Intranet evolution, best practices, and case studies by Toby Ward.
Intranet Blog
Main Page
 Blogs
 Design
 Events
 Humor
 Jobs
 Photos
 Portal
 ROI
 Search
 wiki

Add to My Yahoo! Subscribe with Bloglines
Subscribe in NewsGator Online Blog Flux Directory
Subscribe with myFeedster
This Month
September 2005
Sun Mon Tue Wed Thu Fri Sat
1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30
Month Archive
July 2006
November 2005
September 2005
August 2005
Year Archive
2007
2006
2005
Login
User name:
Password:
Remember me 
Web Design Blog Top Sites © 2006 Prescient Digital Media. All rights reserved. www.PrescientDigital.com
Main Page  »  Privacy
« Previous 10 articles
Monday, September 19
View Article  Protecting your goods
by Toby Ward on Tue 20 Sep 2005 12:11 AM EDT

There’s an adage that is old for the intranet age (since they came to be mainstream in the early 90s) that says you shouldn’t put anything on the intranet that you wouldn’t put in print. It relates to the older adage that you shouldn’t print anything that you wouldn’t want anyone outside the company to read.

Your content is valuable. You wouldn’t want to share most of it with the outside world – especially the competition or media. However, if you are making content available via the intranet then it is possible it can be leaked externally. The number one leaking culprit, of course, is the employee.

 

There are three general positions or models to adopt vis a vis content protection:

 

  • Open market – publish just about anything you can on the corporate intranet.
  • Closed market – put sever constraints on what can be published.
  • Asynchronous market – a hybrid model that entrusts employees with a certain level of responsibility to maintain confidentiality.

My own personal opinion is that if you’ve hired and trusted an individual to do a job that the organization deems crucial enough to justify the pay then most individuals are trustworthy and not likely to leak confidential information to outside sources. On the other hand, I wouldn’t publish any corporate top secrets either. As such I recommend most companies adopt an asynchronous model that assumes a certain level of responsibility and trustworthiness of employees but does not make widely available all information and data to all employees.

 

Regardless, intranet and corporate information managers do have a responsibility to inform employees of their responsibility and to limit the organization’s liability. Such action includes the development of several policies:

 

  • Editorial policy
  • Terms of use
  • Acceptable use

Editorial policy

 

Your editorial policy is less of a legal security blanket and more of a definition of roles and responsibilities of those developing and maintaining online content. The editorial policy should include details on...

 

  • content types
  • style acceptability
  • news determinants (e.g. currency, impact, etc.)
  • formatting
  • archiving
  • photo treatments and bylines
  • content management system rules and directions
  • copyright and legal
  • privacy and security
  • governance including roles and responsibilities
  • taxonomy (classification)
  • site registration and indexing

Terms of use

 

Terms of use is a standard legal disclaimer. It says who owns it and declares the copyright, disclaims accuracy of content, etc.

 

Acceptable use

 

Acceptable use spells out the rules. Thall shall not...

 

  • Email content outside of the company.
  • Print and distribute content outside of the company.
  • Release content to any media outlet.
  • Rewrite or reproduce content for personal purposes or profit without the expressed written consent of the company (legal department).

 

Page footers

 

If you’re not already doing so make sure you have coded into your style sheets or CMS templates a footer that always includes the following:

 

  • A legal disclaimer
  • Terms of use
  • Copyright stamp
  • Name and email address of author
  • Date of publish

While clients have hired me to develop these policies and standards the work is not really rocket science. It just takes a little time and thought that could save your organization some headaches in the future.

 

Comments (1)  |  Trackbacks (2)  |  Permanent Link  |  Cosmos
Monday, September 12
View Article  Securing your intranet from the inside
by Toby Ward on Mon 12 Sep 2005 06:12 PM EDT

How secure is your intranet? The IT department has likely has gone to great lengths to protect financial and customer systems and databases but have they applied the same rigor to the intranet or portal?

 

Intranets and portals have grown exponentially since becoming mainstream in the early 1990s. Some are millions of pages large. However, the intranet has typically taken a backseat as the poor cousin to customer websites.

 

“Although media and management attention is focused on protecting external-facing sites from security threats, identity theft and other online vulnerabilities, intranets should not be overlooked,” writes Peter McKay, CEO of Watchfire in a recent Federal Times article When securing information, don’t overlook intranet. These sites can easily be compromised, and government IT executives are now realizing the need to expand security and privacy practices to agency intranets.”

If you’re a communicator, HR or marketing person responsible for the intranet then you need to ask the right questions of your IT department. First and foremost is understanding what you have, what is available to a wider audience, and what is specifically being done to secure it.

“Only by understanding the intranet environment — the domains, websites, directories, content, servers, technologies in use, and the policies and standards in place — can agencies ensure that they have adequate control of this information and its delivery,” says McKay. “The first step is to conduct an agency wide (assessment) to evaluate the size and complexity of the intranet. By conducting a thorough assessment agencies can effectively evaluate risks. Managers can then make informed decisions about risk mitigation as well as server and application consolidation.”

Things to look for:

·         Identify systems and servers not up to date or otherwise not conforming to IT standards

·         Orphaned content and rogue intranet sites and servers

·         Applications that work or communicate outside the firewall

McKay recommends several key steps to “effectively manage the compliance risks and costs of managing agency intranets:

• Conduct an inventory of internal Web properties to better understand the Web environment. Knowing how many sites and servers you have, the technologies in use, and the technology policies and standards your agency employs will create a more secure and productive intranet environment.

• Scan your intranet with an automated solution to identify vulnerable areas, including forms that may be inconsistent with internal privacy policies or may lead to information leaks.

• Understand what employee and citizen information is being collected and published on the Internet and intranet. The intranet is used to publish sensitive information, including human resources forms and employee health care information. Full knowledge of all online data-collection methods is critical to effectively managing Web privacy.

• Understand exactly who has access to this sensitive information. Proper technology and security controls will allow employees to see only the information required to do their jobs. Often, contractors are granted access without careful consideration for all the information they may have access to.

• Consider applicable security, privacy and accessibility legislation such as the 2002 Federal Information Security Management Act, the 2002 E-Government Act and the 1998 Rehabilitation Act amendments.

Leave Comment  |  Trackbacks (36)  |  Permanent Link  |  Cosmos