Sensitive Information Policy

Includes HIPAA Audit Program Guide and a PCI Audit Program

This policy is easily modified and defines how to treat Credit Card, Social Security, Employee, and Customer Data.  The template is 29 pages in length and complies with Sarbanes Oxley Section 404, ISO 27000 (17799), and HIPAA.  The PCI Audit Program that is included is an additional 50 plus pages in length.

This policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals). 

The HIPAA Audit Program Guide provides you with a checklist of the must be implemented items which HIPAA mandates. 

You can download the Table of Contents and some sample pages by clicking on the link below.

Internet,
e-Mail,
Mobile Device,
Electronic Communications, and
Record Retention 
Policy

This policy is is compliant with all recent legislation (SOX, HIPAA, Patriot Act, and Sensitive information), and covers:

• Appropriate Use of Equipment
• Mobile Devices
• Internet Access
• Electronic Mail
• Retention of Email on Personal Systems
• E-mail and Business Records Retention
• Copyrighted Materials
• Banned Activities
• Ownership of Information
• Security
• Sarbanes-Oxley
• Abuse

Included with the policy are forms that can be used to facilitate the implementation of the policy. Included are these ready to use forms:

• Internet & Electronic Communication Employee Acknowledgement
• E-Mail - Employee Acknowledgement
• Internet Use Approval Form
• Internet Access Request Form
• Security Access Application Form

Travel and Off-Site Meeting Policy

Travel and Off-Site Meeting Policy - Protection of data and software is often is complicated by the fact that it can be accessed from remote locations. As individuals travel and attend off-site meetings with other  employees, contractors, suppliers and customers data and software can be compromised.  This policy is four page in length and covers:

• Data and application security
• Minimize attention
• Shared public resources
• Off-site meeting special considerations

Outsourcing Policy

Outsourcing Policy - This policy is eighteen page in length and defines everything that is need for function to be outsourced.  The policy comes as a Microsoft Word document that can be modified as needed.  The template has been updated to include a HIPAA audit program definition in length and covers:

• Outsourcing Management Standard
  • Service Level Agreement
  • Responsibility
• Outsourcing Policy
  • Policy Statement
  • Goal
• Approval Standard
  • Base Case
  • Responsibilities

Note: Look at the Practical Guide for Outsourcing over 110 page document for a more extensive process for outsourcing

Current Information Technology News

Managing Productivity and Costs in a Turbulent Economy

There have been unprecedented events in the global markets that will have a profound impact on enterprises of all types. Enterprises need to take proactive measures to mitigate the risk of coming under severe financial pressure themselves.

Is traditional "cost cutting"really the answer? Cost reduction is a promising solution to sustain profitability for nearly all organizations. However, the key to success is finding creative ways to prevent costs.

Metrics are the way we see it.  Metrics based solutions allow enterprises to improve their understanding of the key drivers of profitability and enable them to develop a cost redistribution program that will ensure long-term financial viability. It is critical to identify the areas where cost can be eliminated or reduced and to create and implement a formal cost review process.

Enterprises of all types are feeling the pressure as customers' disposable income decreases while trying to keep up with higher costs of living. Over the last several years, cost management strategies have become the focus of executive management due to global economic challenges.

These external drivers of cost management include:

• Marketplace Competition - competitors providing similar products at lower prices
• Recession Fears - less cash flow in the marketplace
• Rising Production Costs - increasing cost of energy and material
• Inflation - declining value of currency and/or rising prices of goods and services
  Increased
• Investors and Boards of Directors Pressures - missed revenue targets, mergers and acquisitions

ITSM Metrics

IT Service Management Metrics are defined in the ITSM Template.

IT Service Management is possible only with client and IT agreement that service is being delivered.  The ITSM SOA Template is the perfect solution.

Setting Priorities With Tight Budgets

Meet with each user groups executives and ask them if they could get only one project done, what it would be. The rule for the discussion: They describe their projects in terms of business change, not in terms of software requirements ("We need to improve productivity in the warehouse by picking items more efficiently," not "We need an inventory picking system enhancement.")

Next, call a meeting with your business analysts. Walk them through the full list, then parcel out the requests based on each analyst's expertise and ability to get along with the various execs. In this discussion, let them know you're looking for quick solutions that are good enough, not elegant solutions that will withstand the test of time. Their job is to figure out how to get each exec most of the improvement they're looking for and quickly, not all of the improvements they'd like done the "right way."

This means that if a twice-a-day batch extract into Excel file works, there is no need to create a real-time SOA-driven interface. It means that a once-a-night dump-and-load into Excel might be a better answer than enhancing the data warehouse and its business intelligence interface.

It might mean nothing more than teaching their staff how to assign tasks to each other using plain-vanilla existing software, instead of deploying a full-blown, enterprise-scale integrated project management solution.

CIO Need to Hire and Develop IT Staff

Successful CIOs are utilizing sophisticated, aggressive hiring tactics to acquire the most desirable personnel wherever they may be, while at the same time putting extensive emphasis on retaining and developing internal talent.

This is not easy given the current economic situation.  Developing an adequate in-house talent pool demands more than a simple training program for employees' development. Establishing a strong, predictable internal talent pipeline requires:

• Clarity of role and expected performance
• Management of employees at every level
• Guided training, education, and career planning
• Assignment of eligible staff to the most exciting projects to motivate them and ensure a satisfying work experience

IT Metrics Key to Success in Troubled Times

You cannot manage what you do not measure. In addition, once you measure you modify behavior. Yet many organizations do a very poor job (or no job at all) of measuring the business value of their IT investments; but maximizing the business value of IT investments is the primary objective of good IT governance. A number of formal measurement methodologies exist for measuring the business value of IT. Simple ROI or other financial metrics are not good enough. By employing a consistent, repeatable, credible methodology, that both the business users and IT are held accountable for and that measures projected business value as well as the actual value delivered, organizations can significantly improve their IT investment returns.

Many IT organizations are under increasing pressure from the board of directors, executive management, and business unit managers to demonstrate and improve the business value of their IT investments. However, IT organizations still struggle to measure business value. Many of the attempts to do so have been focused on ROI measures at the front end as part of developing a business case for the IT portfolio’s proposed investments - but these are only estimates of expected business value. Actual delivered business value can only be measured by taking a life-cycle approach, working with the business to measure actual benefits after the project is complete.

Firms that strive for best practice in IT portfolio management need to apply a credible standard methodology across the enterprise to measure the business value of investments, both when proposed and when delivered. The good news is that a number of IT value methodologies have emerged that can be employed in the portfolio management process. The key is to adopt one and begin using it.

IT Strategy is Based on a Grounded Infrastructure

If companies are going to grow into entities that are truly greater than the sum of their parts, they need to respond faster and smarter to market challenges with better decision-making capabilities. One vital concern, which is often overlooked in discussions of information visibility, is the need for stringent alignment of departmental objectives with corporate strategy.

Business activity alignment is the ability to take your theories and put them into practice - in essence, taking the strategic plan and translating it into tactical steps. This results in more clearly defined executive roles, as well as an enhanced ability to leverage technology towards growth.

Additional business benefits include achieving a balance of cost and investment towards organizational goals; a balance between internal limits and external growth; enhanced collaboration for better decisions and departmental alignment; and a 360-degree view of customers for better customer experiences as well as marketing and sales efforts.

To ensure alignment, management should focus on the development of a common set of metrics within the organization, which naturally requires a common set of definitions. Typically, different parts of the organization develop metrics specific to themselves and their purposes - resulting in a lack of consistency in reporting and an inability to aggregate information to senior management. According to a 2007 report 57 percent of companies do not have a common set of metrics to work with.

The challenges become apparent when management tries to aggregate departmental information to make enterprise decisions. A lack of consistent definitions and metrics makes it particularly difficult for management to determine which way alignment needs to tilt, if at all. One caveat: small and midsize companies must strike a balance between letting groups identify and define the best metrics for themselves versus defining metrics in the best interests of the organization as a whole.

The result of strict alignment of activities with corporate strategy is that individual departments are no longer paying lip service to the business plan; instead, it serves as a coherent action plan, with all cogs working toward the same objective instead of grinding the machine to a halt.

Secuitiy Audit Starting Points

When conducting a security audit there are some common areas that should be reviewed.  Included are:

• Computer and network passwords. Is there a log of all people with passwords (and what type). How secure is this ACL list, and how strong are the passwords currently in use?
• Emails. Are spam filters in place? Do employees need to be educated on how to spot potential spam and phishing emails? Is there a company policy that outgoing emails to clients not have certain types of hyperlinks in them?
• Physical assets. Can computers or laptops be picked up and removed from the premises by visitors or even employees?
• Records of physical assets. Do they exist? Are they backed up?
• Data backups. What backups of virtual assets exist, how are they backed up, where are the backups kept, and who conducts the backups?
• Logging of data access. Each time someone accesses some data, is this logged, along with who, what, when, where, etc.?
• Access to sensitive customer data, e.g., credit card info. Who has access? How can access be controlled? Can this information be accessed from outside the company premises?
• Access to client lists. Does the website allow backdoor access into the client database? Can it be hacked?
• Long-distance calling. Are long-distance calls restricted, or is it a free-for-all? Should it be restricted?

Government Computers Hit by Virus Attack

WASHINGTON (AP) - Law enforcement computers were struck by a Mystery computer virus, forcing the FBI and the U.S. Marshals to shut down part of their networks as a precaution.

The U.S. Marshals confirmed it disconnected from the Justice Department's computers as a protective measure after being hit by the virus; an FBI official said only that that agency was experiencing similar issues and was working on the problem.

"We too are evaluating a network issue on our external, unclassified network that's affecting several government agencies," said FBI spokesman Mike Kortan. He did not elaborate or identify the other agencies.

Marshals spokeswoman Nikki Credic said the agency's computer problem began Thursday morning. The FBI began experiencing similar problems earlier.

"At no time was data compromised," said Credic. The type of virus and its origin were not determined.

In addition to their external networks, most federal law enforcement agencies have an internal-only network to prevent cyber-snoopers from sensitive data.

In this incident, the Marshals Service shut down its Internet access and some e-mail while staff worked on the problem.

Productivty Improvements Will Drive IT's Future Growth

Microsoft CEO Steve Ballmer told developers in India that growth will come from higher productivity and innovation when the economy begins to recover. It is not clear when that recovery will take place but he added that the IT industry will have a starring role to play in that recovery as customers focus on improving productivity and innovation.

According to Ballmer, the global economy is being "reset" in a "once in a lifetime" type of economic change. IT accounts for 50% of capital expenditure in the U.S.

CIOs Change Focus of Staffing Requirments

With the recent changes in the economy, many CIO are focusing staffing requirements on factors like:

• .NET, Java, PHP   - It is not enough to know the core languages. As projects encompass disparate functionality, IT professionals need to know the big 3 of Web 2.0.
• Rich Graphical Internet Applications - Flash is suddenly being used for more than just animations of politicians singing goofy songs. Flash has also sprouted additional functionality in the form or Flex and AIR. Flash's competitors, such as JavaFx and Silverlight, are also upping the ante on features and performance. To make things even more complicated, HTML 5 is incorporating all sorts of functionality, including database connectivity.
• Web Based Application development - Management is demanding more and needs staff who really knows how to work with the underlying technology at a "hand code" level.
• Web services - IT groups who cannot work with Web services will find themselves relegated to legacy and maintenance roles.
• People skills - Developers are being brought into more and more non-development meetings and processes to provide feedback. For example: the CFO cannot change the accounting rules without working with IT to update the systems; an operations manager cannot change a call center process without IT updating the CRM workflow. IT groups that can meet these challenges will be much more valuable to their employers - and highly sought after in the job market.
• New programming languages - Languages like Ruby, Python, F#, and Groovy are not mainstream –  but the ideas in them are. For example, the LINQ system in Microsoft's .NET is a direct descendent of functional programming techniques. Both Ruby and Python are becoming hot in some sectors, thanks to the Rails framework and Silverlight, respectively.
• Flexible Methodologies - Many CIO are either adopting flexible SDM or running proof-of-concept experiments. IT groups with a proven track record of understanding and succeeding in a flexible SDM environment is a critical success factor.
• Enterprise Operational knowledge - Hand-in-hand with flexible SDM methodologies, development teams are increasingly being viewed as collaborators in the definition of projects. This means that IT groups who understand the enterprise problem are able to contribute to the project in a highly visible, valuable way.
• Change Control and IT Service Management -  Thanks to the development of new, integrated stacks, like the Microsoft Visual Studio Team System, and the explosion in availability of high quality, open source environments, organizations without these tools are becoming much less common.
• Mobile development - In 2008, mobile development left the launch pad, and over the next five years, it will become increasingly important. There are, of course, different approaches to mobile development: Web applications designed to work on mobile devices, RIAs aimed at that market, and applications that run directly on the devices. Regardless of which of these paths you choose, adding mobile development to your skill set will ensure that you are in demand for the future.

Rules of Engagement for Implementation of Social Networks

Rules of Engagement for Corporate Implementation of Social Networks

1. Try out the applications - A first step is to see the features and functions the existing social networks.  This includes:
   • Blogger
   • Facebook
   • Linkedln
   • Twitter
   • UTube
   • Wikipedia

This is like the PC explosion of the 70s and 80s.  If the technology group does not set rules and standards, the user community will take it upon themselves to integrate consumer apps into their work lives. 

You may find it useful to try out social networking with a low-cost pilot. Many open source tools are widely available to experiment with. Another option is hosted applica­tions, which are easy to get up and run, and usually offer a small number of corporate li­censes at a very low price.

2. Set Modest Expectations - Do not promise management that and enterprise social network will unleash, ignite, or change the way things are done.  Sell a project as a pilot, with the option to walk away after a quarter or two if it does not work out.  Set reasonable goals for user adoption, and focus your initial deployment on a few groups that are eager for social networking tools.  Establish pragmatic metrics and measure business value. This will be the basis for an ROI analysis for senior management's approval prior to rollout.
3. Do not Let Fear Strangle Growth - Many enterprises are wary of open social networks because they do not know what the networks will evolve to. Some executive management worries that em­ployees will overdo the "social" aspects of these applications. 
   
   CIOs are tempted to police employee-generated content, either through monitoring or pre-approving posts. Resist that temptation; it will have a chilling effect on participation. Employees need time to grow comfortable with speaking up, sharing ideas, and participating in company-wide conversations. A social networking project will likely wither before it has a chance to grow if people fear the thought police.
4. Develop Open Social Networks - CIO and CFO have a tendency to control and push to build gated networks, but that approach defeats the purpose of a social network.
5. Build a Search Capability From Day One - a poor index and search engine makes the social applications less useful.  A primary requirement is to have strong "Google type" search capabilities and road maps.  Allow for user-generated feedback such as tags and content-rating sys­tems, because the point of social networking in business is to let people provide input into the relevancy of content and people.
6. http://www.it-toolkits.com/Security.htm - Have the ability to integrate existing data but balance that with security and sensitive information policies and procedures.

Disaster Recovery / Business Continuity is Not the Place to Cut Costs

In today's business environment, many enterprises are looking for way  to reduce their expenses by cutting overhead. Often this takes the form of reducing headcount, particularly in areas that are regarded as ancillary or non-core components of the enterprise.

Disaster Recovery and Business Continuity often are placed in that category and, as a result, can be an early casualty of many cost-cutting programs. Whether it is an internal Disaster Recovery and Business Continuity  team losing staff members, or a part-time Disaster Recovery and Business Continuity manager with less time to spare from the day job, Disaster Recovery and Business Continuity programs can be neglected and will quickly become out of date and ineffective, particularly in a rapidly changing organization. As anyone who has ever had to manage a Disaster Recovery and Business Continuity event knows, there are few things more useless than an out of date Disaster Recovery and Business Continuity plan.

Of course, it is hard to make a case for Disaster Recovery and Business Continuity at a time when core functions are under pressure, but maybe that is just when it should be on the radar even more than usual. With share prices shaky and credit hard to find, the last thing any organization needs right now is the damage to its reputation and credibility that could arise from failing to effectively manage a high profile disruptive incident.

Arguably, during a recession companies are at their most vulnerable, which makes it the worst time to neglect anything, which contributes to resilience or reduces risk. However, if an organization is under financial pressure, how can it square the circle and achieve those reductions in overhead costs while still maintaining the effectiveness of its Disaster Recovery and Business Continuity program.

Controlling Costs Driven by IT Infrastructure

There have been significant improvements in the tools available to support IT systems and improve the efficiency of IT help desks. In the area of enterprise wide applications or datacenter support services, vendors are increasingly looking to proactive and preventive support tools and utilities to provide the high-value support services required to avoid costly downtime situations. This technology, if deployed correctly, can accelerate a shift away from reactive maintenance to proactive and preventive support services, which can improve the efficiency of the current internal IT support staff, thus reducing the amount of time and resources that need to be dedicated to supporting the current environment.

• Virtualization  Virtualization can provide enterprises with immediate cost avoidance as it can improve the utilization of the IT infrastructure.
• Help  desk Automated tools can help in the support and the remediation of problems. By deploying these tools, enterprise can optimize the size and the responsibilities of help desk personnel.
• Support Portfolio Optimizing what is supported can provide enterprises with immediate cost savings.

Best Practices for Data Protection May Not be Enough

 A best practice solution for data protection is to use encryption to prevent the unauthorized from having access to information. However, encryption has a major weakness when it comes to information protection. When information has only been encrypted, once it is decrypted the authorized user cannot be prevented from doing whatever they like with the information. In fact, it is impossible for the sender of encrypted information to prevent its misuse by the authorized recipient. Therefore, while encryption controls are extremely valuable in some situations, they are not the answer to all the questions.

In addition, CIOs use access controls to try to protect information for which the IT group is the custodian. Access controls only really work inside the enterprise. Once you get outside the enterprise's network, it is almost impossible to maintain that control. Access controls were invented back in the mainframe era, they are simple, all or nothing limitations - read, write, append, delete, execute. They do not have the granularity control of a Digital Right Management (DRM) system. If you have access, then it is total and unmanaged.

Security policies for workstations become more complex

Many IT security policies require a multi-pronged approach to data security. For example, when setting up a new computer for a user, the IT department will require a BIOS (Basic Input/Output System) password for the system before the computer will start. BIOS password security varies in functionality. Some are computer system specific, meaning that the computer will not start without the proper password. Other BIOS passwords are hard disk drive specific, meaning that the hard drive will not be accessible without the proper password. Some computer BIOS employ one password for access control to the system and the hard disk drive. To add a second level of protection, new IT security policies require full hard disk drive encryption. The most common of full hard disk encryption software operates as a memory resident program. When the computer starts up, the encryption software is loaded before the operating system starts and a pass-phrase or password prompt is required. After a successful login from the user, the software decrypts the hard disk drive sectors in memory, as they are needed. The process is reversed when writing to the hard disk drive. This leaves the hard disk drive in a constant state of encryption. The operating system and program applications function normally, without having to be aware of any encryption software.

Audit and security requirements of business partners

Electronic data that is transferred between an enterprise and its business partners are considered business records and have specific audit and security requirement.  Included are:

•  Ability to recover files from the archive log to ensure non-repudiation by partner
• Ability to access audit trails to prove compliance
• Ability to access weekly compliance reports for each partner
• Facility to encrypt sensitive files in transit
• Ability to support all security protocols used by all trading partners
• Ability to control access by certifying partners for file transfer

Security is Driven by Shifting Trends

The Information Technology environment has changed significantl, as several trends have dictated the need for a more robust approach to corporate security policies, including:

• A trend towards mobility of information,
• Theft of IT assets arising from a proliferation of mobile devices,
• Increasing data privacy and data security concerns, and
• Regulatory compliance mandated by recent legislation.

These factors have made it necessary for network administrators to design and implement comprehensive security policies to keep pace with the changing IT landscape. Effective solutions for these multifaceted problems require a layered approach comprised of products, policies and procedures that can work in concert to provide organizations with the broadest security blanket available.

A missing computer can result in compliance and privacy issues that can be very costly for organizations that store confidential data, including enterprise, government, healthcare and educational institutions. There is a relationship between computer theft, regulatory compliance and data security. CIO and CSO must can combine policy, encryption, IT asset management and remote data deletion capabilities.

CIOs Do More With Less

Getting the most out of overworked and understaffed IT departments is a challenge. Now that we live in a period of economic turmoil, it is easily seen that most IT departments have to rise to the challenges of IT management with the existing number of people they have, or, more likely, even fewer.

IT organizations can ill afford to waste precious IT staff resources on relatively mundane tasks. What is required is a structured approach and infrastructure to automating as many IT processes as possible, with an eye towards creating a set of processes for managing core technology assets that frees members of the IT staff to concentrate on activities that add more value to the business.

Many IT organizations are caught up in a cycle of IT service and support that is anything but efficient. In fact, an ad hoc approach to IT support that meets SOA guidelines and ITSM requirements more often than not leads to a demoralized IT staff that begins to resent having to repeatedly perform the same routing tasks.

With everything that is happening today, it is clear that any help in the form of additional IT personnel is not likely to come. That means that existing IT personnel have to find a different approach to supporting the needs of the business without compromising the quality of the services they provide.

With those goals in mind, it is critical for IT organizations to plan their approach for delivering IT services by utilizing tools that proactively solve problems and resolve issues before they first generate a trouble ticket, and inhibit end-user productivity.

Security Best Practices For Dealing with Terminated Employees

Janco recommends taking these steps to ensure that systems will be secure and data will be protected when employees exit:

• Clearly and completely document each worker's access to the network, applications, servers and the physical building.
• Shut down remote connections, including pcAnywhere systems and VPNs.
• Invalidate usernames and passwords.
• If the employee worked in IT, change root access and network access.
• Shut down external access to the telephone system.
• Make sure handhelds, smartphones and cell phones are turned in along with PCs and laptops.
• Collect ID cards.
• Use monitoring software to keep an eye on network traffic.

States Implement Data Security Regulations

Massachusetts, Nevada, and New Jersey are in the process of imposing security regulations on businesses. In the case of Nevada, personal data must be encrypted if it is transmitted outside of a enterprise’s network. New Jersey is phasing in a set of data security mandates over a two-year period.

The most stringent is Massachusetts was written to apply to all organizations that handle the data of Massachusetts residents, whether the businesses are based in the state or not. The Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) has specified a long list of steps for protecting personal data and require companies to create wide-ranging internal security programs and policies. In addition, the OCABR defines personal data: as an individual's name along with his Social Security or driver's license number, or with a financial account number. In Nevada, bank and credit card numbers must also be accompanied by a PIN or password to meet the state's definition of personal data.

These regulations in these three states are expected to spawn a host of me-too measures in other states.

How to outsource successfully

Before going down the outsourcing path and selecting a vendor, you should:

• Improve your internal operations before you consider outsourcing. There is no reason to leave easy savings for the outsourcer.
• Implement a performance metrics and evaluation process. Establish metrics, evaluation processes and frequency for monitoring service-level performance.
• Implement service level agreements (SLA). Establish base line obligations for achieving specified targets for key-performance metrics and penalties for missing SLAs.
• Identify outsourcers that have experience in your industry and enterprise size.
• Create a model contract that has everything that you need including termination penalties the outsourcer must pay if they do not meet you SLA metrics.
• Identify incentives that could be available to the outsourcer if they perform at or above established service levels.

Security Threats Addressed by Janco

With the ever-increasing complexity of systems and multiple modes of access to business information, your enterprise security measures require ongoing attention, review and support. One of the greatest security challenges until now has been identifying all assets across the network to ensure coverage. Most automated tools on the market provide incomplete data and lack prioritized recommendations for remediation. In fact, typically:

• 75% of network devices are out of compliance with corporate policy
• 30% of network devices are End-of-Sale (EOS) and 20% are End-of-Life (EOL)
• 25% of all devices are undocumented and unprotected by maintenance contracts

There are many threats, which all network users are exposed. Many of these are masquerading as valid application traffic and past traditional firewalls, which focus on network layer access.  Today attacks are more dynamic, which necessitates deeper packet inspection and prevention strategies across multiple network layers.  Combining expertise in security software, security appliances, and multi-core processors is necessary to address these issues.

1984 is just a few years too late

Google Inc. unveiled Google Latitude, an upgrade to Google Maps that allows people to track the exact location of friends or family through their mobile devices. Google Latitude not only shows the location of friends, but it can also be used to contact them via SMS, Google Talk or Gmail.  Add to that the proactive advertizing which is being tested and everything that George Orwell wrote about is about to come true.

Pro-active advertizing is an approach for large screen billboards to be aligned with cameras that with face recognition software adjust what they are advertizing.

Many people will see pro-active advertizing and Latitude as great solutions, but the reality is that companies have yet again failed to deliver strong privacy and security. As it stands right now, Latitude could be a gift to stalkers, prying employers, jealous partners and obsessive friends. The dangers to a user's privacy and security are as limitless as the imagination of those who would abuse these two technologies.

Telecommunting Losses Some of its Luster

Telecommuting has lost some of its luster as companies have begun to cut back and both employees and contractors see the importance of being visible to both management and key user groups.   However, there still are benefits to both the enterprise and the staff member from telecommuting.  They are:

• Reduced infrastructure costs as enterprises increase head count for savings associated with less office space, equipment, furniture, and related support expenses.
• Increased staff productivity with are reduction in travel time plus the benefit of staff availability during non-work hours.  In addition, it has been found that workers who work from home put in more time than those who just come into the office.
• Increased ability to hire individuals outside of an enterprise's traditional labor pool markets. 

Job Picture Not Good - How Long Will Recession Last?

The unemployment rate jumped to 7.2 percent in December, the highest in 16 years, and will keep climbing as more corporations announce major job cuts.

• Microsoft Corp. said it planned to cut thousands of jobs because of the recession, adding conditions were so uncertain that it could not accurately forecast its earnings and revenue for the coming six months. (MSNBC.com is a Microsoft-NBC Universal joint venture.)
• Intel Corp. said it plans to cut up to 6,000 manufacturing jobs.
• United Airlines parent UAL Corp. said it would get rid of 1,000 jobs, on top of 1,500 axed late last year.
• Caterpillar said it was slashing up to 5,000 jobs on top of several earlier actions.  They added that earnings slid as mining companies and other customers scaled back purchases amid slumping commodity prices, the credit freeze and tough market conditions. The results reflect the troubled state of the global economy as Caterpillar's products are used worldwide in a range of industries.
• Home Depot Inc. said it is cutting 7,000 jobs and closing its smaller Expo chain as the recession continues to batter the nation's housing market. The cuts will affect about 2 percent of its work force.
• Sprint Nextel Corp., the No. 3 U.S. mobile service provider, said it would eliminate up to 8,000 jobs, or about 14 percent of its workforce, under a plan to cut labor costs.