The PCI Audit Program that is
included is an additional 50 plus pages in length.
This policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals).
The HIPAA Audit Program Guide provides you with a checklist of the must be implemented items which HIPAA mandates.
You can download the Table of Contents and some sample pages by clicking on the link below.
Backup and Backup Retention Policy
IT organizations of all sizes contend with a growing data footprint with more data to manage, protect and preserve for longer periods of time. Online primary storage, has focus a on fast lowlatency, reliable access to data while near-line secondary storage has a focus on low cost and high capacity. Long-term data retention requires a combination of ultra-low cost, good performance during storage and retrieval, and reduced footprint in terms of power, cooling, floor-space and economics (PCFE) - also known as a small green footprint - for inactive data.
Factors that CIOs and IT professionals need to consider for data retention include:
- Business and regulatory requirements – regulatory compliance and data preservation
- Economic and budgetary concerns – doing more with less
- Data loss prevention and information protection – protect, preserve and serve
- Environmental and business sustainment – green and economically efficient
- Maximize IT resource effectiveness and return on investment (ROI)
- Reduce total cost ownership (TCO) of IT resources and service delivery
The Backup and Backup Retention policy is an 11 page sample policy that is a complete policy which can be implemented immediately.
The document is provided in both Word 2003 and Word 2007 format and is easily modified. This policy is included in the Disaster Recovery / Business Continuity Template.
Below is a table from the policy:
Type of Data |
Minimal Backup Policy |
Backup Retention Policy |
System software |
Latest Version plus patches |
Annual (verified) Backup |
Application software |
Latest Version plus patches |
Annual (verified) Backup |
System data |
Daily |
Annual (verified) Backup |
Application Data |
Daily with real time transaction files |
Annual (verified) Backup |
Software licenses, encryption keys, & Protocol Data |
Weekly |
Annual (verified) Backup |
Travel and Off-Site Meeting Policy
Travel and Off-Site Meeting Policy - Protection of data and software is often is complicated by the fact that it can be accessed from remote locations. As individuals travel and attend off-site meetings with other employees, contractors, suppliers and customers data and software can be compromised. This policy is seven (7) page in length and covers:
- Laptop and PDA Security
- Wireless and Virtual Private Networks (VPN)
- Data and Application Security
- Public Shared Resources
- Minimizing attention
- Off-Site Meetings
- Remote Computing Best Practices
This policy has been updated to reflect the requirements of PCI-DSS, Sarbanes-Oxley, HIPAA, and ISO. The policy comes as both a WORD file and a PDF file utilizing a standard CSS style sheet.
IT Policies and Procedures News
Obama administration to ask for more 1984 Big Brother powers
Everyone knows that police can peek inside an email account it if they have a paper search warrant
But cybercrime investigators are frustrated by the speed of traditional methods of faxing, mailing, or e-mailing companies these documents. They're pushing for the creation of a national Web interface linking police computers with those of Internet and e-mail providers so requests can be sent and received electronically.
A federal task force (soon to be released) study says that law enforcement agencies are virtually unanimous in calling for such an interface to be created. Eighty-nine percent of police surveyed, it says, want to be able to "exchange legal process requests and responses to legal process" through an encrypted, police-only "nationwide computer network."
The study also says: "89 percent of investigators agreed that a nationwide computer network should be established for the purpose of linking ISPs with law enforcement agencies so that they may exchange legal process requests and responses to legal process. Authorized users would communicate through encrypted virtual private networks in order to maintain the security of the data."
But the most controversial element is probably the private Web interface, which raises novel security and privacy concerns, especially in the wake of a recent inspector general's report from the Justice Department. The 289-page report detailed how the FBI obtained Americans' telephone records by citing nonexistent emergencies and simply asking for the data or writing phone numbers on a sticky note rather than following procedures required by law.
- more infoOursouring continues
U.S. defense contractors growing use of offshore (outsource) subsidiaries from 2003 to 2008 allowed the Defense Department to save money on contracts but also resulted in the loss of U.S. tax revenue and unemployment benefits for some U.S. workers, according to a new report from the Government Accountability Office.
Practical Guide for IT Outsourcing a HandiGuide
The 29 largest publicly traded defense contractors increased their use of offshore subsidiaries by 26 percent from 2003 to 2008, the report states.
Those subsidiaries helped the contractors reduce taxes, in part by avoiding Social Security and Medicare payroll taxes for U.S. workers hired at the foreign subsidiaries, GAO auditors said.
About a third of the contractors also decreased their effective U.S. corporate tax rates in 2008 in part through the use of foreign affiliates, lower foreign tax rates and indefinite reinvestment of foreign income outside the United States.
- more infoAlmost 200,000 jobs lost in IT during this recession
Job cuts in technology were
fierce in 2009, but 2010 is expected to see modest growth in a number of
subsectors. The last time layoffs were this bad was in 2005.
Job cuts in technology were fierce in 2009. Last year saw 174,629 jobs lost in the sector, catapulting up 12.3 percent from the 2008 cuts of 155,570 jobs, according to an outplacement company which tracks industry numbers on announced layoffs. Technology - still considered by the Department of Labor to be one of the most promising industries for future job creation - has not seen that many layoffs since 2005.
The worst of the downsizing occurred in the first quarter, which is when the overall economy hit rock bottom. The recession's impact on the tech sector was inescapable.
The technology-focused blog TechCrunch developed its own "layoff tracker" Web application, which has been documenting layoffs in the sector since October 2008. For comparison, as of its last update in November 2009, TechCrunch had reported a total of 350,299 employees laid off - roughly 20,000 more, but certainly in the same ballpark.
The tech sector accounted for about 13.2 percent of the total 1.3 million announced job cuts in the United States in 2009, said Challenger, Gray & Christmas. By subsector, electronics fared the worst with 65,000 jobs cut - up 55 percent from 2008 - while telecommunications lost 9.4 percent fewer jobs in 2009. The computer industry was unchanged.
It's going to be a slow climb out of this recession, but computer and electronics firms should be among the first to see the turnaround, as companies try to postpone hiring by achieving productivity gains through technology. Even with the economy showing some nascent signs of recovery beginning the second half of the year, many companies are holding off on investments in new technology. And, with it still [being] difficult for small businesses and startups to obtain loans, there are few opportunities for tech firms to expand their customer base.
Despite the potential for improved hiring in the new year, there are a lot people competing for every opening and many employers are very particular about what skills and experience they want new workers to have. It is critical that technology workers continually update their skills in order to remain competitive. It is necessary to maintain a balance between having specialized skills and having the flexibility of a generalist. It may also be necessary to expand one's search to more industries or geographically.
We'll see a radically transforming marketplace - driven by surging demand in emerging markets, growing impact from the cloud services model, an explosion of mobile devices and applications, and the continuing rollout of higher-speed networks. These transformational forces will drive key players to redefine themselves and their offerings and will spark lots of M&A activity.
- more infoIT Job Descriptions HandiGuide 2010 Version Released by Janco
The
IT job descriptions
contained within the Internet and Information Technology Position
Descriptions HandiGuide® was updated in 2010 and contains over 650 pages; which
includes sample organization charts, a job progression matrix, over 231 job
descriptions, best practices for resume screening and best practices for phone
screening.
The author of this book has extensive experience in job content definition and analysis. He personally is recognized by the courts as an "expert" and has been used by a number of firms as an expert in age and job discrimination cases. The HandiGuide includes some of the tools that he uses in that process.
The book also addresses Fair Labor Standards and the ADA, and is in a new easier to read format. Each job description meets ADA standards and the position description is delivered in electronic format - word which is editable and PDF which is printed. Also included are tools to help you expand, evaluate and define your enterprise's unique additional required. Those tools include:
- Job Evaluation Questionnaire
- Position Description Questionnaire
- Job Progression Matrix (Job Family Classifications)
- Best Practices for
- Screening Resumes
- Phone Screening
- Hiring employees
- Motivating employees
- Mandated Requirements
- American with Disabilities Act (ADA)
- Health and Safety Requirements (Federal and State)
- Fair Labor Standards Act
- Sexual Harassement
- Other Labor Laws
Google personal lead sensitive data in error
It was reported in Computerworld that Google apologized after it
mistakenly e-mailed potentially sensitive business data last week to other users
of its business listings service.
The company's Local
Business Center allows businesses to create a listing for Google's search engine
and Maps application, as well as add videos, coupons or photos.
Google then provides data on how customers found the listing, showing search terms people used before clicking the listing and other data such as the geographic location of someone who looked up driving directions to the business.
Google will send reports to those who are signed up. Early last week, Google sent the reports to third parties by mistake. The mistake affected several thousands businesses registered with Local Business Center, of which there are more than a million.
"Shortly after sending the newsletter to a portion of our users last night, we discovered that some e-mails included statistics for the wrong business," Google said in a written statement. "We promptly stopped sending any further e-mails and investigated the cause, which we found to be a human error while pulling together the newsletter content. We'd like to apologize to all the business owners impacted and assure them that we're fixing the process that led to this mistake."
People who received the data then began to publicize the incident, realizing the privacy implications. Chicago-based Internet consultant David Dalka wrote on his blog that he received information regarding the listing for Boscos, a restaurant in Tennessee that brews its own beer.
- more infoMassachusetts information security requirements
As of January 1, 2010, all organizations with operations and/or customers in the state of Massachusetts are required to follow comprehensive information security requirements regarding both paper and electronic records containing personal information. These requirements include enforcing password security, encrypting all personal information stored on laptops and removable devices and ensuring up-to-date firewall protection, operating system patches and the latest versions of security agent software. Read this whitepaper to learn how your organization can meet the necessary requirements and improve its security practices. - more infoPersonal and Professioal Bonuses Cut By Most Enterprises
Fringe benefits are cut by most entetprises. Health insurance is the only benefit that has reamined.
Companies have started to cut back on the fringe benefits provided to IT Professionals. For example in January of 2008 95% of IT professionals had health insurance supplied by their employers while in June 2009 only 88% did. A full historical comparison of trends in benefits is included with the full version of the Janco IT Salary Survey.
- more infoUser Departments Often Drive IT Infrastructure Excesses
Often a departmental business manager submits a request to the IT organization for a new server to host a critical business-intelligence application. The request itself is unremarkable; after all, it is common for a business unit to ask IT to deploy additional hardware infrastructure to support their application requirements.
However the company may have multiple similar requests in queue, and all include a request for storage arrays dedicated to the applications being added. All too often, it's a common reaction to request dedicated servers and storage for new applications. And some CIOs and IT departments accommodated such requests to a fault. However, at times, this addition of processing and storage capacity occurs without adequate understanding of whether there may be unused capacity available. It also fails to recognize that each new addition of servers and storage adds to the complexity of the IT infrastructure.
- more infoWill Google violate your privacy in the future?
Google Goggles could
violate your privacy
without your knowing it. Goggles lets you send photos of a business card, book
cover or even bar code from your Android-based smartphone to Google for quick
identification and data manipulation. Now if that software is extended to
include photos your personal privacy could be impacted.
The way it works is that you snap a photo by centering your image in the Goggles screen and pressing a small camera icon at the bottom of the screen. Goggles then scans the image, analyzes it and identifies it. If the image is of a business card, Goggles separates the information into fields and lets you put it into your Google Contacts database. If it's a book, the app offers to let you purchase or research it. If it's a store or a landmark, Goggles fetches Google search info about the location. (Objects such as cars, animals or people aren't, according to the instructions, really identifiable yet.)
Imagine pointing your smartphone at anything, clicking a button and having all the information about that object immediate appear.
- more infoSmartPhones - new security risks
As the
iPhone, BlackBerry, and other devices have become more popular, harmful software
such as viruses and spyware is emerging to exploit their vulnerability. Cheaters
beware. In late October, Indonesian developer released mobile-phone software
that can help someone eavesdrop on your conversations.
A distrusting partner or spouse can secretly download the free application, called PhoneSnoop, onto your BlackBerry, remotely turn on the microphone, and listen to conversations held in proximity to the device. PhoneSnoop, downloaded more than 2,000 times since its release, is one of a growing number of applications that can be downloaded onto a smartphone without a user's knowledge. FlexiSPY similarly can be downloaded onto Research In Motion's BlackBerry or the Apple iPhone.
Smartphones and the growing number of people using them are becoming a bigger target for unauthorized and potentially harmful software, including worms, viruses, and spyware that tracks a user's Web activity. The smartphone security threat "is imminent," says a principal analyst at consultant Infonetics Research.
- more info




