MONITORING EMPLOYEE USE OF INTERNET: EMPLOYER'S PERSPECTIVE

By Erwin A. Alampay, Ph.D., Regina Hechanova
Philippine Daily Inquirer
Filed Under: Internet, Employees, Labor

THE EMERGENCE OF NEW and emerging information and communication technologies can no longer be ignored by organizations. Whether organizations provide it on their own or not, people are bringing these technologies to the workplace.

Internet access

Results show that providing access to the Internet is becoming the norm among organizations in the Philippines. Almost all the organizations that were surveyed reported providing access to their employees. Furthermore, among these organizations, 65 percent say reported that access to the Internet is made available to all its employees. The most popular reason given for providing access is for research and ease of communication.

Policy on ICT use

Organizations have resorted to various strategies for regulating access to the Internet and use of ICTs in general. However, less than half of organizations have written organizational policies for using organizational ICT facilities. Only 44 percent have reported having e-mail use policies, 48 percent have Internet use policies and 41 percent have instant messaging policies.

Restrictions and monitoring

Even though access is provided, the majority said they had restrictions on how the Internet was used. The majority of organizations block some online content and applications (58 percent).

Among companies that block access to sites, the most common sites reportedly blocked are pornography and gaming websites.

Most organizations monitor and review their Internet connections, with only a third not doing so. A quarter of the organizations perform constant monitoring, with another 20 percent conducting this routinely. Over a fifth actually monitor time spent on the Internet, while 45 percent monitor the content/sites being accessed and visited.

Implementation

The study also examined whether ICT policies have been implemented by organizations. Almost half reported that their organization had already disciplined an employee for improper use of the Internet, and 28 percent reported the same for improper e-mail use. The majority of offenders were issued formal reprimands, and 18 percent led to dismissals. For e-mail use, 72 percent were issued formal reprimands/warnings, and 9 percent were dismissed.

Findings clearly show there is still much room for improvement on policy development and monitoring of employee Internet use.

ACTIVITY..PROFESSIONAL ORGANIZATION

1. What are some benefits of joining the IT professional organization?

Someone who is skilled and qualified because joining a professional organization shows intelligence, commitment, and a willingness to seek and share knowledge. Professional organizations offer you another important job tool: The opportunity to attend their meetings, conferences, and seminars. If you're looking for a job, these events offer many opportunities to get your name out there. Showing up at these events is an investment that pays off because you'll get the inside track on job openings in your field.

2. Should an IT Professional either be licensed or certified? Why or why not?

IT professional for me should be licensed or certiified. In this situation, like other professions such as Accounting, Teaching, or Nursing, IT should have a license in which this proves that the skills of a certain IT professional are reliable and had passed the standard requirements. It allows them to measure their skills and knowledge whether they are competent and capable enough.

3. As an IT graduating students of the College, what Certification or Licensing you are aiming for? Why?

What I'm aiming for? my aim is to passed the A+ Examination to have a high qualified certificate and even more encourage myself to be qualified beyond the competition world of Information Technology.

Philippines Law Provisions and about Defamation

Under Article 353 of the Revised Penal Code of the Philippines, libel is defined as a public and malicious imputation of a crime, or of a vice or defect, real or imaginary, or any act, omission, condition, status or circumstance tending to discredit or cause the dishonor or contempt of a natural or juridical person, or to blacken the memory of one who is dead. Thus, the elements of libel are:
(a) imputation of a discreditable act or condition to another;
(b) publication of the imputation;
(c) identity of the person defamed; and,
(d) existence of malice.

PRESUMPTION OF MALICE:

The law also presumes that malice is present in every defamatory imputation. Thus, Article 354 of the Revised Penal Code provides that:

“Every defamatory imputation is presumed to be malicious, even if it be true, if no good intention and justifiable motive for making it is shown, except in the following cases:

1. A private communication made by any person to another in the performance of any legal, moral or social duty; and

2. A fair and true report, made in good faith, without any comments or remarks, of any judicial, legislative or other official proceedings which are not of confidential nature, or of any statement, report or speech delivered in said proceedings, or of any other act performed by public officers in the exercise of their functions.”

HOW COMMITTED:

Under Article 355 of the Revised Penal Code, libel may be committed by means of writing, printing, lithography, engraving, radio, phonograph, painting, theatrical exhibition, cinematographic exhibition, or any similar means.

DEFENSES:

In every criminal prosecution for libel, the truth may be given in evidence to the court and if it appears that the matter charged as libelous is true, and, moreover, that it was published with good motives and for justifiable ends, the defendants shall be acquitted.

Proof of the truth of an imputation of an act or omission not constituting a crime shall not be admitted, unless the imputation shall have been made against Government employees with respect to facts related to the discharge of their official duties.

THERE IS NO STANDARD EXAMINATION IN INFORMATION
TECHNOLOGY COURSE

-ANSWER-

IT is a very very broad. If there's a board exam for it , it should cover a general aspect. Like Theory of Algorithms (you need algorithms to create programs), Software Engineering, Data Structures, Database Systems, Computer Architecture, Networking, Etc.

if not, at least follow the GRE for IT.

But then again, Certifications are there.

Considering myself as an IT Professional after my graduation

-the answer-

Yet, I really find of what will happen after my graduation in college being as an IT graduate. I had a question in myself also if I will be considered myself as an IT professional after my graduation. When I walked in, I told myself, if I get anything from this at all, I would consider it worthwhile. I knew I was going to learn lots of new and interesting things, but I never expected walking in, that I would get any Certifications, and I wasn't even sure if coming out I'd be able to find work in the IT field. I had a lack confidence, and perhaps self esteem in me and my own abilities. I worked hard, got good grades, and with some motivation from my instructors I found the courage to write my certifications.

WHAT IS PROFESSION?

A profession is a vocation founded upon specialised educational training, the purpose of which is to supply disinterested counsel and service to others, for a direct and definite compensation, wholly apart from expectation of other business gain"

WHAT IS PROFESSIONAL?

A professional is a member of a vocation founded upon specialised educational training.
The word professional traditionally means a person who has obtained a degree in a professional field. The term professional is used more generally to denote a white collar working person, or a person who performs commercially in a field typically reserved for hobbyists or amateurs.
In western nations, such as the United States, the term commonly describes highly educated, mostly salaried workers, who enjoy considerable work autonomy, a comfortable salary, and are commonly engaged in creative and intellectually challenging work.

Less technically, it may also refer to a person having impressive competence in a particular activity.

Because of the personal and confidential nature of many professional services and thus the necessity to place a great deal of trust in them, most professionals are held up to strict ethical and moral regulations.

Definition

Main criteria for professional include the following:

• Academic qualifications - A teaching degree (University doctoral program)theological, medical, or law degree - i.e., university college/institute.
• Expert and specialized knowledge in field which one is practicing professionally.Excellent manual/practical and literary skills in relation to profession.
• High quality work in (examples): creations, products, services, presentations, consultancy, primary/other research, administrative, marketing or other work endeavours.
• A high standard of professional ethics, behaviour and work activities while carrying out one's profession (as an employee, self-employed person, career, enterprise, business, company, or partnership/associate/colleague, etc).
• The professional owes a higher duty to a client, often a privilege of confidentiality, as well as a duty not to abandon the client just because he or she may not be able to pay or remunerate the professional.
• Often the professional is required to put the interest of the client ahead of his own interests.

Security Attacks

This page lists types of security attacks. This document will address security issues, measures, and policies which take these types of attacks into consideration.

1. DoS- Denial of Service
2. Trojan Horse - Comes with other software.
3. Virus - Reproduces itself by attaching to other executable files.
4. Worm - Self-reproducing program. Creates copies of itself. Worms that spread using e-mail address books are often called viruses.
5. Logic Bomb - Dormant until an event triggers it (Date, user action, random trigger, etc.)

Hacker Attacks

I use the term "hacker attacks" to indicate hacker attacks that are not automated by programs such as viruses, worms, or trojan horse programs. There are various forms that exploit weakneses in security. Many of these may cause loss of service or system crashes.

• IP spoofing - An attacker may fake their IP address so the receiver thinks it is sent from a location that it is not actually from. There are various forms and results to this attack.
• The attack may be directed to a specific computer addressed as though it is from that same computer.
• Gaining access through source routing. Hackers may be able to break through other friendly but less secure networks and get access to your network using this method.
• Man in the middle attack -
• Session hijacking - An attacker may watch a session open on a network. Once authentication is complete, they may attack the client computer to disable it, and use IP spoofing to claim to be the client who was just authenticated and steal the session.
• Server spoofing - A C2MYAZZ utility can be run on Windows 95 stations to request LANMAN (in the clear) authentication from the client.
• DNS poisoning - This is an attack where DNS information is falsified. This attack can succeed under the right conditions, but may not be real practical as an attack form.
• Password cracking - Used to get the password of a user or administrator on a network and gain unauthorized access.

Some DoS Attacks

• Ping broadcast - A ping request packet is sent to a broadcast network address where there are many hosts. The source address is shown in the packet to be the IP address of the computer to be attacked.
• Ping of death - An oversized ICMP datagram can crash IP devices that were made before 1996.
• Smurf - An attack where a ping request is sent to a broadcast network address with the sending address spoofed so many ping replies will come back to the victim and overload the ability of the victim to process the replies.
• Teardrop - a normal packet is sent. A second packet is sent which has a fragmentation offset claiming to be inside the first fragment.