Skip to main content

How functional and secure AES is

How functional and secure AES is? The Philippine electorate will once again go to polls and decide who will lead the nation in the next six years of their lives. This important event which will elect new president, vice president and 12 senators for national posts, and seats are also being contested for provincial, city and municipal levels, is expected to be counted unofficially in 24 hours, concluded or canvassed officially in a few days or so but authorities and observers expected it to be done in less than a week. Last presidential election, it was known three days after close of election precincts. This is especially true for nation states, not only the Philippines, that conducts their elections using automated election or computerized-and-networked voting systems. In PH, the past automated elections were encumbered with technical issues and fraudulent results, uttered and written everywhere by many concerned and affected individuals and institutions alike. This time, we could say

Company IT policy

An organization can enjoin its stakeholders including but not limited to employees, (investors), vendors and service providers who were authorized and given temporary permission to utilize company owned computers, Internet, information and communications technology-related systems and its associated data for official business purposes only.     

The first paragraph alone for some company is already enough. Most of the time a part of the more authoritative business conduct and/or manual. Some would further state they have full authority to such systems and its data. The devices which comprise of laptops, desktops, smartphones, tablets and telephones, and through them is where numerous datatypes are process, and everything attached and installed onto them. Business and personal data, the source of data which may be from various, interrelated and third-party systems and however they are bound through organization’s systems including data transmission, messaging (cryptographically rendered, SMS, MMS, email and voice mail), office files, classified information such as administrative orders including but not limited to telephone conversation, and whether stored in storage and optical media or not. Everything has to be managed with reference to business conduct, standards and regulation’s mandate which shall be employed at all times.     

Monitoring the overall IT operational capabilities would warrant an organization to constantly and/or randomly review relevant systems, their mechanisms, protocols, practices applied as sanctioned, and information being accessed, their classification and permission attributes and activities that are employed along. Thus, it makes sure that such systems and data conforms to organization’s acceptable practices, which cause to facilitate and support its businesses and activities. Anyone found to abuse these systems and its data directly or indirectly may be subject to disciplinary actions up to the extent termination of employment.     

An IT policy is nothing without anybody being responsible for its regular appraisal. It’s the same thing for administrative orders and IT procedures. And how all of these will be put into context and be executed as a mean to enforce them logically and technically. It can mean that the IT team shall be charged to study, update, test and improve the documents which reflects actions and shall furnish the stakeholders their findings and reports. It may then be used for qualifying the changes required, if any, as per the provisions of IT or business manual and its corresponding policies. And then there is the regular review of the everything IT which can include policies, procedures, operations, future plans, emerging technologies, risk management, staffing and costing. 

This is just the big picture which is the IT itself. Systematic and elaborated policies can be written to consider the very actions being made to run business systems more effectively. Relevant policies may include IT risk policy, which is sometimes being placed under different business unit, IT operations policy, acquisitions, inventory, email use (yes, it is still there), new hire, reorganization and separation, security and privacy, disposal including but limited to adaptation and integration of new business applications. 

Comments

Popular posts from this blog

[TW] IT documents, audit and leaders

IT documents comes with different names such as the following: - Manual or handbook, - Policies and procedures, - Management systems, - Project plans. In the real world we have various names with unique descriptions and purposes when in fact they could be made to do a uniform direction for which actions are based for the entire IT initiatives, probably the longest in IT lifecycle is operation. The problem is our inclination on something else which is wrong. IT remains an IT area. Business remains a business area. The same problem is carried out when we conduct IT audit. Most audit are missing the gists in which IT is being used by businesses. We once said that an effective IT audit is conducted by IT people themselves but there is something wrong with that even. Business and accounting people have been doing it with a different bias and preconceived notions which doesn't make the cut for IT direction and audit respectively. Leaders play the same game and so the problem continues an

[TW] Technology impact on enterprises, consumer and data

The best time to learn the art and science of technology consulting or just the necessary practice required for a business not to be left behind or not to bleed cash unnessentially is now. Technology is magnanimous but it doesn't mean it has to continue being an alien to almost everyone. Technologies surrounding computers, the Internet, programmable devices, sensors, AI, differentiated network convergence and decentralized systems, data and content are gaining an unprecedented development and adaptation within, and greatly affecting, enterprises, societies and their people. It must be the more powerful that everyone become a learned stakeholder, not just an end-user and leave everything to the vendor, service provider and their technology counterparts. Smart cities are a giant technological upgrade and the experience must make people deal more for their lives in a better way. Why make everyone learn? Businesses can focus what matters to them. Technology can primarily help organizat