The Information Management Systems

Published Date: 02 Nov 2017

Every employer at some time during their business ownership will most likely encounter the unfortunate experience of having to terminate an employee’s employment. This recently occurred at the Broadway Café when an employee had to be terminated due to financial theft in addition to other areas of misconduct. This incident caused me to take pause to consider what other areas of theft from the Broadway Café could be vulnerable and how could I protect the business data while still building a sense of trust among the employees. I came to realize that developing an information management system policy needed to be implemented in swift order.

Higher level of management should be responsible for approving policies that dictate how employees access, create, store and dispose of information. It should also cover information regarding e-mail. The policy should also include employee conduct when using the internet, the amount of information that can be stored on hard drives or email folders.

When a new employee comes on board, they should receive immediate training on the aspects of the information management policies. If this is done, everyone including the employees will know and understand that they are expected to conduct themselves in a certain manner for the good of the business. Employees will be trusted to put the practices into their everyday tasks.

The information management systems policy at least the following policy areas:

Ethical Computer Use Policy: The policy should contain the general guidelines that establish the ethical use of the business computers during business hours. Employees should be informed of the rules and signed consent by the employee agreeing to abide by those rules should be obtained. The agreement should be reviewed and signed at least annually to provide reminders to the employees. An ethical use policy is the starting point and other policies can arise from it.

Information Privacy Policy: This policy contains general rules regarding the privacy of information. Most instances of information privacy misuse is used unintentionally in a new way in which it was not intended originally. The most misused information has been the Social Security Number. This number was originally used as a means to identify government benefits such as retirement, disability and Supplemental Security benefits. However, it became used as the normal personal identification numbers for driver licenses, bank accounts and a bevy of other areas that required an I/D number.

Acceptable Use Policy: This requires that an employee (user) agrees to follow the policy in order to be provided access to business email, information systems and the internet. In order for users not to be able to deny that it was he or she that accessed the actions, there is a contractual stipulation of non-repudiation. This is because when the user logs in, they do so using a unique username and password. Users must agree to not use the business service in an attempt to violate the law, to not attempt to break the security of a computer network or a user, to not post any commercial messages to groups without obtaining prior permission and to not perform any non-repudiation.

Internet Use Policy: Some employers will create a separate policy for this topic or it could be included as part of the Acceptable Use Policy. This policy provides the guidelines for internet usage. It should explain the internet services available to employees, Define and explain the business’ position regarding the purpose of the internet access and what the restrictions are that may be placed on that access.

Social Media Policy: Social media can provide many benefits to businesses if used in the correct manner. At the same time, it can provide severe risks caused by employees. By providing guidelines in this area those risks could be minimized. The policy should cover guidelines governing employee online communications relating trade name communications, employee and personal blog policies and employee and personal social network policies.

Email Privacy Policy: The policy provides detailed information regarding the extent to what email messages may be read by others (employers, managers). Email and instant messaging of widely used in businesses, but they can be stored on up to four computers, even when the email has been deleted. Generally, the organization owns the email system and can be as open and private as it chooses. There are surveys that indicate that many large corporations read employees email on a regular basis to ensure against confidential information leaks. Using a business email for personal use is not a good idea.

This policy should include information that clearly shows valid email users and explains what happens to email accounts after an employee leaves the business, explains the backup procedure so users will understand that even if an email is deleted it is still stored by the organization on some computer, explains the legitimate grounds for reading users email and the process required before such actions is performed, it deters employees from sending junk email or spam on business systems, deters employees from trying to send excessive amounts of email to a specific person or system that can cause the user’s server to stop working, and informs employees that the business has no control over email aafter it has been sent outside of the business.

This section can also include an anti-spam policy that just informs email users not to send unsolicited emails (spam). Keep in mind that it is not easy to determine this policy because it’s like one man’s trash is another man’s treasure. What is considered span to one person may be considered valued information to another.

Workplace Monitoring Policy: This policy explicitly informs how, when and where the business monitors the employees. The employer should be as specific as possible stating when and what will be monitored such as the network activity, email, instant messaging, internet, etc.). It should be communicated that the business reserves the right to monitor all employees. Very importantly, the policy should state the consequences that will be imposed if the policy is violated. Further, employers must enforce the policy the same for everyone.

Effectuating an Information Management Systems Policy will keep all employees and employers on point. If employees are aware that their computer usage is being monitored, they will be less likely to do something that is inappropriate. Management at Broadway Cafe should be able to properly assess the risk posed by employees within their business and employees need to be able to trust employers that their privacy will not be invaded needlessly. Risk-based approaches establish greater trust between employers and employees because the level of examination can be increased incrementally as needed. This approach is more efficient because the assessments are more targeted and balanced Employers can take a closer look at what can be learned from incidents that have already occurred and then make improvements to their risk management approach. I believe then the Broadway Café will be able to strike a good balance protecting the business information and building trust between their employees. Broadway Café can benefit from implementing all of the information management policies that have been listed above. Keeping the employees informed and involved in some of initial discussions will also make the employees feel that they are a part of the new implementations.

Broadway Café – Cohesion Café

Enterprise Architectures

Broadway Café is in the process of reviewing and considering a proposal submitted by our employee, Mr. Nick Zele to be the first to implement the new Broadband over powerlines (BPL) system that would allow our to experience a true plug-and-play internet connection from any power outlet in our store. While the concept sounds extremely efficient, there is still much to be considered.

The Federal Communications Commission passed new rules for BPL by loosening the prior restrictions that were initially in place and thus allowing BPL to become a more serious competitor to cable, broadband and digital subscriber’s lines. BPL allows the broadband transmissions to travel along the electrical power lines. However, there have been some health and safety organizations who are voicing concerns about the interference caused by data moving along electrical grids. The good thing about BPL is that it has the potential to allow power companies to become internet service providers as well. This could possibly eliminate some of the monopoly of the internet service providers.

BPL will fall within the realm of the IT Department and Senior Managers will need to be aware of how this would impact on their business. According to Om Malik (2010) some of the issues at hand are:

"BPL devices must be able to be shut down or adjusted remotely and must avoid using any specific frequency, which could cause disruption to radio signals.

BPL cannot operate near aeronautical and aircraft receivers, in so called "exclusion zones", which include Coast Guard and readio astronomy stations because BPL could issue electrical signals that carry the potential to interfere with those receivers.

Power companies will be required to conduct regular consultations with public safety agencies, federal government sensitive stations and.

Companies offering BPL will have to register with a notification database so that any firm or business which finds itself suffering from interference from BPL, or having any other concern with its transmission, can easily and immediately contact that particular BPL provider.

BPL systems will have to change equipment authorization from verification to certification. Verification allows anyone who appears to have the correct codes to access the infrastructure. Certification requires an installation in advance of approval codes, which is a more secure option.

A BPL offering for consumers has the potential to dramatically impact existing IT infrastructure.

IT may need to upgrade existing infrastructure."

From the research of this proposal, I have found that BPL has many bugs and just is not working very well. The City of Manassas, Virginia spent $1.6 million building and running the nation’s beggist BPL network discontinued the service after it had about 500 residential and 46 businesses. BPL cost the city $100,000 a month to maintain it. Consumers only paid $24.95 a month. It appears that BPL was not really intended for individual consumer use, but was intended mostly for monitoring the network itself.

The cost to maintain the BPL at the Broadway Café alone would not allow us to implement Mr. Zele’s proposal, not to mention the cost that would be needed to upgrade the existing infrastructure. This would not be a sound option for the Broadway Café at this time.