This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Environmentally Friendly Products and Resources
For those who are looking for environmentally friendly products, the market has a nice selection from which to choose. Whether you re simply looking for products that are made with the environment in mind, or you are planning an event that specifically focus on environmental friendliness to increase awareness, you will find some great products from which to choose.
A great item that would be appreciated by anybody who received it is the Eclipse Solar Torch. Its super bright LED bulbs are powered by solar cells that can store a one hour power supply, which is renewable in normal sunlight. This solar torch comes packaged in a black magnetic gift box, and makes a great eco friendly promotional or gift item.
Another great item to help increase environmental awareness is the Programmable Shower Timer. It includes countdown timer with alarm, with handy suction cups for attaching to the shower wall. It is water resistant and steam proof, and can help raise awareness of water conservation. Of course, it also makes a great cooking timer as well, when it's not being used to help conserve water.
The Eco Satchel is a stylish way of encouraging recycling, being made from 51 recycled fabric. It includes front mesh pockets suitable for holding a water bottle, plenty of storage space, and an adjustable carrying strap. The Eco Lanyard is another good choice, being made from 100 bamboo material. Both of these items would make great corporate give away items.
The market carries a number of eco friendly writing instruments and paper products. Children as well as adults will love the Eco Crayon Set, which includes 12 multi colored crayons packaged in a convenient recycled cardboard tube holder, with pencil sharpener lid.
This set perfect for the budding artist in all of us, as well as being convenient, compact and environmentally friendly. The Eco Pen is manufactured from recycled cardboard, making it both unique as well as comfortable to write with. The Nova Corn Starch Pen twist action ball point pen is available in six frosted finish colors, or a multi color assorted mix, made from biodegradable plastic. The Transparent Corn Starch Ballpoint Pen is another good choice, available in five transparent colors or an assorted color mix. This pen is manufactured from a biodegradable material based on corn starch. In addition to any imprinting that you might choose for this pen, you can also select an optional I m made from corn starch and am biodegradable second imprint. The Two/Tone Corn Starch Ballpoint Pen is also another attractive biodegradable pen option, as are several other corn starch based pens. The Madeira Pen is an attractive and unique environmentally friendly item, made from recycled paper and a wood clip. The end caps of this click action ballpoint pen come in five different colors, or you can choose an assorted color mix. If you re looking for an environmentally friendly pencil, the Round Full Length Recycled Newspaper Pencil is a good choice, which comes sharpened without an eraser, in five colors or an assorted mix. The Green Writer Recycled Paper Pen not only made with a recycled paper barrel, but for extra fun, it writes with green colored ink, so it is truly a green pen. The Recycled Spiral Notebook and Pen is an especially nice set, including approximately 70 sheets of lined recycled paper, spiral bound with a recycled cardboard cover. In addition to any imprinting you might choose, the notebook cover includes a paper made from recycled material message at the bottom.
This set would make a great give away at your next corporate business meeting or training seminar.
If you know of any sites with environmentally friendly products, resources, information or services that belong here, particularly from Australia, please let us know.
Environmentally Friendly Promotional Products
Promos are proud to present a great selection of environmentally friendly promotional items. Our eco-friendly promotional products collection features recycled, biodegradable and organic items as well as hand-powered electronics. If you are searching for an ecologically friendly promotional solution, look no further.
Yildiray Gazi, Owner of Rave on Promotions, is a proud and leading supplier of printed promotional products in Australia with a vast range of quality item that can be printed or decorated to assist you in your next promotion or marketing program.1
Mixture of online and offline activities
Online and Offline Activities
The NetSmartz online materials provide a learning experience that children will enjoy and understand. These fun activities teach children what to watch out for online. Click on the links below to explore the animated activities that provide fun and interesting approaches to developing safe-surfing habits on the Internet. The online activities can be played and replayed in any order at any time. NetSmartz also provides offline activities designed to be printed out for use away from the computer. These games are a fun way to reinforce the Internet safety concepts taught in the online activities. It is a pleasure and an honor to address you. I am sorry that my schedule at UNESCO does not allow me to join you in person, but if you can't use the techniques of distance education at a conference like this one, then where can you use them? I have used this combination of video presentation followed by audio interaction many times before and found that it works well. I hope that will be the case today. The only slight problem is that I find these presentations seem to be remembered more clearly by those in the audience than a standard presentation from the podium. But of course I will have no memory of being in with you today - because I wasn't. So in two years' time, if you meet me and talk about this conference, I shall probably look blank. So, I wish you a successful conference and I hope that these introductory remarks will set the stage in a useful way. I have taken as my title Online and Offline: Getting the Mixture Right. I chose that title for two reasons. First, it seems to me to be a very important issue. Things are settling down now, but seared into my memory is the dot.com frenzy that lasted from about November 1999 to March 2000. It is already hard to recall, but at that time many commentators were saying that the Internet would sweep away all previous forms of education. Even distance education would go the way of the dodo unless it was delivered entirely onto computer screens over the Net. I remember that period of Internet hype very clearly because I was heading the UKOU Open University and we were also just starting the United States Open University. At that time the UK Open University had a track record of thirty years of service to more than two million students. It did not seem plausible that our 200,000 current students would abandon us overnight if we didn't move 100% to the Net. Nevertheless, the conviction of the Net fanatics was so strong and the hype so all pervasive, that I began to have my doubts. Fortunately my colleague Diana Lorillard, who is one of world's wisest observers of the educational technology scene, stiffened my spine and convinced me that evolution, not revolution, was the way to deal with the Net. At that moment, as I said, we were also in the process of setting up the United States Open University. While we fully intended to make greater use of the Net in that operation from the very start, we also intended that it should be a multiple media distance education system rather than a 100% net operation. The atmosphere of that period of Internet hype was well symbolized by a very aggressive educational dot.com start up in the United States which decided that access to Open University materials was the key to leveraging itself to success in the market. Their desire to hold us in a close embrace was at first embarrassing and then rather tiresome. I remember the moment, towards the end of 1999, when the CEO of the dot.com told us,
"If you don't agree to a partnership with us we will buy the Open University".
I let that pass and by March of the following year the dot.com that had been chasing us was, like many of its fellow dotcoms, up for sale itself. Meanwhile the Open University continued to evolve toward the Net in an organic way. Each month about 5,000 of our students acquired an Internet connection so the numbers grew quite fast, although at that time we were only just passing the halfway mark in the proportion of our students who could communicate with the University online. Today some 150,000 of the Open University's 180,000 students are online, which probably makes it the world's largest virtual university by a large margin -although I do not like the term virtual university.
So, most of the students are online. What do we do about that? How do we use the net in our relationships with them: in teaching, learning, student services, administration and so on. In particular, how do we get the mixture right when we combine online and offline activities? I'll come back to that, but let me also mention the second reason for my choice of title. I was lucky enough to be in the right place at the right time when distance education began the process of modernization that has led us to where we are today. When I was in my first teaching job at the Ecole Polytechnique of the University de Montréal I enrolled as a part-time student in a Master's programmed in Educational Technology at what was then Sir George Williams University - now Concordia. The programmed required a three-month internship and I elected to do mine at the UK Open University. The UKOU was then only in its second year of operation but already it was being talked about, all over the world, as a milestone in the use of technology in education. That summer at the Open University was a turning point in my career. I found the new institution exhilarating and inspiring.
Today's technologies such as CD-ROM and the Web allow a much greater degree of apparent interaction. However, the question of what constitutes effective interaction is still valid. CD-ROMs and websites respond to actions on the part of the student. But to what extent is this response personalized? If you make the same series of clicks as I do, will we both get the same response, or does the programmed remember something about our differences from previous sessions that leads it to respond to us differently? I suggest to you that whether the answer to this question is important depends on the nature of the task that the student is trying to carry out. The fact is that despite our best efforts most interactive programmers are not really very interactive in the sense of being personalized. That is because writing fully interactive tutorial programmers that adapt themselves to your learning style and reflect all your previous study sessions with them is painstaking and expensive - at least for sophisticated learning at university level. In order to justify that expense an institution needs to amortize those costs over very large numbers of students. Let me pause here to note that I am still in the process of giving you the second reason why I chose my title. But I don't apologies because I hope you can see that I am leading you towards a way of thinking about using online technologies in education. I am saying that today's technologies can reproduce some of the characteristics of interaction with a real person. To the extent that they do so in a way that the user judges to be successful they are an economic breakthrough for distance education. That is because they share the characteristics of the independent learning activities that I mentioned earlier, namely that serving extra students with these media costs the institution almost nothing - the marginal cost per additional student is very low. This means that there is a strong incentive to use such technological systems wherever possible. If the student is happy, and it costs the institution less to provide the service, then we have a win-win situation - and presumably some of the costs saved can be passed on to the student.
The second strength, which I have already mentioned, is the communicative nature of online technology. The use of this medium to support asynchronous group discussion is widespread, although I suspect that the use of the techniques of moderation, which make it really effective, is less common. ICT can also be adaptive. I refer here to applications that allow students to manipulate a model - say of climate change - and get a much more powerful learning experience about the influence and the scale of different variables than they could by reading about it in a book or hearing a lecturer talk about it.
Finally ICT can be a productive medium. Some years ago the OU developed a technology called stadium that allows us to hold master classes over the Net to a worldwide audience of many thousands. You can also do this on a small scale. In our foreign language courses we group students in fours with a tutor and join them from home on the Net with full duplex audio. They discuss together while doing an exercise on the screen. One such exercise is about an organic farm. I conclude from this that ICT has the two key virtues. It supports active learning experiences and it supports wide access to a range of media and learning situations. The problem is that devising good active learning experiences is expensive because it requires a lot of work on the part of the teachers. In summary then, I suggest to you that online learning is a great advance for teachers and learners. At the same time it does not remove the value of all other approaches to teaching and learning and all the other media and technologies that we have found valuable. The challenge, as my title states, is to get the mixture right between online and offline activities. The mixture will vary by level of education, by subject, by student audience, and so on. The important thing is to address the implications of those variables and not to be transfixed by the idea that any kind of online learning is inherently superior. Today the slogan is: 'technology is the answer'. I encourage you to pause to ask: 'what is the question?' So far I have discussed this issue largely from the basis of my experience at the Open University. Let me conclude with a few remarks about the perspective that my new job at UNESCO is giving me on this. The challenge there is to harness ICTs in the service of Education for All, which is the key challenge I face. Today 220 million children get no schooling at all or not enough to have any impact. There are also 800 million adult illiterates, one in four of our world's adult population. Most of these disadvantaged people are girls and women.2
A software development process is a structure imposed on the development of a software product. Synonyms include software life cycle and software process. There are several models for such processes, each describing approaches to a variety of tasks or activities that take place during the process.
· Software development activities
· Implementation, testing and documenting
· Deployment and maintenance
· Iterative processes
· XP: Extreme Programming
· Waterfall processes
· Other models
· Formal methods
The largely growing body of software development organizations implements process methodologies. Many of them are in the defense industry, which in the U.S. requires a rating based on 'process models' to obtain contracts.
The international standard for describing the method of selecting, implementing and monitoring the life cycle for software is ISO 12207.
A decades-long goal has been to find repeatable, predictable processes that improve productivity and quality. Some try to systematize or formalize the seemingly unruly task of writing software. Others apply project management techniques to writing software. Without project management, software projects can easily be delivered late or over budget. With large numbers of software projects not meeting their expectations in terms of functionality, cost, or delivery schedule, effective project management appears to be lacking.
Organizations may create a Software Engineering Process Group (SEPG), which is the focal point for process improvement. Composed of line practitioners who have varied skills, the group is at the center of the collaborative effort of everyone in the organization who is involved with software engineering process improvement.
Software development activities
The activities of the software development process represented in the waterfall model. There are several other models to represent this process.
The important task in creating a software product is extracting the requirements or requirements analysis. Customers typically have an abstract idea of what they want as an end result, but not what software should do. Incomplete, ambiguous, or even contradictory requirements are recognized by skilled and experienced software engineers at this point. Frequently demonstrating live code may help reduce the risk that the requirements are incorrect.
Once the general requirements are gleaned from the client, an analysis of the scope of the development should be determined and clearly stated. This is often called a scope document.
Certain functionality may be out of scope of the project as a function of cost or as a result of unclear requirements at the start of development. If the development is done externally, this document can be considered a legal document so that if there are ever disputes, any ambiguity of what was promised to the client can be clarified.
Implementation, testing and documenting
Implementation is the part of the process where software engineers actually program the code for the project.
Software testing is an integral and important part of the software development process. This part of the process ensures that bugs are recognized as early as possible.
Documenting the internal design of software for the purpose of future maintenance and enhancement is done throughout development. This may also include the authoring of an API, be it external or internal.
Deployment and maintenance
Deployment starts after the code is appropriately tested, is approved for release and sold or otherwise distributed into a production environment.
Software Training and Support is important because a large percentage of software projects fail because the developers fail to realize that it doesn't matter how much time and planning a development team puts into creating software if nobody in an organization ends up using it. People are often resistant to change and avoid venturing into an unfamiliar area, so as a part of the deployment phase, it is very important to have training classes for new clients of your software.
Maintenance and enhancing software to cope with newly discovered problems or new requirements can take far more time than the initial development of the software. It may be necessary to add code that does not fit the original design to correct an unforeseen problem or it may be that a customer is requesting more functionality and code can be added to accommodate their requests. It is during this phase that customer calls come in and you see whether your testing was extensive enough to uncover the problems before customers do. If the labor cost of the maintenance phase exceeds 25% of the prior-phases' labor cost, then it is likely that the overall quality, of at least one prior phase, is poor. In that case, management should consider the option of rebuilding the system (or portions) before maintenance cost is out of control.
Iterative development prescribes the construction of initially small but ever larger portions of a software project to help all those involved to uncover important issues early before problems or faulty assumptions can lead to disaster. Iterative processes are preferred by commercial developers because it allows a potential of reaching the design goals of a customer who does not know how to define what they want. Agile software development processes are built on the foundation of iterative development. To that foundation they add a lighter, more people-centric viewpoint than traditional approaches. Agile processes use feedback, rather than planning, as their primary control mechanism. The feedback is driven by regular tests and releases of the evolving software.
XP: Extreme Programming
Extreme Programming (XP) is the best-known iterative process. In XP, the phases are carried out in extremely small (or "continuous") steps compared to the older, "batch" processes. The (intentionally incomplete) first pass through the steps might take a day or a week, rather than the months or years of each complete step in the Waterfall model. First, one writes automated tests, to provide concrete goals for development. Next is coding (by a pair of programmers), which is complete when all the tests pass, and the programmers can't think of any more tests that are needed. Design and architecture emerge out of refractory, and come after coding. Design is done by the same people who do the coding. (Only the last feature - merging design and code - is common to all the other agile processes.) The incomplete but functional system is deployed or demonstrated for (some subset of) the users (at least one of which is on the development team). At this point, the practitioners start again on writing tests for the next most important part of the system.
The waterfall model shows a process, where developers are to follow these steps in order:
- Requirements specification (AKA Verification or Analysis)
- Construction (AKA implementation or coding)
- Testing and debugging (AKA validation)
- Installation (AKA deployment)
After each step is finished, the process proceeds to the next step, just as builders don't revise the foundation of a house after the framing has been erected.
There is a misconception that the process has no provision for correcting errors in early steps (for example, in the requirements). In fact, this is where the domain of requirements management comes in, which includes change control. The counter argument, by critics to the process, is the significantly increased cost in correcting problems through introduction of iterations. This is also the factor that extends delivery time and makes this process increasingly unpopular even in high risk projects.
This approach is used in high risk projects, particularly large defense contracts. The problems in waterfall do not arise from "immature engineering practices, particularly in requirements analysis and requirements management."
Capability Maturity Model Integration
The Capability Maturity Model Integration (CMMI) is one of the leading models and based on best practice. Independent assessments grade organizations on how well they follow their defined processes, not on the quality of those processes or the software produced. CMMI has replaced CMM.
ISO 9000 describes standards for a formally organized process to manufacture a product and the methods of managing and monitoring progress. Although the standard was originally created for the manufacturing sector, ISO 9000 standards has been applied to software development as well. Like CMMI, certification with ISO 9000 does not guarantee the quality of the end result, only that formalized business processes have been followed.
ISO 15504, also known as Software Process Improvement Capability Determination (SPICE), is a "framework for the assessment of software processes". This standard is aimed at setting out a clear model for process comparison. SPICE is used much like CMMI. It models processes to manage, control, guide and monitor software development. This model is then used to measure what a development organization or project team actually does during software development. This information is analyzed to identify weaknesses and drive improvement. It also identifies strengths that can be continued or integrated into common practice for that organization or team.
Formal methods are mathematical approaches to solving software (and hardware) problems at the requirements, specification and design levels. Examples of formal methods include the B-Method, Petri nets, Automated theorem proving, RAISE and VDM. Various formal specification notations are available, such as the Z notation. More generally, automata theory can be used to build up and validate application behavior by designing a system of finite state machines.
Finite state machine (FSM) based methodologies allow executable software specification and by-passing of conventional coding (see virtual finite state machine or event driven finite state machine).
Formal methods are most likely to be applied in avionics software, particularly where the software is safety critical. Software safety assurance standards, such as DO178B demand formal methods at the highest level of categorization (Level A).
Formalization of software development is creeping in, in other places, with the application of Object Constraint Language (and specializations such as Java Modeling Language) and especially with Model-driven architecture allowing execution of designs, if not specifications.
Another emerging trend in software development is to write a specification in some form of logic (usually a variation of FOL), and then to directly execute the logic as though it were a program. The OWL language, based on Description Logic, is an example. There is also work on mapping some version of English (or another natural language) automatically to and from logic, and executing the logic directly. Examples are Attempt Controlled English, and Internet Business Logic, which does not seek to control the vocabulary or syntax. A feature of systems that support bidirectional English-logic mapping and direct execution of the logic is that they can be made to explain their results, in English, at the business or scientific level.3
The major benefits of having an effective security policy in palace for an online business
Effective Security Policy Messaging Important
Here's a three-step process for taking human factors into account in your security program (and even using them to your advantage). Let us begin with the premise that security policies exist to protect an entity's assets as it pursues the normal conduct of business. To ensure that those policies are effective, security professionals must first understand the social elements, including cultural and generational variances, that affect employee behavior and perceptions about security. With the implementation of a three-step process of discussion, creation and messaging, security policy can be successfully crafted-with consideration given to geographical, cultural and generational factors-while assuring resonance and understanding throughout the organization. A Cisco white paper, Data Leakage Worldwide: The Effectiveness of Security Policies, illustrates the apparent disparity between the perceptions of end users and IT professionals surrounding the existence, relevance, updating and communication of security policies. Just as businesses strive to understand their marketplace, they should also conduct internal market research to identify the key characteristics of their employee demographics.
To protect your employees, it is necessary to answer a number of rudimentary questions:
- What are the business's goals?
- Who is responsible and accountable for the business's success?
- Which individuals or business units are most affected by a certain policy?
- Who and what functions are you trying to protect?
- What social differences exist?
So let's look at some of these demographic challenges that an enterprise may face. In the geographic domain, a policy written for one audience may fail elsewhere if not fine-tuned for relevance. After all, cultural differences affect methods and styles of communication. For example, a message crafted for a highly technical audience in Asia may not have much success with a less technical group of employees in the U.S. who are used to a different communication style, and indeed one risks putting them to sleep or having them intellectually check out. Generational, how do we deal with individuals who are entering the workforce having collaborated and communicated openly using social media and other collaborative tools? Truly, this is an unprecedented challenge. The key to success is in the early transfer of responsibility to those engaged in making the business successful. Take steps to assist those who believe that "there are no secrets" and help them comprehend why their personal livelihood depends on protecting the corporate intellectual property and infrastructure.
New Findings Target IT Policies
To better understand employee behaviors that put corporate assets at risk, Cisco commissioned third-party market research firm Insight Express to conduct a study that examines data leakage around the world. Two surveys were conducted in 10 countries: Australia, Brazil, China, France, Germany, India, Italy, Japan, the United Kingdom, and the United States. These countries were selected based on their contrasting social and business cultures, as well as each workforce's relative tenure with the Internet and with corporate IP-based networks. In each country, 100 employees and 100 IT professionals were surveyed, producing a total of 2000 respondents.
These findings expand on the initial survey report, which examined data leakage from the perspective of employee behavior. Those results revealed a variety of risky behaviors and a widespread disregard for security policies. The prevalence of particular behaviors and the level of IT manager awareness concerning those behaviors varied throughout the world. The findings indicated that cultural differences can affect how employees and IT professionals address security issues and react to security directives.4
IT Policy Effectiveness Explored
The survey results reveal that the methods used to communicate security policies to employees and the perceived fairness of the policies are critical to success. The following data shows how security policies impact data leakage.
A Failure to Communicate
Three out of four companies surveyed have security policies. However, 40 percent of employees in the surveyed companies did not know that the security policies existed-and a surprising 20 percent of IT professionals were unaware of an existing security policy. Figure 3 shows the difference between the number of end users and the number of IT decision makers who are aware of a policy regarding acceptable use of company resources.
The Disconnect Between End User and IT Security Policy Awareness
Why is there such a disconnect between policy makers and the employees who must apply the policies every day to safeguard corporate data and assets? According to the survey results, one crucial reason is a lack of direct and consistent communication.
• 11 percent of employees say that security policies were never communicated to them or that they were never educated about the policy.
• Europe had the highest prevalence of this belief, where the United Kingdom (25 percent) and France (20 percent) far exceed the global average.
• Germany also has a high percentage of employees who claim that IT never communicates security policies to them (16 percent).
Businesses in the United States, China, Australia, and Japan tend to communicate security policies to new hires more often. Two out of three IT professionals in these countries claim that security policies are communicated to new employees. Yet those nations still reflect a significant gap in understanding between the IT and general user communities.
• In Japan, 66 percent of IT professionals claim they communicate security policies to every new hire, but only 35 percent of employees say they received that information.
• The United States had an even larger gap (42 percent), with 70 percent of IT professionals claiming that security policies are communicated to new hires and only 28 percent of the American employees saying they received these briefings.
Once employees are hired, new and updated security policies are often conveyed via email. Fifty-nine percent of employees and 68 percent of IT professionals say they receive or send emails on policy updates. But with so many email messages entering employee inboxes every day, the potential for an employee to ignore or accidentally delete an important communication from IT is high. And even when employees do read email regarding security policies, they might be less likely to retain the information or acknowledge the importance of the message than if the information was communicated in person.
Lack of Compliance
Creating security policies and communicating those policies to employees are important initial steps in safeguarding corporate assets. But these efforts have little value if employees don't understand or don't comply with the procedures. More than half of the employees surveyed admitted that they do not always abide by their companies' security policies. France featured the highest percentage (14 percent) of employees who admitted they adhere to policy sometimes, hardly at all, or never. India wasn't far behind, with 11 percent of employees admitting that they hardly ever or never abide by corporate policies.
Why Employees Don't Follow Security Procedures
Why do employees fail to follow security procedures that they admit have been communicated to them? Are policies being communicated without education or explanation? Are employees apathetic? Or worse, are they "insider threats" who purposely bypass security policies for personal gain? Table 1 shows some of the reasons that employees violate corporate IT policies.
According to survey results, only 22 percent of IT professionals believe that security education needs to be improved. A greater number of IT professionals believe that employees are wayward because they don't understand the risks of their behavior, because security is not a top-of-mind priority, or because they simply don't care. The data validates these beliefs. When asked why they altered security settings on computers to view unauthorized sites, for example, 52 percent simply replied that they wanted to view the site-regardless of its conflict with corporate policy.
It's perception of employee apathy is highest in France (57 percent), which parallels the French employee acknowledgment that they often ignore company policies. In China, 77 percent of IT professionals said security is not a top-of-mind concern for employees. Many IT professionals (41 percent) believe that employees are willing to engage in these risky behaviors because they think that IT will solve any problems that arise as a result, or that no one will know.
Consequences of Corporate IT Policy Violations
The consequences of violating corporate IT security policies are extensive and expensive. According to IT, virus containment is the leading consequence resulting from employees breaking security policies. In the United States, violations of security policies lead to extensive wireless network abuse, with almost half of respondents sharing this belief. IT respondents also believe that violating corporate policies leads to insider abuse, theft of devices such as laptop computers and mobile phones, and customer data loss or theft.
Create Security Policies that Work
The survey results show that the biggest risk to data loss is the lack of employee awareness of and compliance with existing security policies. IT professionals must look beyond the technical aspects of creating security policies to the human elements of awareness and compliance. That requires clear, pointed, and personal communication. In addition, IT must educate employees about the importance of observing security policies so they are willing to make compliance a priority every day. The following guidelines can help you create and enforce successful security policies.
A security policy is only successful if employees understand and regularly observe the procedures. Those in charge of corporate security must understand the level of employee awareness in order to determine whether security policies are effective. Conducting a survey can help you determine this level and take steps to raise awareness, if necessary. Some of the questions such a survey might include are:
• Do employees know that there are security policies?
• Do they know where to find them?
• Are the policies easily accessible?
• Have all the employees read the policies?
• Do the employees understand the policies?
Whether you are explaining security policies to new hires or sharing updates with employees, clear communication through established channels is critical. Look at how your company uses Web 2.0 and collaborative tools, and try to communicate your policies using those tools. Making sure that employees understand why they are being asked to comply with security policies is also an important aspect of communication. Additional communications guidelines include:
• Target communications for various user communities.
• Provide a list of policy updates in your annual training.
• Supplement primary communications vehicles with website and newsletter articles.
Once you've determined that employees are aware of security policies and that you are effectively communicating new policies and updates, the next challenge is convincing employees to comply with every policy, every day. Enforcement is a challenging proposition, but you can ease the enforcement burden and generate a higher level of compliance by creating realistic, workable policies.
• Create a manageable number of policies- Keep the number of policies manageable (preferably less than 12), so your users can more easily find the policy that they need.
• Make policies understandable for all audiences- Use language that is suited for an international audience to ease translation, with examples to illustrate how the user can comply with the policy.
• Make it easy to comply- If you make it difficult for users to comply with your policy, they won't. Consider including random employees in your policy review process to get some sense of the ease of compliance.
• Integrate security with business processes- Integrate security policy compliance into business processes, so employees won't need to bypass security procedures in the process of doing their jobs.
• Align policies with job requirements-Even well- intentioned policies can get in the way of job requirements. Faced with the choice of doing a superb job or complying with security policies, employees will most often choose to do a better job. Try to avoid this situation by creating practical policies that target only the most significant threats.
Integrate Security with the Corporate Culture
Integrating security into the corporate culture is an excellent way to convince busy employees and harried executives that security is central to business success. This approach can foster a feeling of community and encourage everyone to feel that their support of security policies is important.
• Make employees a partner in the security challenge- Employees will be more likely to support security initiatives if they feel that the security team is there to help them instead of to police them. Establish good relationships and use the awareness program to encourage business leaders to drive security within their organizations.
• Make security policy part of a larger compliance initiative- Work with your human resources, legal, and other compliance teams so that there is importance, credibility, and urgency attached to any policy training or communication.
• Tie security policies to your company's code of business conduct- Educate your employees to understand that their compliance with security initiatives is integral to overall appropriate behavior and critical to business success.5
References and Bibliography
2) J.S.Daniel and C.Marquis (1979) Independence and Interaction: Getting the Mixture Right, Teaching at a Distance, 14 pp. 29-44
J.S.Daniel (1983) Independence and Interaction in Distance Education: New Technologies for Home Study, Programmed Learning and Educational Technology (PLET), 20(3) pp. 155-160
J.S.Daniel (2001) Lessons from the Open University: Low-Tech Learning Often Works Best, The Chronicle of Higher Education, September 7, p. B24
D. Laurillard (2001) Rethinking University Teaching: A Framework for the Use of Educational Technology, Routledge
G.Salmon (2000) E-Moderating: the Key to Teaching and Learning Online, Kogan.
3) Government Accountability Report (January 2003). Report GAO-03-343, National Airspace System: Better Cost Data Could Improve FAA's Management of the Standard Terminal Automation Replacement System. Retrieved from,