Email Security Policy

Source: smartertools.com

One of the first things you should put in an email security policy is to tell your employees that their work email is not private.  Even if you don’t actually check the emails this will save you a lot of grief if legal actions need to be taken and important information is contained in their emails.  If you don’t do this then you wont be able to get that information legally.  Decide if employees should be able to use their company email addresses for personal use.

According to Nolo, your email policy should address these issues:

• Personal use of the email system. Explain whether employees can use email for personal messages. If you place any restrictions on personal messages (for example, that employees can send them only during nonwork hours, must exercise discretion as to the number and type of messages sent, or may not send personal messages with large attachments), describe those rules.
• Monitoring. Reserve your right to monitor employee email messages at any time. Explain that any messages employees send using company equipment are not private, even if the employee considers them to be personal. If you will monitor regularly using a particular system — for example, a system that flags key words or copies every draft of a message — explain it briefly. This will help deter employees from sending offensive messages in the first place.
• Rules. Make clear that all of your workplace policies and rules — such as rules against harassment, discrimination, violence, solicitation, and theft of trade secrets — apply to employee use of the email system. Remind employees that all email messages sent on company equipment should be professional and appropriate. Some employers also include so-called netiquette rules — style guidelines for email writing.
• Deleting email. Establish a regular schedule for purging email messages. If you don’t, you will eventually run into a storage problem. Let your employees know how they can save important messages from the purge.

(Nolo,2009)

Tittel’s (2003) research has found the following:

It’s particularly important that employees understand that e-mail is an inherently insecure communications tool, and that confidentiality breaches are possible (if not likely) unless special steps are taken to protect proprietary information, trade secrets and other sensitive information. Thus, e-mail policy needs to state if (and how, where applicable) e-mail may be used to transmit such information (usually only if strong encryption technologies are available and used). (Para. 3)

References

Email Security (2004) Email Security (image). Retrieved from

Nolo (2009) Email Security Policy: Why You Need One for Your Employees. Retrieved from

http://www.nolo.com/legal-encyclopedia/article-29771.html

Tittel (2003) The security policy document library: E-mail policy. Retrieved from

http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci912509,00.html

What is the function of a biochip?

A Biochip is a technology chip that can perform a variety of physiological functions when inserted into the human body. Biochips have been proven in some cases to block pain for people who suffer severe spinal injuries, help paralyzed people regain some position of their motor skills, and help partially blind people see well. 

Due to the rapid development of biochips and biological condition detection technologies, changes in someone’s biological condition can be monitored by a biochip attached to their body surface or embedded inside their body and used to determine if he or she is ill. Then he or she can quickly find out what’s wrong with his or her body. There has been much progress in the study of biotech and great development of biochips.  Today’s, biochip implant is basically a small computer chip, inserted under the skin, for identification purposes. The biochip implant system has two components; a transponder and a reader or scanner. The transponder is the actual biochip implant. The biochip system is radio frequency identification (RFID) system, using low-frequency radio signals to communicate between the biochip and reader. The reading range or activation range, between reader and biochip is small, normally between 2 and 12 inches. Because the passive biochip contains no battery, or nothing to wear out, it has a very long life, up to 99 years, and no maintenance. Being passive, it’s inactive until the reader activates it by sending it a low-power electrical charge. The reader “reads” or “scans” the implanted biochip and receives back data (in this case an identification number) from the biochip.

The biochip-transponder consists of four parts; computer microchip, antenna coil, capacitor and the glass capsule.

PERSPECTIVE OF THE ACTUAL SIZE

The biochip scanning device for a portable electronic product at least comprises a signal scanning module, a signal processing module and a data processing module; the signal scanning module scanning and reading a first signal of a biochip disposed on a surface or under a skin or inside a body, the signal processing module receiving and processing the first signal and sending a second signal to the data processing module for obtaining a third signal; the third signal driving the portable electronic product to provide display, alert, storage and remote transmission functions; the biochip scanning device facilitating and simplifying processing of an output signal of the biochip disposed on a surface or under a skin or inside a body, besides, the biochip scanning device enhancing the functionality of the portable electronic product

Shen, E. (2007, august 2). Biochip scanning device for portable electronic products . free patents online all inventions of mankind, Retrieved from http://www.freepatentsonline.com/y2007/0179348.html

Watkins, T. (1999). Is the Biochip the mark of the beast? . Dial-the-Truth Ministries , Retrieved from http://www.av1611.org/666/biochip.html

VPN Policy IS-181

VPN Policy Manager

The intelligence and power behind the Networks vpn service derives from the VPN Policy Manager. The Positive VPN Policy Manager provides the administrator interface that maintains and enforces security policies for all groups and individual users. It is available from an ordinary web browser with a secure login.  “For an IPsec/VPN policy, it can enforce the following three possible actions: deny, allow, IPSec-actions (these can include ESP – Encapsulating Security Payload, AH –Authentication Header, tunnel mode or transportation mode etc…” (Yanyan, Y., Martel, C., Fu, Z., & Wu, S., 2006).

Within the Positive system, it is possible to centrally manage Policies, Configuration Settings and Actions for each user. The Policy Manager tells the Positive VPN Client or WebTop which registry keys, files and processes to monitor and manage.

Policies typically are security-related and allow each company to enforce its own security settings on the remote environment. For example, the company can require that the remote PC must be running a firewall with a particular rule set before access to the corporate LAN is allowed. Similarly, it can require that the remote PCs do not permit their drives to be shared while signed onto the system. We have built an engine that permits hundreds of Policies to be pushed to each user, so that the company has maximum flexibility in creating user environments that fit its business needs. (Salamone, 2000).

References

Salamone. (2000). New tools centralize, enforce VPN policies. InternetWeek, (797), 8. Retrieved from Academic Search Premier database.

Yanyan, Y., Martel, C., Fu, Z., & Wu, S. (2006). IPsec/VPN security policy correctness and assurance. Journal of High Speed Networks, 15(3), 275-289. Retrieved from Academic Search Premier database.

The Best Form of Personal Identification IS-240

The Best Form of Personal Identification

There are several identification forms, which fix best depending of the circumstances and what you expect from them. ID Cards, DNA and biometric are few ways to identify who you are. Several companies and governments have been taking the adoption of biometric technology and other identification methods.

The best forms of security for personal identification are based of three factors:

1-) what you know, for example the pin code of a credit or debit card.

2-) what you have, for example the physical possession of the card.

3-) who you are, for example is based your personal information matching with the data they retrieve from their database.

But these three forms can be treat so deceive the system. That is the main reason of increase the security level. The best form of personal identification is not base on one security step. The best form of personal identification is the combination of different procedures in order to create business intelligence. It is normal performing an ATM bank transaction using a card and a pin numbered. Right now bank are pushing it forward adding a third level of personal identification security using biometric technology. After providing all the typical information, also the system requires you an iris scan.

There are different levels of personal identification security. From password to biometrics security procedures such as iris scan, finger print and facial recognition. Through time to time integrating biometric processing even with DNA identification will be so common as using our credit card so make a payment. (Santoro, V., Lozito, P., Mastrorocco, N., De Donno, A., & Introna, F, 2009).

References

(2009). Biometrics, in security and personal identification. Columbia        Electronic Encyclopedia, 6th Edition, 1. Retrieved from Academic Search Premier database.

Santoro, V., Lozito, P., Mastrorocco, N., De Donno, A., & Introna, F.          (2009). Personal Identification by Morphometric Analyses of Intra-Oral Radiographs of Unrestored Teeth. Journal of Forensic Sciences (Blackwell Publishing Limited), 54(5), 1081-1084. doi:10.1111/j.1556-4029.2009.01106.x.

Threat Identification

Threat analysis or identification is “Systematic detection, identification, and evaluation of areas or spots of vulnerability of a facility, operation, or system” (Threat analysis, 2009). It is used to help a company assess all possible threats to their assets and use that assessment in a threat model.
A common threat model is known as the “attack tree” which “represent attacks against a system in a tree structure, with the goal as the root node and different ways of achieving that goal as leaf nodes” (Scheiner, 1999). The overall goal of threat identification and threat modeling is to supply the company with needed information on all possible routes of attack so that they may better understand and quickly assess the “who” “what” and “why” of any attack.

References

Schneier, B. (1999). Modeling security threats. Dr. Dobb’s
Journal

Threat Analysis. 2009. In BusinessDictionary.com. Retrieved Dec 1, 2009 from                                                                                                    http://www.businessdictionary.com  /definition/threat-analysis.html

Password Management Policies

Companies should create and strongly suggest to employees to adhere to a password management policy.  This policy may have instructions that range from the amount and type of characters to not have any sensitive information.

Because a password policy may become troublesome for many employees to create and remember strong passwords, the use of password management software has become a great tool in helping IT technicians (online, paragraph 2). Also, the use of password synchronization offers solutions for users that have many applications with different passwords requirements memorizing one password and allowing access once the employee is logged on to the system (online, paragraph 1)

References

Password Auditing Software. (2004).  Retrieved December 02, 2009 at WindowsITPro.org  web site. http://windowsitpro.com/article/articleid/43483/password-auditing-software.htm

Password Synchronization. (2007). Retrieved December 02, 2009 at WindowsITPro.org website. http://windowsitpro.com/article/articleid/96220/password-synchronization.html

APA Style

Here are  few links to help with APA style:

Sample paper.
Purdue University

A Few Words About Privacy Policies

Most of us are familiar with privacy policies.  The definition that I found in an online dictionary says a privacy policy is a “statement that declares a firm’s or website’s policy on collecting and releasing information about a visitor.  It usually declares what specific information is collected and whether it is kept confidential or shared with or sold to other firms, researchers or sellers” (businessdictionary.com, 2009).

I found an interesting website that allows you to create your own privacy policy.  The url is http://www.dmaresponsibility.org/PPG/.  Fill in all the fields as the apply to your business and the website will generate a policy for you.

Oral Presentations (beta)

To help me discuss Oral Presentations, I will be drawing information from an article called “The 10 Biggest Traps to Avoid When You Speak”.  They are:

1. Unclear thinking:  trying to cover too many topics
2. No clear structure:  if you ramble or never get to the point, your listeners will tune out
3. No memorable stories:  listeners recall mental images that your words inspire better than the words themselves
4. No emotional connection:  The emotional connection comes from engaging the listeners’ imaginations
5. Wrong level of abstraction:  use the right kind of focus with the right groups, specifics or generalities
6. No pauses:  good communications contains changes of pace, pauses, and full rests
7. Irritating nonwords: eliminate words such as “OK” or “Now!” from you thought transitions
8. Stepping on your punch words:  don’t ruin the effect of you power statements with words added on the end
9. Misusing technology:  use visual aids to enhance your presentation, not as a crutch nor hindrance
10. Not having a strong opening and closing:  Engage your audience with a great opening, and deliver a dynamic closing.  Never close by taking questions; instead, take them as you go along. (Fripp, 2009; Fripp, 2009)

SaaS

How will Software as a service impact organization?

Software as a service is a somewhat new business tool that it is changing the software industry in a rapid and increasingly way. Renting the software instead of own it has many advantages, for example: you do not need to install all the application that comes with the software into your computer, saving you space and giving you a high level of customization. With a little to invest and maintain, the SaaS model is one of the best options to a company that could be new to business in the web.

We believe that SaaS is going to have a major impact on the software industry, because software as a service will change the way people build, sell, buy, and use software. Hotmail is a good example that comes to mind when you think about SaaS, it meets all of the basic criteria: a vendor hosts all of the program logic and data, and provides end users with access to this data over the public Internet, through a Web-based user interface ( Frederick Chong and Gianpaolo Carraro, Microsoft Corporation, April 2006, Para 1).

Another example is, ford when their cars are out of warranty, and the vehicle needs an upgrade they charge about $50 to $95 dollars to install an upgrade on the cars computer and fix any issue that the car may have, in others words they are providing a software as a service, on a need bases. If they could offer this upgrade online, for a less rate, it would simplify the process, improved costumer trust in the brand and it would drive more costumers to the dealers to buy cars and to get help from professionals to fix their cars. Other examples are my complab, blackboard, avg back up, facebook, and oracle.

With the software-as-a-product model providing the context for the software market, the idea of software as a service can feel somewhat alien: instead of “owning” important software outright, customers are told, they can pay for a subscription to software running on someone else’s servers, software that goes away if they stop subscribing. It is therefore especially important that the prospective customer understand how SaaS provides a direct and quantifiable economic benefit over the traditional model (Frederick Chong and Gianpaolo Carraro, Microsoft Corporation, April 2006, Para 21).

With this, the organizations can take advantage of SaaS and offer inexpensive alternative to costumers, opening a wide market opportunity. Using this model will prove more effective ways to reach users, offering a unique product, affordable, and ready to fit each user needs.

Picture from Building Distributed Applications.

In a decentralized authentication system, the tenant deploys a federation service that interfaces with the tenant’s own user directory service. When an end user attempts to access the application, the federation service authenticates the user locally and issues a security token, which the SaaS provider’s authentication system accepts and allows the user to access the application( Frederick Chong and Gianpaolo Carraro, Microsoft Corporation, April 2006, Para 26).

Reference list:

Building Distributed Applications Architecture Strategies for Catching the Long Tail

Frederick Chong and Gianpaolo Carraro, Microsoft Corporation, April 2006.

http://msdn.microsoft.com/en-us/library/aa479069.aspx