It’s the dirty little un-secret we all know, but don’t want to talk about. Porn is alive and well in the workplace.

A 30-year-old man was charged with possessing child pornography after images allegedly were found on a computer at his workplace at the William J. Wrigley Company. Rory Griffin was charged with one count of possession of child pornography.

According to police officials from the Wrigley Co. notified police that technicians fixing a company computer found images that appeared to be child pornography, (see Wrigley Co. Worker Charged With Child Porn).

I personally know of one major brand ‘beverage’ company where the top three most surfed websites are all porn sites. I’m certain they’re not the only one.

In 1995, Chevron Corp. paid $2.2 million to settle a sexual harassment case brought by employees who were offended by an email titled "25 reasons beer is better than women." -- Combating porn in the workplace.

In 2004, the Internet Watch Foundation, the UK’s child porn watchdog, received 17,255 reports of illegal child images, 20% of which were websites. While more and more legislation is punishing those that indulge, the IWF said some managers feared finding themselves caught up in criminal proceedings.  An IWF survey of 200 firms found 74% of managers would not report guilty staff to the police and 40% would not take steps to discipline or dismiss them.

Changes to the Sexual Offences Act in England provided a conditional defence to protect network managers who need to store potentially illegal images of children as evidence. However, it is only valid if the incident is reported within a set amount of time. The age where a picture of a child is considered illegal has also been raised from 16 to 18.

While there are network programs that can block access to certain websites, or only allow access to certain approved websites, there is really very little that an employer can do to fully block workplace porn. If employees want it, they can get it.

The best approach is to treat employees like adults. Establish acceptable use policies and have employees agree to it. If you suspect that child porn may be downloaded, phone the police. Don’t attempt to do any forensics, call the police right away.

RELATED READING:

Protecting your goods

www.WiredSafety.org

© 2006 Toby Ward - Prescient Digital Media

One can spend a lot of money on IT. One CEO of an outrageously profitable financial services firm (who shall remain nameless at the risk of losing my head or shares) is known to say, despite the climbing profit, “we spend too much on IT.”

Alas, investing in the future is seen as desirable for some companies. But can we at least control the investment?

“As if bracing for each new technological development isn’t challenging enough, the IT function is further ex­pected to manage and implement these changes in an orderly “best practices” manner to help ensure continu­ity of IT deployment in all appropriate business pro­cesses,” states the Enterprise Management Associates’ white paper Service Management Made Simple For Mid-Sized Organizations. “This approach has ushered in the era of service management, where applications are viewed by end-users as utility-grade services available to authorized users throughout the networked company, rather than as siloed, discrete applications unique to individual users and departments.

The paper, prepared for Raritan, a supplier of solutions for managing IT infrastructure equipment, highlights the key attributes of an effective IT management service strategy:

• Integration – support a breadth of functionality (e.g., security, network management, application performance) from a single management view rather than requiring multiple monitoring tools and interfaces.
• Management of changing environments and conditions – Service management processes detect changes in configurations, new devices, applications and networks, sudden shifts in traffic flow or routing, denial of service attacks and other random or unexpected threats that can create havoc within any IT infrastructure.
• Modular deployment – A modular approach provides the best of both worlds – enabling an integrated, holistic management strategy that can conform to best practices, while enabling flexibility and choice in making management investments. Well-designed modular solutions should also be easy to deploy.
• Resilience and reliability – The design objective of service management best practices is to be adaptive to change, and since they are based on defined standards of performance, functionality and management, they are also highly reliable.

Of course, one of the keys is reporting and alerts including alarms and reporting on time to repair and time between failures.

Ultimately what Raritan and others in this space are selling are command center systems (NOCs) that integrate and monitor your infrastructure (“centralize the management of more than 10,000 devices with only one IP address”).

RELATED READING:

Securing your intranet requires more than just technology. In fact, employees represent your highest risk and point of breach.

CMPnet.com’s David Joachim covers the top 10 worst security practices in Lethal lapses:

1. If you find a security hole, buy a product to fix it.
2. Ignore the human element.
3. "Full speed ahead and damn the torpedoes" is our motto.
4. To run a tight ship, take an authoritarian approach.
5. Make access privileges an all or nothing proposition.
6. Treat all data as equal.
7. Back up everything, every night.
8. Perform audits and penetration tests infrequently, and in-house.
9. Endpoints for everyone.
10. Make sure security is highly visible, even intrusive.

“Most of these observations are about process and behavior rather than technology,” writes Joachim “That's not to say technology isn't important. But security pros generally have a mastery of bits and bytes and how to protect them. What's often missing is a sense of the big picture and how each separate alteration to the network affects the whole.”

RELATED READING:

Assessing your security risk

Best practices: securing your intranet

Email and intranet are biggest wireless threats

Securing your intranet from the inside