• Choose a category
• All
• Classic-Fiction

You should evaluate the SLA offered by the computer store and compare it to the manufacturer’s warranty and service options. Many retail computer stores can’t repair laptops in house, and they send most of them to the manufacturer for all but the simplest service. On the other hand, most laptop manufacturers offer a variety of service options including 24-hour delivery of replacement systems. You should verify the length of time it will take to have the store repair your laptop before you purchase an SLA. In some situations, a store’s repair program is more expensive and slower than a manufacturer’s repair program.

Code Escrow Agreements

Code escrow refers to the storage and conditions of release of source code provided by a vendor. For example, a code escrow agreement would stipulate how source code would be made available to customers in the event of a vendor’s bankruptcy.

If you contract with a software developer to perform a customized programming effort, your contract may not give you the right to access and view the source code this vendor creates. If you want changes made to the program’s functionality, you will be required to contract with the developer or integrator that installed it to perform those changes. This practice is common in applications software projects, such as setting up accounting systems.

In recent years, a number of software companies have been forced to close their doors due to trying economic times. In many cases, the software they sold has become orphanware—existing without support of any type. As a purchaser who must rely on applications for a number of years, you should try as hard as possible to avoid falling into situations like this.

If the vendor ceases operations, you won’t be able to obtain the source code to make further changes unless your agreement stipulates a code escrow clause. Unfortunately, this situation effectively makes your investment a dead-end street. Make sure your agreements provide you with either the source code for projects you’ve had done or a code escrow clause to acquire the software if the company goes out of business.

Generating Policies and Procedures

The policies and procedures your organization uses have a huge impact on your ability to manage a secure environment. Although your primary role isn’t that of policy maker, you need to understand four critical areas to succeed. The following sections discuss human resource policies and business, certificate, and incident-response policies.

Human Resource Policies

Human resource policies help the organization set standards and enforce behaviors. From a security perspective, this is critical. As a security administrator, you won’t generally be making policy decisions, but you have an impact on how policies are developed and enforced.

Human resource policies that consider security requirements will make your job easier. If the people the company hires are trustworthy, internal security problems will diminish. This will free up resources to address other aspects of the business that need attention. In the following sections, we’ll look at each type of personnel security policy.

Hiring Policies

Hiring policies define how individuals are brought into an organization. They also establish the process used to screen prospective employees for openings. Your organizational hiring policies should establish expectations for both the interviewer and the prospective employee.

Most organizations that work with the government have mandatory drug-testing requirements. Experience and studies have shown that drug users have a tendency to perform inconsistently, have higher incidents of theft, and are vulnerable to social engineering or compromises such as blackmail.

Your organization should also investigate references, college degrees, certifications, and any other information that is provided as part of the screening process. Security professionals should be screened more thoroughly than many other employees. A special trust is being imparted to security professionals, and this trust