♥...aiai_cud8be...♥

A 3000-word essay?!

I was awfully bothered reading this thread last two weeks. I did found it very hard to identify an information environment. To help myself, I read all the threads in this forum regarding this topic. I won’t deny that... I know majority of my mates did the same! In my observation, I would conclude that the answers found herein vary on how we understand the question. So I came to think that maybe I was right with my first chosen Information Environment.

To begin with . . .

I am one of those what they call “probinsiyana” and I am swollen with pride to say that. I believe that most of us, when we hear province, the instant idea of the scenario would be the same as what we always see in the televisions and movies. Many would assume that there are farm animals wandering and working around, rice or corn fields flourishing the area, houses surrounded by trees and are made of wood, roads not concrete, the means of transportation is hard and the technological development is poor.

Yes, the above pre-assumption is close to the truth. Some provinces may have these characteristics but please do not apply sweeping generalization! Along the way towards my hometown- Municipality of New Bataan, Compostela Valley Province (New Bataan is a 2nd class municipality in the province of Compostela Valley, Philippines. According to the 2000 census, it has a population of 42,549 people in 8,592 households.), you’ll notice prospering farms with expected farm animals. But, unlike what’s state above, not all houses are made of wood. In fact, huge concrete houses are observed and the roads are concrete and some are wide. Thus, the means of transportation is good. However, sadly, I would not contradict that there, the technological development is crawling.

I’ve found a statement in this thread that would relate to my answer: “We are in the age of information environment wherein changes are constant…”

Oh … that’s really factual. I won’t contradict that! The information age has made technology, particularly information and communications technology, indispensable. What has been the Information Technology (IT) and Telecommunications situation in my hometown?

It’s true that telecommunication infrastructure remains one of the major issues affecting technology deployment required for growth and development in New Bataan. There has however, been massive improvement in agriculture over the past few years. But how about technological advancement? Yes, as stated above, changes are constant… but how fast? or should I say how sluggish?

I would say that the agricultural market is large. Opportunities abound! But more needs to be done to encourage investment in Information and Communications Technology (ICT), especially in the knowledge and creative areas. This is the mere reason why I chose my hometown as the information environment to review.

It is a dark era characterized by slow Internet links, poor service, high cost, lack of infrastructure and an unprogressive telecoms monopoly. I hate to admit that my hometown is in this state.

Last month, I had gone home. Like any other Information Technology student, I am passionate of browsing the internet most of the time. So missing the internet, I went to some “cyber café” available in our area. Luckily, I found two! At least! But, I was sad to find out that there are only five units and only two units connected to the internet. Lucky, perhaps, to have two units. But in the fast changing, dominating and blooming technology, still, my hometown is positioned behind. (1) That’s my first concern, more “cyber café’s” in New Bataan.

To address this, I would encourage the owners of these cafés, which are friends of mine, to invest more in their business. Oh.. I know their financial capacity! I know they can afford more units. I know they can invest more! I think all they need is encouragement. Having them aware of the benefit it gives to the students, to the municipality, to other concerns and to their business would be a help. I found this nice text relevant to my topic: "if information is power, then the internet must be the easiest way of empowering those that have traditionally been left behind.” .

I had gone also to our Information Center. It is our Municipal library located besides our Municipal office. I am happy to know that the books there had increased in number. But, no matter how many books you’ll find, you can never find as many as the internet can offer. Sadly, there is no single e-learning you can find there. (2) That’s my second concern, an E-library.

I’d like our Information Center offer an E-library that aims to allow discovery, access and use of resources for research and learning irrespective of their location. By simply writing a proposal in the suggestion box (as far as I could remember, there is a suggestion box in our Municipal Information Center). I am not expecting that my suggestion to have this e-learning/e-library would be approved and be implemented right away. What am I after is to awaken our local government about this area that is left unnoticed. I want to theme to remember that the improvement in the telecom situation in the said municipality will create significant impact in all sectors - commerce, social and educational.

I, or should I say, we are looking forward that few years from now, "cyber café" (An internet café or cybercafé is a place where one can use a computer with Internet access, most for a fee, usually per hour or minute; sometimes one can have unmetered access with a pass for a day or month, etc. It may serve as a regular café as well, with food and drinks being served.)won’t be a strange word in our municipality. That someday, cyber cafés will exist in virtually every neighborhood especially in the rural centers; that although the cost of ICT is still relatively high for most individuals and rural areas, the cyber cafe will significantly improved accessibility to the Internet in them.

I got to think that depending on how dire your situation is, you may not have the luxury of being entirely ready when you launch your new offering. For that reason, the safest approach is not to pull out all the stops immediately. The facts are there for all to see. There has been substantial improvement in access to telecom facilities and unprecedented growth in the telecoms network. So has night turned to day? Not quite. In view of New Bataan’s size and requirements telecommunications infrastructure is still grossly inadequate. But does size determine quality? It should be more about growth and qualitative infrastructure than just having a big or the fastest growing market. Furthermore, with the opening up of the telecoms space further dramatic growth is expected as service and reliability demands increase. However, in-depth penetration and qualitative infrastructure growth is critical.

study

Cost
Access is not just about availability. Cost affects usage. High cost is still a barrier. While prices have definitely come down the cost of access is still too high to have a transformatory impact. There are presently price competition battles going on involving providers, which are steps in this direction. The provision of Internet is also helping. But more needs to be done about bringing down call tariffs and rates not just communications acquisition cost. The aim should be low cost Internet and phone service.

Technologies are commendable and should be encouraged. However, because most of the computer hardware in use in the said municipality must be imported, high computer prices are barrier to access. E-business, Telecommunication Infrastructure is incomplete without affordable computing facilities. Although just like the phone and Internet costs, computer prices have been falling, more people, not just businesses, need to have access to reasonably priced computers for education, recreation, business and other creative activities.

study

Poor electricity supply

Epileptic power supply increases the cost of access. Supply of electricity needs to be optimal to enable businesses and banks to provide seamless online services through local areas networks, wide area networks and the Internet. Inefficiency is the word to describe a situation where everybody has to depend on power generators, as the primary, reliable power supply. This constitutes a barrier to growth and sustainable development. The growth of real e-business cannot take place or be of any significance in an environment with unreliable public power supply.

study

Quality of service

While availability has grown, this has not been matched by quality of service. It is not enough to have cheap lines and low cost bandwidth. Efficiency and accessibility of telecoms service should be paramount. Most operators have a lot of work to do in Quos especially in the areas of congestion and support.

study

ICT Incentives

As what I have stated above, the market is large – the biggest in Africa! Opportunities abound! But more needs to be done to encourage investment in ICT, especially in the knowledge and creative areas. There is a need for a combination of incentives: reduction of import duties on ICT equipment, tax incentives for ICT companies, tax incentives for investment in ICT research, development and training efforts, local manufacture of telecommunications equipment and infrastructure. Again the essence of these incentives is to encourage growth and reduce access cost. If most ICT providers are faced with the problem of multiplicity of taxes, as is the case now, is this in sync with the growth that is needed? (ICT: Information and communication technologies (ICT) is an umbrella term that covers all technical means for processing and communicating information. The term has gained popularity partially due to the convergence of information technology (IT) and telecom technology. ICT defines a broad range of technologies, including methods for communication (communication protocols, transmission techniques, communications equipment, media (communication)), as well as techniques for storing and processing information (computing, data storage, etc.);There are claims that the expression "information and communication technology" should not refer only to contemporary or automated technological artifacts; paper-based writing, being itself a technology ontologically, can be included as pre-digital means of generating information (or communication). The term ICT has been incorrectly associated only with digital technologies - analogue and even mechanical systems can be considered as ICT, although the use of the expression in that context is rare and limited. Another shortcoming, particularly in education, is that the term ‘ICT’ is used synonymously with the term computer technology, and is not usually applied with the rest of the technologies that are used in our daily lives - cell phones, cameras, satellite receivers, media players, game consoles, etc.)

study

Building expertise

More efforts should be invested in encouraging the development of IT and Telecoms expertise in New Bataan. "The biggest market", "the fastest growing teledensity" or just "the biggest consumers"? Consumption alone cannot engender growth. There is a need to develop human capacity in areas such as: technical, management, research and development, security, strategic and operational. For example, while there has been a cyber café boom, management has been a major source of concern for cyber café businesses. Also with the many IT and Telecoms projects that are taking off, project management skills will be required to get benefit.

Human development in ICT can be encouraged through increased awareness of opportunities and capabilities in ICT. The environment should encourage ICT education and provide incentives especially for those investing in research, development, training, software and other creative efforts. Acquiring infrastructure is great but it is serious investment in education that will bridge the digital divide and enhance the quality of infrastructure, the quality of access, the quality of usage, the quality of growth.

Initiatives from profit-driven members of the private sector should be encouraged, but such schemes are on their own not enough to make Nigeria an ICT-capable country or a key player in the global ICT revolution.
An emphasis on infrastructure would widen access to ICT facilities. Nigeria can't afford the luxury of ignoring the multiplier effects of access to ICT. New BAtaan has not done well so far in improving infrastructure capacity in "record time", it's time to start focusing on it.

At the end of the day, infrastructure is not just about access, it's about what you do with access.

Reference:
http://en.wikipedia.org/wiki/Information_and_communication_technologies
http://en.wikipedia.org/wiki/New_Bataan,_Compostela_Valley

As a student, you were invited by the Dean of the Institute of Computing to attend a seminar-workshop on information systems planning with some of the faculty members. In one of the sessions, a discussion of outsourcing came up. You have been asked to present your evaluation about outsourcing the information systems functions of the school.

Required: You are to take a position- outsource or in-source and justify your position. (3000words)

================================================

Review on terms:

Idea

Information Systems Planning is an important topic for managers and researchers alike. Advances in information provision have led organizations to attempt to develop IS/IT strategies which interrelate with their business strategies and which together support corporate missions. Strategic information systems planning (SISP) has become an accepted part of the overall corporate strategic planning process. The proliferation of methods and the variations in satisfaction indicate a need to provide a framework for classifying and comparing SISP approaches which will provide guidance on use and to explain why certain approaches are more commonly used than others. Develops a classification framework based on complexity and describes tools for using the framework and provides indication as to the nature of a complete classification and comparison method for SISP based on complexity, scope and fit.

Idea

Insourcing is a business practice in which work that would otherwise have been contracted out is performed in house. Insourcing often involves bringing in specialists to fill temporary needs or training existing personnel to perform tasks that would otherwise have been outsourced. An example is the use of in-house engineers to write technical manuals for equipment they have designed, rather than sending the work to an outside technical writing firm. In this example, the engineers might have to take technical writing courses at a local college, university, or trade school before being able to complete the task successfully. Other challenges of insourcing include the possible purchase of additional hardware and/or software that is scalable and energy-efficient enough to deliver an adequate return on investment (ROI).
Insourcing can be viewed as outsourcing as seen from the opposite side. For example, a company based in Japan might open a plant in the United States for the purpose of employing American workers to manufacture Japanese products. From the Japanese perspective this is outsourcing, but from the American perspective it is insourcing. Nissan, a Japanese automobile manufacturer, has in fact done this.

Idea

Outsourcing is an arrangement in which one company provides services for another company that could also be or usually have been provided in-house. Outsourcing is a trend that is becoming more common in information technology and other industries for services that have usually been regarded as intrinsic to managing a business. In some cases, the entire information management of a company is outsourced, including planning and business analysis as well as the installation, management, and servicing of the network and workstations. Outsourcing can range from the large contract in which a company like IBM manages IT services for a company like Xerox to the practice of hiring contractors and temporary office workers on an individual basis.

Outsourcing/Insourcing Assessment:

Outsourcing
Outsourcing began in the early eighties when organizations started delegating their non-core functions to an external organization that was specialized in providing a particular service, function or product. In outsourcing, the external organization would take on the management of the outsourced function.
Most organizations choose outsourcing because outsourcing offers a lot of advantages. When organizations outsource to countries like India, they benefit from lower costs and high-quality services. Moreover organizations can concentrate more on core functions once they outsource their non-core functions. Outsourcing can also help organizations make better use of their resources, time and infrastructure.
In outsourcing, the outsourcer and the outsourcing partner have a greater relationship when compared to the relationship between a buyer and a seller. In outsourcing, the outsourcer trusts the outsourcing partner with vital information. Outsourcing is no longer confined to the outsourcing of IT services. Outsourcers in the US and UK now outsource financial services, engineering services, creative services, data entry services and much more.
Most organizations are opting to outsource because outsourcing enables organizations to access intellectual capital, focus on core competencies, shorten the delivery cycle time and reduce costs significantly. Organizations feel outsourcing is an effective business strategy to help improve their business.

The Advantages of Outsourcing

• Outsourcing your non-core activities will give you more time to concentrate on your core business processes
• Offshoring can give you access to professional, expert and high-quality services
• With outsourcing your organization can experience increased efficiency and productivity in non-core business processes
• Outsourcing can help you streamline your business operations
• Offshore outsourcing can help you save on time, effort, manpower, operating costs and training costs amongst others
• Outsourcing can make your organization more flexible to change
• You can experience an increased control of your business with outsourcing
• Your organization can save on investing in the latest technology, software and infrastructure as your outsourcing partner would be investing in these
• Outsourcing can give you assurance that your business processes are being carried out efficiently, proficiently and within a fast turnaround time
• Offshoring can help your organization save on capital expenditures
• By outsourcing, your company can save on management problems as your offshore partner will be managing the team who does your work
• By outsourcing, you can cater to the new and challenging demands of your customers
• Outsourcing can help your organization to free up its cash flow
• Sharing your business risks is possible with outsourcing
• Outsourcing can give your business a competitive advantage as you will be able to increase productivity in all the areas of your business
• Outsourcing can help your organization to cut is operational costs to more than half
If you want your organization to stay ahead of competition, concentrate on core competencies and make use of the latest technologies, then outsourcing can help your organization achieve all this and more. In outsourcing, the advantages of outsourcing are more than the disadvantages of outsourcing. The pros of outsourcing have driven more organization to step into offshoring and experience the benefits that it has to offer.

The Disadvantages of Outsourcing

• At times, it is more cost-effective to conduct a particular business process, rather than outsourcing it
• While outsourcing services such as payroll processing services and tax preparation services, your outsourcing provider will be able to see your company’s confidential information and hence there is a threat to security and confidentiality in outsourcing
• When you begin to outsource your business processes, you might find it difficult to manage the offshore provider when compared to managing processes within your organization
• Offshoring can create potential redundancies for your organization
• In case, your offshore service provider becomes bankrupt or goes out of business, your organization will have to immediately move your business processes in-house or find another outsourcing provider
• The employees in your organization might not like the idea of you outsourcing your processes and they might express lack of interest or lack of quality at work
• Your outsourcing provider might not be only providing services for your organization. Since your provider might be catering to the needs of several companies, there might be not be complete devotion to you and your company
• By outsourcing, you might forget to cater to the needs of your valuable customers as your focus will be on the business process that is outsourced
• In outsourcing, you may lose your control over the process that is outsourced
• Outsourcing, though cost-effective, might have hidden costs, such as the legal costs incurred while signing a contract between companies. You might also have to spend a lot of time and effort in getting the contract signed
• With outsourcing, your organization might suffer from a lack of customer focus
• There can be several disadvantages in outsourcing, such as, renewing contracts, misunderstanding of the contract, lack of communication, poor quality and delayed services amongst others.
The disadvantages of offshoring give organizations an opportunity to think about what they are stepping into. However the disadvantages of outsourcing are less than the advantages of offshore outsourcing. When outsourcing, you might not experience any of these disadvantages of offshoring, if you find a reliable outsourcing partner. Before outsourcing take the interests of your customers and employees into consideration and then make an informed decision. If your organization is genuinely interested in outsourcing, let not the disadvantages of outsourcing stop you.

Insourcing

The opposite of outsourcing can be defined as insourcing. When an organization delegates its work to another entity, which is internal yet not a part of the organization, it is termed as insourcing. The internal entity will usually have a specialized team who will be proficient in the providing the required services. Organizations sometimes opt for insourcing because it enables them to maintain a better control of what they outsource. Insourcing has also come to be defined as transferring work from one organization to another organization which is located within the same country. Insourcing can also mean an organization building a new business centre or facility which would specialize in a particular service or product.
Organizations involved in production usually opt for insourcing in order to cut down the cost of labor and taxes amongst others. The trend towards insourcing has increased since the year 2006. Organizations who have been dissatisfied with outsourcing have moved towards insourcing. Some organizations feel that they can have better customer support and better control over the work outsourced by insourcing their work rather than outsourcing it.
• With the insourcing team managing the overall and technical project issues, the project life cycle is different:
• Requirements are defined with use cases again.
• We use QuickWebWorkshops to build small, proof of concept prototypes that teach the in house staff how to do development and validate the user requirements clearly.
• The custom application engineering for the company's project beats generic best practices solutions by lowering total development hours dramatically in many situations.
• In design, we use all the company's existing software that can be reused along with IBM tools for iSeries such as JTOpen and WDSC and a wide variety of open-source and other third-party tools.
• Instead of a few big code drops during the project, we have smaller, iterative drops for user testing and feedback with the in house staff providing tighter control to the project.
• During the development stages, the in house staff is actively involved both in design, lending their application knowledge to our designers, and developing significant portions of the application.
• With tighter communication, the company is involved in most of the engineering and design detail decisions even where we are building the frameworks.
• Throughout the project, the in house staff that will inherit the application is involved in documenting and testing it using automated tools wherever possible.
• Leveraging the broad market of open-source tools lowers the total project hours a lot and provides no-charge, flexible licensing for software components.
• If we have large amounts of application coding that can't be done by in house staff we have the option of doing that with hourly offshore resources under the control of the insourcing team to keep costs low.

We all know that a significant portion of business processes and activities in most organizations depends completely on information systems, and could not function without them. But a question always take place is that what Information system to use, Insource or Outsource Information System.

In our situation, I would suggest that our school will Insource its Information System. Aside from the reviews on Insource Informastion system above, my concern is on our faculty. We have competitive faculty which I am sure will amke our system in its best. It will help both sides: extra income to the faculty and insurance to the security, affordability, fuction satisfaction of USEP's IS.

Reference:
http://www.theoutsourcerzone.com/why.htm
http://www.theoutsourcerzone.com/it.htm
http://www.theoutsourcerzone.com/application.htm
http://www.theoutsourcerzone.com/hr.htm
http://whatis.techtarget.com/definition/0,,sid9_gci1185946,00.html
http://www.outsource2india.com/why_outsource/articles/advantages-disadvantages-outsourcing.asp
http://search400.techtarget.com/tip/0,289483,sid3_gci996709,00.html

On the assumption that you heard/read the SONA of the President last month, (July 2000), identify at least 3 areas related to ICT and identify how these areas can improve our quality of life.

I have here what I consider areas that are related to ICT during the President’s SONA last July 2009.

Quote 1: The Telecommunications Sector

“Sa telecommunications naman, inatasan ko ang Telecommunications Commission na kumilos na tungkol sa mga sumbong na dropped calls at mga nawawalang load sa cellphone. We need to amend the Commonwealth-era Public Service Law. And we need to do it now.”

study

I suppose majority of Filipino people are interested about this. Because visibly, Filipinos are avid mobile phone user I would say. Thus, making the telecommunication agencies benefit the most. Furthermore, issues like drop calls, stolen loads (as people term it) and complaints are dominant. So I was glad that the administration has finally addressed this problem by commanding the Telecommunications Commission to decipher this problem and make solutions. Thank you that recently, Telecommunication Commission found an alternative solution- the extension of load expiration. Not mentioned above, but this is one of the hassles that we, users, complain about. This is a great help especially to those who use their load for emergencies only (less worry about losing the load for nothing and benefiting from it).

PS: I do not believe that this will cause a great lose to the telecommunications industry. Business is business… I know they will still generate profit from it. ^_^

Quote 2: The BPO

“In the past if the electronics sector grew, today we’re creating wealth by developing the BPO and tourism sectors as additional engines of growth. Electronics and other manufactured exports rise and fall with the state of the world economy but BPO remains resilient. With earnings of $6 billion and employment of 600,000, the BPO phenomenon speaks eloquently of our competitiveness and productivity… Let us have a Department of ICT.”- President Gloria Macapagal-Arroyo.

study

We were aware that Business Process Outsourcing (BPO) nowadays bloomed to the extent that even crisis did not impede it. President Arroyo’s decision to have an ICT Department is a great help to the Philippine Economy. This does give opportunity to many Filipinos. I have read that the recent growth in the outsourcing industry in the Philippines has been fueled not by traditional low-value-added call centers but more higher-end outsourcing such as legal services, web design, medical transcription, software development, animation, and shared services. President Arroyo’s decision to have this Department of ICT is a great step towards the development and promotion of BPO- Philippines. If properly implemented, managed and developed, this will be an economic wealth growth that Filipinos will benefit the most.

Below is an excerpt from a site that states why many clients outsource in the Philippines.

“The Philippines has now stepped out of India’s shadow to become a competitive KPO (Knowledge Process Outsourcing) and BPO (Business Process Outsourcing) destination. The latest growth spurt in the Philippines’ outsourcing industry doesn’t just come from a mushrooming number of call centers but also from higher-end services such as web development, software development, legal services, medical transcription, animation and other services. When you choose to outsource I.T. to the Philippines, you reduce and control your operating costs, gain access to world-class capabilities and maximize your productivity.” [www.outsourceit2philippines.html]

Quote 3: The 2010 Automated Election

“As the seeds of fundamental political reform are planted, let us address the highest exercise of democracy, voting! In 2001, I said we would finance fully automated elections. We got it, thanks to Congress.”

study

I was quietly interested way back those days that the automated election was just hearsay. In a one-dimensional thinking, I would say, because I am an IT student, that I would enjoy and benefit this type of election. Maybe I could volunteer myself as watcher or so whatever. But that was before.

study

I have read articles and forums about the coming 2010 elections. And I found lots of sentiments that I was not able to realize ahead of: fraud that may happen, illiterate ones may refrain from voting, some teachers are worrying about the extra income they may not have in an automated election, the expected huge power consumption during the Election event, etc. I hope these concerns are analyzed and considered by the administration.

study

But the decision is final! We will be having our 2010 automated election. Optimistically, this would create a big step towards technological advancement. By means of a system that uses appropriate technology for voting and electronic devices to count votes and canvass/consolidate with a potentially greater accuracy is what we’re expecting and hoping. The important is that we will be able to exercise our democracy, voting, in an election with less fraud.

References:
http://ikuwaderno.com/transcript-of-arroyos-sona-july-27-2009.html
http://en.wikipedia.org/wiki/Commission_on_Information_and_Communications_Technology_(Philippines)

If you were hired by the university president as an IT consultant, what would you suggest (technology, infrastructure, innovations, steps, processes, etc) in order for the internet connectivity be improved? (3000words)

***********************************

IT consultant work review:

Today IT consulting has become a major opportunity for many IT professionals who want to work for themselves. It is no longer only the domain of the high-flying international organization. In fact, tens of thousands of IT professionals are leaving their regular jobs to set up as IT consultants on their own. Although there are many consulting opportunities available, it is quite a challenge to make a success of your own IT consulting business.

My stand:
If ever I were hired by the university president as an IT consultant, I would recommend the establishment and maintenance of security requirements necessary to protect university information, computing and network resources, and minimize susceptibility to attacks on USEP resources against other sites.

My first suggestion would be the request for a university’s local Department of Information and Network Technology (DINTech) or whatever name the university prefer. It would be an entity that is responsible for the planning, coordinating, implementing, regulating, and administrating the information and network technology. It will promote, develop, and regulate integrated and strategic information and communication technology systems and reliable and cost-efficient communication facilities and services. During this entire article, we will be able to realize the importance of this department I would say. This department must have its own office for security and integrity purposes.

Secondly, I would like to strengthen the security requirements. Security shall be in place for the protection of the privacy of information, protection against unauthorized modification of information, protection of systems against the denial of service, and protection of systems against unauthorized access. Users are reminded that all usage of USEP's information technology resources is subject to all University policies.

I would suggest that university information, computing, and network resources may be accessed or used only by individuals authorized by the university. The university encourages the use of computing and network resources and respects the privacy of users. Nonetheless, the university may access information stored on the University's network of computers for the purposes listed below. I got these lists from an article so as an IT consultant (in this case), I point out the type of users who can do such privileges.

a. Troubleshooting hardware and software problems- This must be limited to network administrator and computer technicians.
b. Preventing unauthorized access and system misuse- There are some cases in our school that students encounter a problem with the computer they are using. And so, to solve the problem, they modify the properties of the hardware and software in our virtual libraries by themselves that causes another worse problem.
c. Retrieving University business related information- This must be limited to the officer-in-charge of the business.
d. Investigating reports of violation of university policy- There must be a special force that must look (in-charge) this area. This may include the illegal distribution of software from the resource of the university. This also includes the unauthorized charging of notebooks (laptops) and any electronic devices in the university outlet, and etc.
e. Complying with legal requests for information
f. Rerouting or disposing of undeliverable mail- This must be the look-out of the network administrator. This is an important issue that the net-admin must consider.

g. Addressing safety or security issues

To the greatest extent possible in a public setting individuals' privacy should be preserved. However, privacy or confidentiality of documents and messages stored on University-owned equipment cannot be guaranteed. Users of electronic mail systems should be aware that, in addition to being subject to authorized access, electronic mail in its present form cannot be secured and is, therefore, vulnerable to unauthorized access and modification by third parties.

Systems that are found to pose a threat to the integrity of the information, computing and network resources may have their access to these resources be suspended. The suspension of services will continue until the problem has been remedied and the system validated by Department of Information and Network Technology (this is the department that I want our university to have..at least) for operation within the USEP information, computing and network resources environment. The University reserves the right to invoke emergency suspension of services without prior notification if the situation poses a serious threat to the information technology environment.

Persons in violation of this policy are subject to the full range of sanctions, including the loss of computer or network access privileges with or without notification, disciplinary action, dismissal from the University, and legal action. Some violations may constitute criminal offenses, as outlined in USEP statutes and other local, state, and federal laws; the University will carry out its responsibility to report such violations to the appropriate authorities.

I would suggest that the university must recheck its system and analyze its weakness and strength. The university must check if it meets the minimum requirement that a good internet and information system must possess. To guide the university doing this, I have here below an excerpt from an article in the internet that would help.

Initial Network Hook-up:
Each system must be capable of passing a test for vulnerabilities to hacker attacks and relaying of unsolicited email prior to being attached to USEP’s information, computing and network resources. System testing will be the responsibility of the Departmental/Unit or University Security Officer. [ in our case it would be the Department of Information and Network Technology]

Password Specification:
Password Policy: All passwords on any system, whether owned by USEP or by an individual, directly connected to University network must adhere to the following standards when technically possible. This includes devices connected to the campus network with a direct wired connection, wireless, dial-in modem, remote access software (e.g., Windows Remote Desktop), use of a Virtual Private Network (VPN), and the like. This policy applies to all passwords - eID, system, user, database, application, etc. Any system that does not comply may have its network access blocked without prior notification

Password Standards:
a. Passwords must have a minimum of 7 characters.
b. Passwords must contain characters from 3 of the 4 following categories:
i. Uppercase letters
ii. Lowercase letters
iii. Numbers
iv. Special Characters (for example: !,@,#,$,%,^,&,*, etc. But be aware if traveling outside the U.S. that some symbols, like the U.S. dollar sign, may not be available on international keyboards)
c. Passwords cannot be the same as the USEP eID and not easily guessed (for example: no variants of the USEP eID, dictionary words, family names, pet names, birthdates, etc.).
d. Passwords must be changed at least twice a year (eID password changes are during a designated time at the beginning of the fall and spring semesters).
e. Passwords must be changed significantly and cannot repeat more frequently than every two years.
f. Passwords that are written down or stored electronically must not be accessible to anyone other than the owner and/or issuing authority.
g. The same password used to access Kansas State University Systems (for example, your eID password) must not be used for accounts or other forms of access to non-USEP systems or applications such as online shopping, banking, etc.
h. Passwords must not be shared unless explicitly permitted by the issuing authority. eID passwords must not be shared under any circumstances.
i. Anyone who believes their password has been compromised must immediately notify their departmental or college IT support, or the IT Help Desk to evaluate possible risks.
j. Default passwords in vendor-supplied hardware or software must be changed during initial installation or setup.
k. The eID password must never be transmitted over the network in clear text (i.e., it must always be encrypted in transit). It is also strongly recommended that other types of passwords be encrypted in transit.

Unattended Computers
To protect against unauthorized access to data on computers left unattended, the following precautions are required:
a. Enable password protection on the screen saver for all university computers with the exception of special-purpose computers designed for public access, such as information or registration kiosks, public computers in the library, or computer labs where locking is undesirable due to the risk of a user monopolizing a shared computer. The length of time before the password-protected screen saver comes on should be set to 20 minutes or less. For lab situations, it is recommended that computers be set to automatically logout after at the most 30 minutes of idle time.
b. Never leave your computer unattended and unprotected. Before leaving your computer, lock the display or log out in a manner that requires a password to gain access.
Protection from Malicious Software and Intrusions:
Malicious software, or "malware", comes in many forms - viruses, worms, Trojan horses, denial of service attacks, botnets, spyware, adware, spam relays, etc. All pose a security risk, some of which are a very serious threat to the confidentiality, integrity, or availability of USEP's information and technology resources. Appropriate precautions must be taken to protect USEP systems and information from compromise by malware. To that end, USEP may require the installation of essential security software on computers connected to the USEP campus network or accessing USEP information and technology resources. The following sections define specific requirements for antivirus, spyware/adware, personal firewalls, and e-mail. Assuring the validity of malware protection software is the responsibility of each user, the department/unit security representative, and the USEP Security Officer.

Virus Protection
a. The following computers must use the university-supplied antivirus software configured in a managed mode ("managed mode" allows a server to monitor and configure the antivirus protection on the client computer and push updates to the client on demand):
i. Any university-owned computer
ii. Student-owned computers in USEP residence halls
iii. Users of USEP's wireless or wired network if it is a university-owned computer or one that belongs to a current USEP faculty, staff, or student.
b. All other computers accessing the USEP campus network or information technology resources must be running active, up-to-date virus protection software. Current USEP faculty, staff, and students may run the university-supplied antivirus software on their home computers at no cost to meet this requirement.
c. Antivirus software must be activated when the computer boots up and remain active at all times during its operation.
d. Real-time file scanning must be enabled where files are scanned for malicious anomalies before they are written to the hard drive.
e. The version of the antivirus software (i.e., the antivirus program or engine) must be no more than one version behind the current version offered by the vendor or the version endorsed by USEP, and must be supported by the vendor.
f. f. Virus definition files (i.e., the database in the antivirus software that identifies known malware) must be up-to-date with the most current version available from the vendor.
g. Checking for and installing updates to virus definition files and antivirus software must be automated and performed at least daily.
h. Comprehensive virus scans of all local hard drives must be performed at least weekly.
Spyware/Adware Protection
a. All computers connected to the campus network must run active spyware/adware protection software.
b. Spyware/adware definition/detection rules must be up-to-date with the most current version available from the vendor.
c. Scans of all local hard drives for spyware/adware must be performed at least weekly.
Personal Firewall Protection
a. All computers using the university-supplied security software (which includes virus, spyware, intrusion, and firewall protection) must have the firewall enabled.
b. Any other computer connected to the campus network must run a personal firewall. Microsoft Windows Firewall is an acceptable personal firewall.
E-mail Protection
a. All campus e-mail servers must provide antivirus protection that detects and mitigates infected e-mail messages.
b. Infected messages must be discarded or quarantined, not returned to the sender.

Security Patches
All systems connected to the campus network and the applications and databases running on those systems must have the latest security patches available from the respective vendors applied. Any system or application with known vulnerabilities for which a patch is not available must take appropriate measures to mitigate the risk, such as placing the system behind a firewall. Kansas State University may block access to the network for systems that have not been patched.

College/Departmental Systems
Colleges, departments, or other USEP units may institute their own distributed computing system, as these provide valuable specialized services to users. These servers, in order to protect the University resources to which they are connected, must be kept no more than one version behind the current vendor-supported version of the operating system and application software and comply with all security requirements and standards set forth in this policy.
Campus units with qualified IT support staff may run their own security management environment with the university-supplied security software that provides virus, spyware, intrusion, and firewall protection. The unit security management system must be configured to provide reports to the central security management system to facilitate comprehensive campus-wide reporting. In the absence of qualified IT support staff, units must use the central security management services for malware protection.
Assurance of server protection is the responsibility of the Department of Information and Network Technology.

Enforcement
Enforcement of these policies and associated standards is the responsibility of the Department of Information and Network Technology or designee. Any system that does not comply with security policies and standards, is susceptible to a known vulnerability, or is compromised may have its network access blocked immediately and without prior notification to protect the integrity of other systems and data.

Any device directly connected to the campus network (i.e., with a direct wired or wireless connection, dial-in modem, remote access software like Windows Remote Desktop, use of a Virtual Private Network (VPN), and the like) may be scanned and assessed by designated DINTech or security staff at any time to determine compliance with security policies and standards, or detect anomalous activities, vulnerabilities, and security compromises. Firewalls must be configured to permit this remote scanning function. Scanning may only be performed to the extent necessary to detect and assess the risk.

USEP must have a defined procedures for restoring network access after the vulnerable or compromised system has been repaired The Chief IT Security Officer will determine whether the repair will require the computer to be reformatted and the operating system and all software and data re-installed, depending on the nature of the compromise.

Security Personnel Responsibilities:
University IT Security Officer: The University employee who leads the IT security program to protect USEP's information, computing, and network resources. Responsibilities include assisting with university-wide IT security policies, controls and procedures; developing and maintaining security architecture, standards, and guidelines; monitoring compliance with IT security policies and standards; risk assessment; coordinating responses to security incidents; communication with organizations outside the University; chairing the Security Incident Response Team; and promoting training and awareness of the secure use of information, computing and network resources.
IT Security Analyst: Technical personnel in central information technology units assigned with responsibility for the secure operation of information, computing and network security at the enterprise level. Responsibilities include monitoring the state of information, computing and network security; detection and remediation of security incidents, implementation of preventative measures, configuration and management of security technology (for example, firewalls and intrusion detection systems), and communication of alerts and remedies to departmental/unit security representatives.

Security Incident Response Team (SIRT): A team with representatives from each academic college and major administrative unit that provides advisory, proactive, and reactive support for USEP's IT security program. Responsibilities include coordinating the campus-wide response to major security incidents; coordinating implementation of preventative measures in their colleges/units; communicating threats and best practices to their colleges/units; approving requests for restoring network access to vulnerable or compromised computers; participating in the development of IT security policies, standards, guidelines, and procedures; and assisting with IT security training and awareness efforts. SIRT duties should constitute no more than 30% of an individual's job responsibilities.

Departmental Security Representatives: The primary point of contact for departments for IT security matters. The departmental security representative serves as a liaison between SIRT and the department by assisting with communication, facilitating implementation of preventative measures in the department, and coordinating the response to security incidents involving technology or data within the department.

Deans and Department Heads: Responsibilities include authorizing access to computer systems in their units, ensuring that System Users understand and agree to comply with University and unit security policies, and ensuring that the technical and procedural means and resources are in place to assist in maintaining the security policies and procedures outlined above.

System Users: Responsibilities include agreeing to and complying with all applicable University and unit security policies and procedures; taking appropriate precautions to prevent unauthorized use of their accounts, software programs, and computers; protecting university data from unauthorized access, alteration, or destruction; representing themselves truthfully in all forms of electronic communication; and respecting the privacy of electronic communication.

Appropriate use of information technology resources includes instruction; independent study; authorized research; independent research; and official work of the offices, units, recognized student and campus organizations, and agencies of the University.

Authorized users are: (1) faculty, staff, and students of the University; (2) anyone connecting from a public information service; (3) others whose access furthers the mission of the University and whose usage does not interfere with other users' access to resources. In addition, a user must be specifically authorized to use a particular computing or network resource by the campus unit responsible for operating the resource.

It is my responsibility as a consultant to be aware of the potential for and possible effects of manipulating information, especially in electronic form, to understand the changeable nature of electronically stored information, and to continuously verify the integrity and completeness of information that you compile or use. I am responsible for the security and integrity of University information stored on your individual computing desktop system.

Appropriate use of information technology resources includes instruction; independent study; authorized research; independent research; and official work of the offices, units, recognized student and campus organizations, and agencies of the University.

All of my proposals and suggestions above are sill useless if it will not be put into operation. But most of all, this must be considered : appropriate use of information technology resources includes instruction; independent study; authorized research; independent research; and official work of the offices, units, recognized student and campus organizations, and agencies of the University. Everybody, from the top to the lowest must be aware.

Reference:
http://www.elsevier.com/wps/find/bookdescription.cws_home/679850/description#description
http://www.wikipedia.com

_aiai_

♥...aiai_cud8be...♥

_mumu_

this is me..

mah dream..

I'm gonna be..

Journal 1:NEVER PLAN to FAIL

Journal

>>Insource or Outsource?

>>finally

the Lane Systems visit..>>

Sentiment to SONA>>

If ever..

be happy!

hi there!

ka-chikas>>

mah posts>>