Affirmative position outsourcing is the practice of using outside
1. AFFIRMATIVE POSITION
Outsourcing is the practice of using outside for firms to perform
some of their work activities. Larger companies use outsourcing
practices to cut their costs, while small companies outsource
their payroll processing, distribution, and accounting functions.
The outsourcing method enables companies to obtain a
competitive advantage; it makes businesses adapt to changing
market conditions and challenges. It facilitates increased
efficiency, thus enables organizations to be more productive and
provide more outstanding quality. Also, outsourcing gives
organizations access to capabilities and facilities and improves
core business activities (Tayauova, 2012).
I support the concept of Outsourcing janitorial services at
Inoteech Corp for the following arguments; the practice of
outsourcing will help cut operational costs in practical ways.
For instance, the company will have the opportunity to hire and
terminating outsourced company's employees without hesitation
since employment terms are based on a contract basis. Also, the
company can negotiate the outsourced employees' salaries.
Another argument is based on the company's ability to provide
various products that contain critical information about the
company. Outsourcing of janitors results in the company having
no control over its employees' hiring, resulting in the loss of the
company's critical information, resulting in a decrease in
product sales (Anderson, Sweeney, Williams, Camm, &
Cochran, 2020)
An ethical framework that would support my stance on
outsourcing is Utilitarianism; this is the practice of executing
actions within an organization that are more useful to the
employees than the company itself. The organization strives for
operational efficiency, includes functions of maximizing
corporate sales, profits, and revenues. Therefore, when the
company decides to terminate the 40 workers from both Indiana
and Ohio facilities, it will help the organization cut operational
2. costs and benefit its employees through the ability to reduce
operating costs while improving the company's budget
(Anderson et al., 2020).
According to the above scenario, the fiduciary duties and social
responsibility include the following; first, fiduciary duty entails
establishing loyalty and commitment of care. In this situation,
my stance of outsourcing janitorial services must benefit the
organization; therefore, I am performing fiduciary duty by
helping the company reduce its operational costs to increase its
sales, revenue, and profits. Additionally, laying off the 40
employees from Indian and Ohio facilities protects the company
from losing critical information. Social responsibility is the
ability to work with my colleagues collaboratively to increase
the company's outputs. InfoTech Corp offers a variety of
products and services to its customers and society. It is my
social responsibility to ensure that the company continues
providing its services to the community (Coelho, McClure, &
Spry, 2003). The company can achieve this through the ability
to have a consistent flow of capital from its sales and revenue.
Therefore, this can be done by outsourcing janitors, which
provides an opportunity for the company to maximize its profits
through cutting costs.
References
Anderson, D. R., Sweeney, D. J., Williams, T. A., Camm, J. D.,
& Cochran, J. J. (2020). Essentials of modern business statistics
with Microsoft Excel. Cengage Learning.
Branch, B., & Merton, J. (2003). Fiduciary Duty and Social
Responsibility.
Coelho, P. R., McClure, J. E., & Spry, J. A. (2003). The social
responsibility of corporate management: A classical
critique. American journal of business.
Tayauova, G. (2012). Advantages and disadvantages of
outsourcing: analysis of outsourcing practices of Kazakhstan
banks. Procedia-Social and Behavioral Sciences, 41, 188-195.
3. Consensus Policy Resource Community
Security Response Plan Policy
Free Use Disclaimer:This policy was created by or for the
SANS Institute for the Internet community. All or parts of this
policy can be freely used for your organization. There is no
prior approval required. If you would like to contribute a new
policy or updated version of this policy, please send email to
[email protected].
Last Update Status:Updated June 20141 Overview
A Security Response Plan (SRP) provides the impetus for
security and business teams to integrate their efforts from the
perspective of awareness and communication, as well as
coordinated response in times of crisis (security vulnerability
identified or exploited). Specifically, an SRP defines a product
description, contact information, escalation paths, expected
service level agreements (SLA), severity and impact
classification, and mitigation/remediation timelines. By
requiring business units to incorporate an SRP as part of their
business continuity operations and as new products or services
are developed and prepared for release to consumers, ensures
that when an incident occurs, swift mitigation and remediation
ensues.
2 Purpose
The purpose of this policy is to establish the requirement that
all business units supported by the Infosec team develop and
maintain a security response plan. This ensures that security
incident management team has all the necessary information to
formulate a successful response should a specific security
incident occur.
3 Scope
This policy applies any established and defined business unity
4. or entity within the <Company Name>.Policy
The development, implementation, and execution of a Security
Response Plan (SRP) are the primary responsibility of the
specific business unit for whom the SRP is being developed in
cooperation with the Infosec Team. Business units are expected
to properly facilitate the SRP for applicable to the service or
products they are held accountable. The business unit security
coordinator or champion is further expected to work with the
<organizational information security unit> in the development
and maintenance of a Security Response Plan.
4.1 Service or Product Description
The product description in an SRP must clearly define the
service or application to be deployed with additional attention
to data flows, logical diagrams, architecture considered highly
useful.
4.2 Contact Information
The SRP must include contact information for dedicated team
members to be available during non-business hours should an
incident occur and escalation be required. This may be a 24/7
requirement depending on the defined business value of the
service or product, coupled with the impact to customer. The
SRP document must include all phone numbers and email
addresses for the dedicated team member(s).
4.3 Triage
The SRP must define triage steps to be coordinated with the
security incident management team in a cooperative manner
with the intended goal of swift security vulnerability mitigation.
This step typically includes validating the reported vulnerability
or compromise.
4.4 Identified Mitigations and Testing
The SRP must include a defined process for identifying and
testing mitigations prior to deployment. These details should
5. include both short-term mitigations as well as the remediation
process.
4.5 Mitigation and Remediation Timelines
The SRP must include levels of response to identified
vulnerabilities that define the expected timelines for repair
based on severity and impact to consumer, brand, and company.
These response guidelines should be carefully mapped to level
of severity determined for the reported vulnerability.
5 Policy Compliance
5.1 Compliance Measurement
Each business unit must be able to demonstrate they have a
written SRP in place, and that it is under version control and is
available via the web. The policy should be reviewed annually.
5.2 Exceptions
Any exception to this policy must be approved by the Infosec
Team in advance and have a written record.
5.3 Non-Compliance
Any business unit found to have violated (no SRP developed
prior to service or product deployment) this policy may be
subject to delays in service or product release until such a time
as the SRP is developed and approved. Responsible parties may
be subject to disciplinary action, up to and including
termination of employment, should a security incident occur in
the absence of an SRP6 Related Standards, Policies and
Processes
None. 7 Definitions and Terms
None.8 Revision HistoryDate of ChangeResponsibleSummary of
ChangeJune 2014SANS Policy TeamUpdated and converted to
new format.
SANS Institute 2014 – All Rights Reserved Page 3
6. Consensus Policy Resource Community
Employee Internet Use Monitoring and FilteringPolicy
Free Use Disclaimer:This policy was created by or for the
SANS Institute for the Internet community. All or parts of this
policy can be freely used for your organization. There is no
prior approval required. If you would like to contribute a new
policy or updated version of this policy, please send email to
[email protected].
Last Update Status: Retired1. Overview
See Purpose.2. Purpose
The purpose of this policy is to define standards for systems
that monitor and limit web use from any host within <Company
Name>'s network. These standards are designed to ensure
employees use the Internet in a safe and responsible manner,
and ensure that employee web use can be monitored or
researched during an incident.
3. Scope
This policy applies to all <Company Name> employees,
contractors, vendors and agents with a <Company Name>-
owned or personally-owned computer or workstation connected
to the <Company Name> network.
This policy applies to all end user initiated communications
between <Company Name>’s network and the Internet,
including web browsing, instant messaging, file transfer, file
sharing, and other standard and proprietary protocols. Server
to Server communications, such as SMTP traffic, backups,
automated data transfers or database communications are
excluded from this policy.
4. Policy
4.1 Web Site Monitoring
The Information Technology Department shall monitor Internet
7. use from all computers and devices connected to the corporate
network. For all traffic the monitoring system must record the
source IP Address, the date, the time, the protocol, and the
destination site or server. Where possible, the system should
record the User ID of the person or account initiating the
traffic. Internet Use records must be preserved for 180 days.
4.2 Access to Web Site Monitoring Reports
General trending and activity reports will be made available to
any employee as needed upon request to the Information
Technology Department. Computer Security Incident Response
Team (CSIRT) members may access all reports and data if
necessary to respond to a security incident. Internet Use reports
that identify specific users, sites, teams, or devices will only be
made available to associates outside the CSIRT upon written or
email request to Information Systems from a Human Resources
Representative.
3.3 Internet Use Filtering System
The Information Technology Department shall block access to
Internet websites and protocols that are deemed inappropriate
for <Company Name>’s corporate environment. The following
protocols and categories of websites should be blocked:
· Adult/Sexually Explicit Material
· Advertisements & Pop-Ups
· Chat and Instant Messaging
· Gambling
· Hacking
· Illegal Drugs
· Intimate Apparel and Swimwear
· Peer to Peer File Sharing
· Personals and Dating
· Social Network Services
· SPAM, Phishing and Fraud
· Spyware
· Tasteless and Offensive Content
8. · Violence, Intolerance and Hate
· Web Based Email
3.4 Internet Use Filtering Rule Changes
The Information Technology Department shall periodically
review and recommend changes to web and protocol filtering
rules. Human Resources shall review these recommendations
and decide if any changes are to be made. Changes to web and
protocol filtering rules will be recorded in the Internet Use
Monitoring and Filtering Policy.
3.5 Internet Use Filtering Exceptions
If a site is mis-categorized, employees may request the site be
un-blocked by submitting a ticket to the Information
Technology help desk. An IT employee will review the request
and un-block the site if it is mis-categorized.
Employees may access blocked sites with permission if
appropriate and necessary for business purposes. If an
employee needs access to a site that is blocked and
appropriately categorized, they must submit a request to their
Human Resources representative. HR will present all approved
exception requests to Information Technology in writing or by
email. Information Technology will unblock that site or
category for that associate only. Information Technology will
track approved exceptions and report on them upon request.
5. Policy Compliance
5.1 Compliance Measurement
The Infosec team will verify compliance to this policy through
various methods, including but not limited to, periodic walk-
thrus, video monitoring, business tool reports, internal and
external audits, and feedback to the policy owner. 5.2
Exceptions
Any exception to the policy must be approved by the Infosec
team in advance. 5.3 Non-Compliance
An employee found to have violated this policy may be subject
9. to disciplinary action, up to and including termination of
employment. 6 Related Standards, Policies and Processes
None.
7 Definitions and Terms
The following definition and terms can be found in the SANS
Glossary located at:
https://www.sans.org/security-resources/glossary-of-terms/
· Peer to Peer File Sharing
· Social Networking Services
· SPAM
· Phishing
· Hacking8 Revision HistoryDate of
ChangeResponsibleSummary of ChangeJuly 2014SANS Policy
TeamConverted to new format and retired
SANS Institute 2014 – All Rights Reserved Page 1
Consensus Policy Resource Community
Remote Access Policy1. Overview
Remote access to our corporate network is essential to maintain
our Team’s productivity, but in many cases this remote access
originates from networks that may already be compromised or
are at a significantly lower security posture than our corporate
network. While these remote networks are beyond the control
of Hypergolic Reactions, LLC policy, we must mitigate these
external risks the best of our ability.2. Purpose
The purpose of this policy is to define rules and requirements
for connecting to <Company Name>'s network from any host.
These rules and requirements are designed to minimize the
10. potential exposure to <Company Name> from damages which
may result from unauthorized use of <Company Name>
resources. Damages include the loss of sensitive or company
confidential data, intellectual property, damage to public image,
damage to critical <Company Name> internal systems, and fines
or other financial liabilities incurred as a result of those losses.
3. Scope
This policy applies to all <Company Name> employees,
contractors, vendors and agents with a <Company Name>-
owned or personally-owned computer or workstation used to
connect to the <Company Name> network. This policy applies
to remote access connections used to do work on behalf of
<Company Name>, including reading or sending email and
viewing intranet web resources. This policy covers any and all
technical implementations of remote access used to connect to
<Company Name> networks.
4. Policy
It is the responsibility of <Company Name> employees,
contractors, vendors and agents with remote access privileges to
<Company Name>'s corporate network to ensure that their
remote access connection is given the same consideration as the
user's on-site connection to <Company Name>.
General access to the Internet for recreational use through the
<Company Name> network is strictly limited to <Company
Name> employees, contractors, vendors and agents (hereafter
referred to as “Authorized Users”). When accessing the
<Company Name> network from a personal computer,
Authorized Users are responsible for preventing access to any
<Company Name> computer resources or data by non-
Authorized Users. Performance of illegal activities through the
<Company Name> network by any user (Authorized or
otherwise) is prohibited. The Authorized User bears
responsibility for and consequences of misuse of the Authorized
User’s access. For further information and definitions, see the
Acceptable Use Policy.
11. Authorized Users will not use <Company Name> networks to
access the Internet for outside business interests.
For additional information regarding <Company Name>'s
remote access connection options, including how to obtain a
remote access login, free anti-virus software, troubleshooting,
etc., go to the Remote Access Services website (company url).
4.1 Requirements
4.1.1 Secure remote access must be strictly controlled with
encryption (i.e., Virtual Private Networks (VPNs)) and strong
pass-phrases. For further information see the Acceptable
Encryption Policy and the Password Policy.
4.1.2 Authorized Users shall protect their login and password,
even from family members.
4.1.3 While using a <Company Name>-owned computer to
remotely connect to <Company Name>'s corporate network,
Authorized Users shall ensure the remote host is not connected
to any other network at the same time, with the exception of
personal networks that are under their complete control or under
the complete control of an Authorized User or Third Party.
4.1.4 Use of external resources to conduct <Company Name>
business must be approved in advance by InfoSec and the
appropriate business unit manager.
4.1.5 All hosts that are connected to <Company Name> internal
networks via remote access technologies must use the most up-
to-date anti-virus software (place url to corporate software site
here), this includes personal computers. Third party connections
must comply with requirements as stated in the Third Party
Agreement.
4.1.6 Personal equipment used to connect to <Company
Name>'s networks must meet the requirements of <Company
Name>-owned equipment for remote access as stated in the
Hardware and Software Configuration Standards for Remote
Access to <Company Name> Networks.
12. 5. Policy Compliance
5.1 Compliance Measurement
The Infosec Team will verify compliance to this policy through
various methods, including but not limited to, periodic walk-
thrus, video monitoring, business tool reports, internal and
external audits, and inspection, and will provide feedback to the
policy owner and appropriate business unit manager. 5.2
Exceptions
Any exception to the policy must be approved by Remote
Access Services and the Infosec Team in advance. 5.3 Non-
Compliance
An employee found to have violated this policy may be subject
to disciplinary action, up to and including termination of
employment. 6 Related Standards, Policies and Processes
Please review the following policies for details of protecting
information when accessing the corporate network via remote
access methods, and acceptable use of <Company Name>’s
network:
· Acceptable Encryption Policy
· Acceptable Use Policy
· Password Policy
· Third Party Agreement
· Hardware and Software Configuration Standards for Remote
Access to <Company Name> Networks
7 Revision HistoryDate of ChangeResponsibleSummary of
ChangeJune 2014SANS Policy TeamUpdated and converted to
new format.April 2015Christopher Jarko
Added an Overview; created a group term for company
employees, contractors, etc. (“Authorized Users”); strengthened
the policy by explicitly limiting use of company resources to
Authorized Users only; combined Requirements when possible,
or eliminated Requirements better suited for a Standard (and
added a reference to that Standard); consolidated list of related
references to end of Policy.
13. SANS Institute 2014 – All Rights Reserved Page 3
Consensus Policy Resource Community
Acceptable Use Policy
Free Use Disclaimer:This policy was created by or for the
SANS Institute for the Internet community. All or parts of this
policy can be freely used for your organization. There is no
prior approval required. If you would like to contribute a new
policy or updated version of this policy, please send email to
[email protected].
Last Update Status: Updated June 20141. Overview
Infosec’s intentions for publishing an Acceptable Use Policy are
not to impose restrictions that are contrary to <Company
Name>’s established culture of openness, trust and integrity.
Infosec is committed to protecting <Company Name>'s
employees, partners and the company from illegal or damaging
actions by individuals, either knowingly or unknowingly.
Internet/Intranet/Extranet-related systems, including but not
limited to computer equipment, software, operating systems,
storage media, network accounts providing electronic mail,
WWW browsing, and FTP, are the property of <Company
Name>. These systems are to be used for business purposes in
serving the interests of the company, and of our clients and
customers in the course of normal operations. Please review
Human Resources policies for further details.
Effective security is a team effort involving the participation
and support of every <Company Name> employee and affiliate
who deals with information and/or information systems. It is the
responsibility of every computer user to know these guidelines,
and to conduct their activities accordingly.2. Purpose
The purpose of this policy is to outline the acceptable use of
14. computer equipment at <Company Name>. These rules are in
place to protect the employee and <Company Name>.
Inappropriate use exposes <Company Name> to risks incl uding
virus attacks, compromise of network systems and services, and
legal issues. 3. Scope
This policy applies to the use of information, electronic and
computing devices, and network resources to conduct
<Company Name> business or interact with internal networks
and business systems, whether owned or leased by <Company
Name>, the employee, or a third party. All employees,
contractors, consultants, temporary, and other workers at
<Company Name> and its subsidiaries are responsible for
exercising good judgment regarding appropriate use of
information, electronic devices, and network resources in
accordance with <Company Name> policies and standards, and
local laws and regulation. Exceptions to this policy are
documented in section 5.2
This policy applies to employees, contractors, consultants,
temporaries, and other workers at <Company Name>, including
all personnel affiliated with third parties. This policy applies to
all equipment that is owned or leased by <Company Name>. 4.
Policy
4.1 General Use and Ownership 4.1.1 <Company Name>
proprietary information stored on electronic and computing
devices whether owned or leased by <Company Name>, the
employee or a third party, remains the sole property of
<Company Name>. You must ensure through legal or technical
means that proprietary information is protected in accordance
with the Data Protection Standard.
4.1.2 You have a responsibility to promptly report the theft,
loss or unauthorized disclosure of <Company Name>
proprietary information.
4.1.3 You may access, use or share <Company Name>
15. proprietary information only to the extent it is authorized and
necessary to fulfill your assigned job duties.
4.1.4 Employees are responsible for exercising good judgment
regarding the reasonableness of personal use. Individual
departments are responsible for creating guidelines concerning
personal use of Internet/Intranet/Extranet systems. In the
absence of such policies, employees should be guided by
departmental policies on personal use, and if there is any
uncertainty, employees should consult their supervisor or
manager.
4.1.5 For security and network maintenance purposes,
authorized individuals within <Company Name> may monitor
equipment, systems and network traffic at any time, per
Infosec's Audit Policy.
4.1.6 <Company Name> reserves the right to audit networks and
systems on a periodic basis to ensure compliance with this
policy.
4.2 Security and Proprietary Information
4.2.1 All mobile and computing devices that connect to the
internal network must comply with the Minimum Access Policy.
4.2.2 System level and user level passwords must comply with
the Password Policy. Providing access to another individual,
either deliberately or through failure to secure its access, is
prohibited.
4.2.3 All computing devices must be secured with a password-
protected screensaver with the automatic activation feature set
to 10 minutes or less. You must lock the screen or log off when
the device is unattended.
4.2.4 Postings by employees from a <Company Name> email
address to newsgroups should contain a disclaimer stating that
the opinions expressed are strictly their own and not necessarily
those of <Company Name>, unless posting is in the course of
16. business duties.
4.2.5 Employees must use extreme caution when opening e-mail
attachments received from unknown senders, which may contain
malware.
4.3 Unacceptable Use
The following activities are, in general, prohibited. Employees
may be exempted from these restrictions during the course of
their legitimate job responsibilities (e.g., systems
administration staff may have a need to disable the network
access of a host if that host is disrupting production services).
Under no circumstances is an employee of <Company Name>
authorized to engage in any activity that is illegal under l ocal,
state, federal or international law while utilizing <Company
Name>-owned resources.
The lists below are by no means exhaustive, but attempt to
provide a framework for activities which fall into the category
of unacceptable use.
4.3.1 System and Network Activities
The following activities are strictly prohibited, with no
exceptions:
1. Violations of the rights of any person or company protected
by copyright, trade secret, patent or other intellectual property,
or similar laws or regulations, including, but not limited to, the
installation or distribution of "pirated" or other software
products that are not appropriately licensed for use by
<Company Name>.
2. Unauthorized copying of copyrighted material including, but
not limited to, digitization and distribution of photographs from
magazines, books or other copyrighted sources, copyrighted
music, and the installation of any copyrighted software for
which <Company Name> or the end user does not have an
active license is strictly prohibited.
3. Accessing data, a server or an account for any purpose other
than conducting <Company Name> business, even if you have
authorized access, is prohibited.
17. 4. Exporting software, technical information, encryption
software or technology, in violation of international or regional
export control laws, is illegal. The appropriate management
should be consulted prior to export of any material that is in
question.
5. Introduction of malicious programs into the network or server
(e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).
6. Revealing your account password to others or allowing use of
your account by others. This includes family and other
household members when work is being done at home.
7. Using a <Company Name> computing asset to actively
engage in procuring or transmitting material that is in violation
of sexual harassment or hostile workplace laws in the user's
local jurisdiction.
8. Making fraudulent offers of products, items, or services
originating from any <Company Name> account.
9. Making statements about warranty, expressly or implied,
unless it is a part of normal job duties.
10. Effecting security breaches or disruptions of network
communication. Security breaches include, but are not limited
to, accessing data of which the employee is not an intended
recipient or logging into a server or account that the employee
is not expressly authorized to access, unless these duties are
within the scope of regular duties. For purposes of this section,
"disruption" includes, but is not limited to, network sniffing,
pinged floods, packet spoofing, denial of service, and forged
routing information for malicious purposes.
11. Port scanning or security scanning is expressly prohibited
unless prior notification to Infosec is made.
12. Executing any form of network monitoring which will
intercept data not intended for the employee's host, unless this
activity is a part of the employee's normal job/duty.
13. Circumventing user authentication or security of any host,
network or account.
14. Introducing honeypots, honeynets, or similar technology on
the <Company Name> network.
18. 15. Interfering with or denying service to any user other than
the employee's host (for example, denial of service attack).
16. Using any program/script/command, or sending messages of
any kind, with the intent to interfere with, or disable, a user's
terminal session, via any means, locally or via the
Internet/Intranet/Extranet.
17. Providing information about, or lists of, <Company Name>
employees to parties outside <Company Name>.
4.3.2 Email and Communication Activities
When using company resources to access and use the Internet,
users must realize theyrepresent the company. Whenever
employees state an affiliation to the company, they must also
clearly indicate that "the opinions expressed are my own and
not necessarily those of the company". Questions may be
addressed to the IT Department
1. Sending unsolicited email messages, including the sending of
"junk mail" or other advertising material to individuals who did
not specifically request such material (email spam).
2. Any form of harassment via email, telephone or paging,
whether through language, frequency, or size of messages.
3. Unauthorized use, or forging, of email header information.
4. Solicitation of email for any other email address, other than
that of the poster's account, with the intent to harass or to
collect replies.
5. Creating or forwarding "chain letters", "Ponzi" or other
"pyramid" schemes of any type.
6. Use of unsolicited email originating from within <Company
Name>'s networks of other Internet/Intranet/Extranet service
providers on behalf of, or to advertise, any service hosted by
<Company Name> or connected via <Company Name>'s
network.
7. Posting the same or similar non-business-related messages to
large numbers of Usenet newsgroups (newsgroup spam).
4.3.3 Blogging and Social Media
19. 1. Blogging by employees, whether using <Company Name>’s
property and systems or personal computer systems, is also
subject to the terms and restrictions set forth in this Poli cy.
Limited and occasional use of <Company Name>’s systems to
engage in blogging is acceptable, provided that it is done in a
professional and responsible manner, does not otherwise violate
<Company Name>’s policy, is not detrimental to <Company
Name>’s best interests, and does not interfere with an
employee's regular work duties. Blogging from <Company
Name>’s systems is also subject to monitoring.
2. <Company Name>’s Confidential Information policy also
applies to blogging. As such, Employees are prohibited from
revealing any <Company> confidential or proprietary
information, trade secrets or any other material covered by
<Company>’s Confidential Information policy when engaged in
blogging.
3. Employees shall not engage in any blogging that may harm or
tarnish the image, reputation and/or goodwill of <Company
Name> and/or any of its employees. Employees are also
prohibited from making any discriminatory, disparaging,
defamatory or harassing comments when blogging or otherwise
engaging in any conduct prohibited by <Company Name>’s
Non-Discrimination and Anti-Harassment policy.
4. Employees may also not attribute personal statements,
opinions or beliefs to <Company Name> when engaged in
blogging. If an employee is expressing his or her beliefs and/or
opinions in blogs, the employee may not, expressly or
implicitly, represent themselves as an employee or
representative of <Company Name>. Employees assume any and
all risk associated with blogging.
5. Apart from following all laws pertaining to the handling and
disclosure of copyrighted or export controlled materials,
20. <Company Name>’s trademarks, logos and any other <Company
Name> intellectual property may also not be used in connection
with any blogging activity5. Policy Compliance
5.1 Compliance Measurement
The Infosec team will verify compliance to this policy through
various methods, including but not limited to, business tool
reports, internal and external audits, and feedback to the policy
owner. 5.2 Exceptions
Any exception to the policy must be approved by the Infosec
team in advance. 5.3 Non-Compliance
An employee found to have violated this policy may be subject
to disciplinary action, up to and including termination of
employment. 6. Related Standards, Policies and Processes
· Data Classification Policy
· Data Protection Standard
· Social Media Policy
· Minimum Access Policy
· Password Policy7. Definitions and Terms
The following definition and terms can be found in the SANS
Glossary located at:
https://www.sans.org/security-resources/glossary-of-terms/
· Blogging
· Honeypot
· Honeynet
· Proprietary Information
· Spam8. Revision HistoryDate of ChangeResponsibleSummary
of ChangeJune 2014SANS Policy TeamUpdated and converted
to new format
SANS Institute 2014 – All Rights Reserved Page 6
Many companies hire service employees either by offshoring or
onshoring. An onshoring is hiring employees domestically
wherein they advantage such as ease of communicating, since
you speak the same language, also easier counterpart risk
assessments regarding to say legal dispute resolutions since the
21. counter parties are local. Another benefit is political aspects
where onshoring can help the local communities by providing
jobs. Offshoring is when the companies hire service employees
from abroad, where they can save on cost as the production of
materials outside the country are many times cheaper than the
local country. To go offshoring a company gets widen range of
option in which sector they may go to hire employees, also
going abroad can help in easier scaling of employees if in case
there are not enough workers locally available.
Outsourcing janitorial service to a local company can help in
cost saving. When one hires a new staff, they must train the new
individual into the system and that costs money, by outsourcing
the service provider already has established the required
training required by the company so when they bring the
outsourced person in, they can immediately start working with
no extra cost. Another reason for outsourcing would be that if
your staff that quits or becomes suddenly unavailable to
multitudes of reason which would otherwise cost a lot of money
to hire someone new and manage what previous staff has last
left off on, and training them, the companies janitorial function
will continue as is, as the service provider would have someone
exactly what you would require immediately to replace the
worker.
One of the ethical frameworks that could apply to my
consideration of outsourcing is pragmatism. With pragmatism
we can solve a practical problem via scientific method as per
pragmatists such as John Dewey who used philosophy, science,
and politics to solve issues. If we look at the problem where in
the company wants to cost benefits in hiring the janitorial staff
via outsourcing, they are approaching the situation without
causing ethical distress in hiring and firing certain individuals
or losing money and time over those let go. As mentioned by
Susarla & Mukhopadhyay (2019) “the purpose of outsourcing is
to usher in organizational or strategic transformation” (p.930) -
Outsourcing service providers will take care of the exact
required needs of the company and deal with staff replacement
22. in case of someone being let go. This would be the most
practical and strategic way by outsourcing the janitorial staff.
The Fiduciary duties and social responsibility as play here is
that the company this working with the owners needs and
consent to cut down on operational cost by suggesting the way
of outsourcing. It will help the company maintain the regular
functions as is by outsourcing and without the ethical dilemmas
in dealing with hiring and firing of individuals due to cost
cutting.
References
Susarla, A., & Mukhopadhyay, T. (2019). Can Outsourcing of
Information Technology Foster Innovations in Client
Organizations? An Empirical Analysis. MIS Quarterly, 43(3),
929-A5. https://doi.org/10.25300/MISQ/2019/13535
less