Trade space analysis is performed to ensure that the company’s resources are being utilized appropriately and effectively during operating hours. The abuse of technology in the workplace has exploded since the 1990s and as a result, stricter guidelines within the workplace have been required to ensure the appropriate use, confidentiality, as well as the protection of organizational data and trade secrets (SpectorSoft, 2013). According to SpectorSoft, “An Acceptable Use Policy (AUP) is written with the intent of identifying the permissible workplace uses of the company-supplied PCs, Macs, laptops, and mobile devices and the Internet. It also serves to let the employees know that all activity on those devices may be monitored in accordance with the law” (p. 2). However, there are other considerations for Acceptable Use Policies.
A Trade Space to utilizing an overzealous Acceptable Use Policy could result in reduced performance overall. Restrictions of social media, for example, could result in lack of encouragement for the employees to utilize these spaces to offer good public relations FOR the company as these sites are often utilized to facilitate marketing, event planning, as well as good public relations for the company’s reputation as approachable and something people want to associate with. Additionally, more and more people are beginning to utilize various social media sites as a means to hold meetings with others across the globe. What used to be determined as an internet tool for personal use, has become quite a pivotal player in the business world as well. Ensuring that guidelines pertaining to social media use should also specify applicable exceptions and protocol for use of such places. Additional factors may be for employees to remain independent from the company for their own personal profiles so that personal and professional do not become too interrelated to the detriment of either party.
Access Policy is where the organization’s resources access points are controlled by company policy and restrictions. In order for effective utilization of the resources that the company provides to individuals and organizations alike, clearer guidelines must be drawn to ensure protection for all parties. The dangers of abuse can be destructive to both the individual and the organization, so it behooves the organization to set very clear guidelines to ensure the organizational protection of information is not only supportive of their efforts but also in alignment with the legalities of the world we live in. Misuse can not only be destructive to a reputation, but it can also generate lawsuits, which are not desired by anyone. As such, adequate and thorough guidelines must be generated and enforced to ensure protections for employees and the organization alike. Writing a policy statement that clearly states the guidelines, procedures and ramifications for violation of the policy must be done and gone over with each individual employee to ensure comprehension and depth of understanding of the consequences are established (Lorette, 2013).
Other examples of access policy needs include company database and trade secret information. It is crucial that a firm policy is established to protect an organization from external threats or from employee violation of company policy. Some behaviors may be seemingly innocent, but without proper restrictions firmly established, employees can be just as much the source of breech as external parties breaking into the system. Thus, it is absolutely necessary to establish protocol, cybersecurity measures, and accountability measures to ensure company and client privacy and confidentiality are firmly upheld and very clear expectations and consequences are informed and trained continuously to avoid potential disaster. The challenge that can also lie with this type of strict policy enforcement is the complications that can arise from limited access points. If there is only one person allowed access to certain data-points, then if that person is absent or unavailable, it can delay the productivity of others in the organization. The trade space on this can lead to reduced productivity, crisis if the key personnel are gone or leave the organization. There would need to be extraneous protections in place to address such protocol challenges so that organizational functionality is not hindered or crippled under unexpected circumstances due to access policy restrictions.
Host protection is a bit more complex since it is programming for a system to automate protection. Host protection is a reliability feature rather than a security feature. It is functional only if the user has the proper account rights to that mutex (Technet, 2014). “The HostProtectionAttribute is not a security permission as much as a way to improve reliability, in that it identifies specific code constructs, either types or methods, that the host may disallow. The use of the HostProtectionAttribute enforces a programming model that helps protect the stability of the host (Technet, 2014). In other words, host protection is not added as a measure of internet or intranet security, but rather a way in which stability and reliability can be added to the infrastructure utilized by the organization’s servers.
With this in mind, the trade space with relation to controlled access to the mutex can create a similar situation as with the access policy. A procedure would need to be in place to assure that the continuation of access is available, yet controlled if the person with the code should no longer be available. The control mechanism must have a specific and worthwhile purpose for valid initiation. Ensuring that the costs to create the code, protect the code, and backup protocol are thoroughly addressed and properly managed, the overall value would likely be better than to choose alternative routes.
The overall constructive value must always outweigh the negatives in any of the above scenarios. The bottom line relies upon the understanding of the need, the consequences that will result if nothing is done and the consequences that would result from implementation. The essential steps in all of the previously mentioned scenarios is that clear, concise, and thoroughly addressed and informed policies must be made when enacting any of these protocols. They are in the best interest of the company and the employees if properly handled. Without proper training in these areas, trouble will arise and the staff or organization can find themselves in difficult legal proceedings, breach of confidentiality or even face jail terms (depending on the severity of the breach).
Security has many forms. Some of them are for the protection of confidentiality, some of them are for physical safety, and some of them are for the functionality of technology utilized. All of these require detailed strategies to address the company’s concerns and end goals. Without such protocols, the company renders itself incredibly vulnerable and client confidence lacking. This is poor business management and reflects poorly on the organization, its employees and the company head. All policies of such nature are to ensure the best outcomes for all involved in order for the company to perform at its highest ability and to offer its clients the best experience possible. Consumer confidence relies very heavily on trust. These policies make major steps to ensure that trust is not broken. Policy manual guides, websites, and seminars are recommended as the ideal solutions to have resources available at all times to staff as needed and to ensure staff truly understand what is expected of them, why it is important to them, and how it benefits them. These will ensure a secure workplace, reputation security and data security for the organization and the clientele it serves.
Lorette, K. (2013). How Do I Write a Policy Statement For a Business? Demand Media – Chron. Retrieved from http://smallbusiness.chron.com/write-policy-statement-business-3128.html
SpectorSoft (2013). Bringing Your Acceptable Use Policy Up to 2013 Standards. Retrieved from http://downloads.spectorsoft.com/.../WP_InternetAcceptableUsePolicy.pdf
Technet. (2014). Host Protection Attributes and CLR Integration Programming. Retrieved from http://technet.microsoft.com/en-us/library/ms403276.