Topic: Workplaces to see more spats over after-hours  (Read 5060 times)

0 Members and 1 Guest are viewing this topic.

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Workplaces to see more spats over after-hours
« on: June 26, 2008, 08:42:13 pm »
By Ellen Wulfhorst
Wed Jun 25, 1:34 PM ET
 


Should an employee get paid for reading a BlackBerry at the dinner table, sending an office e-mail or posting a job-related blog at home?

A spat at ABC News over paying writers to check their BlackBerries on their own time recently raised the issue, and such a dispute marks the leading edge of a deluge of unresolved and potentially heated cases to come in the United States, experts say.

The growing technical ability to work remotely, combined the growth of work-related legal disputes, is raising "lots of smaller-scope issues of this kind," said John Thompson, an expert in wage and hour law at Fisher & Phillips in Atlanta.

"We've never seen anything like it. Just the question of what is work and what isn't is a practically endless question," he said. "It is going to drive to the surface all kinds of issues that nobody's ever thought of before."

At ABC, under a longstanding contract waiver, writers who sporadically checked their BlackBerries after hours did not incur time-and-a-half overtime pay.

The union, the Writers Guild of America, East, challenged the waiver when three new writers were hired, and the company responded by taking away all writers' BlackBerries, ABC said.

The waiver was quickly reinstated, said Jeffrey Schneider, senior vice president of ABC News.

"We're glad to be back to the status quo where people can still check their BlackBerries and stay read in without incurring time-and-a-half overtime, which turns very quickly into a very big bill for a news division like ours," he said.

"We absolutely want to compensate people for overtime that they work, but that does not cover simply checking your e-mail," he added. "That would cover substantial work that gets done."

Simply checking a BlackBerry was not the union's concern, said Lowell Peterson, executive director of the Writers Guild, East. "Our folks are professionals. They're not going to start putting in overtime slips for 2.1 minutes.

"Our concern is we don't want this to grow into a major work commitment that people don't get paid for," he said.

The issue is not so much tapping out a brief message on a BlackBerry; it's the ability to write articles, post blogs, draft documents, research the Internet or sign contracts, all on a tiny, mobile, handheld gadget, experts say.

"Technology is going to continue to move in that direction," Peterson said. "It was important to us to make it clear that here's where we stand. This is not going to become an unpaid 24-7 workplace."

UNREASONABLE?

Productivity expert Laura Stack has little sympathy for the employee side of the argument.

"Show me one employee who doesn't waste time at work," the Colorado-based author said. "I see so much abuse of working hours by employees -- personal phone calls, socializing, checking eBay listings, booking personal travel, etc. -- that I don't believe it's unreasonable for an employer to want a bit of work on personal hours.

"If you don't want to be on call, don't be a doctor, a computer technician, or a reporter," she added.

As technology moves ahead, and the days when "having a pager was a great big deal" are gone, said Peterson, "We're going to have to trust people's common sense, on both sides."

Legal expert Thompson said many of the disputes could be decided on the basis of what in law is called "de minimis."

"What that means is, 'Is it too trivial for the law to mess with?"' he said.

Many cases, he said, arise when employees grow unhappy at work. "It's fine as long as everybody's happy," he said. "Once they cease being happy, they want to make an issue of it."

(Editing by Eric Beech and Jackie Frank)

MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline S'Raek

  • Commander
  • *
  • Posts: 3665
  • Gender: Male
Re: Workplaces to see more spats over after-hours
« Reply #1 on: June 30, 2008, 03:02:36 pm »
That's the biggest link ever!  That said, it would depend to me if you are on salary.  If you are salary they have you.  If  you are an hourly employee then I can see where you could make a case.  I have a good friend that is the service manager at a John Deere dealership and he gets calls on his work phone at all hours of the evenings and weekends. 

Veritas vos Liberabit -- Semper Vigilo, Fortis, Paratus, et Fidelis

Offline Just plain old Punisher

  • Vice Admiral
  • *
  • Posts: 36927
  • Gender: Male
  • I'm not facist, I just like wearing jackboots
Re: Workplaces to see more spats over after-hours
« Reply #2 on: July 02, 2008, 02:29:12 pm »
Bah! I love my blackberry..from my cold dead hands dammit!

"Sex is a lot like pizza.  If you're not careful you can blister your tongue". -Dracho

Offline Bonk

  • Commodore
  • *
  • Posts: 13298
  • You don't have to live like a refugee.
Re: Workplaces to see more spats over after-hours
« Reply #3 on: July 04, 2008, 02:23:14 pm »
I gave up on leading a personal life and still being able to survive many years ago. It is just not possible for honest hard working people. Work never stops, when it does, that must mean I am dead.

Dinner table? What's that?

Offline Dracho

  • Global Moderator
  • Rear Admiral
  • *
  • Posts: 18289
  • Gender: Male
Re: Workplaces to see more spats over after-hours
« Reply #4 on: July 08, 2008, 08:00:06 am »
I'm in security & compliance.  I WANT my Palm (Blackberry, bah!).. it's like my air raid siren. 
The worst enemy of a good plan is the dream of a perfect plan.  - Karl von Clausewitz

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Re: Workplaces to see more spats over after-hours
« Reply #5 on: July 08, 2008, 08:48:53 am »
I'm in security & compliance.  I WANT my Palm (Blackberry, bah!).. it's like my air raid siren. 

Cool. IT security and compliance?
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline Dracho

  • Global Moderator
  • Rear Admiral
  • *
  • Posts: 18289
  • Gender: Male
Re: Workplaces to see more spats over after-hours
« Reply #6 on: July 08, 2008, 12:12:22 pm »
I'm in security & compliance.  I WANT my Palm (Blackberry, bah!).. it's like my air raid siren. 

Cool. IT security and compliance?

A weird hybrid position you find in large retailers handling PII or cedit card data in large volumes.

 I'm 1/3 Information Privacy Officer, 1/3 IT Security, and 1/3 Program / Project Manager.  I'm the guy who goes to the IT security officer and says, "Company practices are not strict enough here and here due to this regulatory requirement".  We're increasing controls beyond the minimum baseline you've established.  I do a lot of risk management and analysis.
The worst enemy of a good plan is the dream of a perfect plan.  - Karl von Clausewitz

Offline Centurus

  • Old Mad Man Making Ship Again....Kinda?
  • Captain
  • *
  • Posts: 8505
  • Gender: Male
Re: Workplaces to see more spats over after-hours
« Reply #7 on: July 08, 2008, 12:15:08 pm »
I'm in security & compliance.  I WANT my Palm (Blackberry, bah!).. it's like my air raid siren. 

Cool. IT security and compliance?

A weird hybrid position you find in large retailers handling PII or cedit card data in large volumes.

 I'm 1/3 Information Privacy Officer, 1/3 IT Security, and 1/3 Program / Progect Manager.

Do you have to undergo a federal background check to get work such as that?

Also, if you were Mr. Floppy, you probably would have said, "I'm 1/3 Information Privacy Officer, 1/3 IT Security, and 1/3 Program / Progect Manager, but I'm all bunny."
The pen is truly mightier than the sword.  And considerably easier to write with.

Offline Dracho

  • Global Moderator
  • Rear Admiral
  • *
  • Posts: 18289
  • Gender: Male
Re: Workplaces to see more spats over after-hours
« Reply #8 on: July 08, 2008, 12:28:22 pm »
I'm in security & compliance.  I WANT my Palm (Blackberry, bah!).. it's like my air raid siren. 

Cool. IT security and compliance?

A weird hybrid position you find in large retailers handling PII or cedit card data in large volumes.

 I'm 1/3 Information Privacy Officer, 1/3 IT Security, and 1/3 Program / Progect Manager.

Do you have to undergo a federal background check to get work such as that?

Also, if you were Mr. Floppy, you probably would have said, "I'm 1/3 Information Privacy Officer, 1/3 IT Security, and 1/3 Program / Progect Manager, but I'm all bunny."

Typically you undergo a background and credit check.  If you fill an information privacy role for the government you'll typically require a security clearance and a CIPP/G certification.  I have a CIPP (Certified Information Privacy Professional) certification (/g is for government), and am about to take my CISSP (Certified Information Systems Security Professional), since you need 5 years experience to even apply for the exam.

My boss wants me to certify as a project manager as well.



I'll post a redacted version of my resume so you can get a feel for my background.  Please excuse the formatting errors that will happen.

SUMMARY:

Versatile leader with experience in Departmental Management, Information Technology, Project Management, Data Center Operations, Information Security, Application Support, Change Management and Cost Center Management. Excellent leadership and people management skills.  Solid track record of delivering results by motivating staff to find resolutions to complex challenges.  Possesses the combination of education, practical experience and quantifiable results necessary to lead an IT group in a successful partnership with the core business.

PROFESSIONAL EXPERIENCE:

Fortune 100 Oil Company,                         2007 - Present
Information Compliance and Security Manager


Responsible for all aspects of security and compliance for retail payment environment conducting $4.6B in transactions annually         
Responsible for maintaining security best practices, PCI Compliance Program, and safeguarding of personally identifiable information.
Responsible for encryption key management process design and program oversight.
Triage of all credit card fraud incidents to identify violations of PCI, as well as violations of state laws regarding identity theft. 
Design all response protocols. 
Manage the investigation, remediation, and notifications required by PCI, as well as various state and local statutes.
Perform field compliance audits to ensure personnel and systems maintain PCI compliancy.  Audit PIN devices for compliance with industry regulations

Project manager for Sarbanes-Oxley and SAS-70 audit of Retail Payment Technology application development group.  Document financial environment and diagram financial systems workflows following currency from cash register, to settlement provider, to general ledger.


IT Pimps R' Us                        2004 - 2007
Project Manager

Project Manager and security consultant to bring PCI Level 1 retail merchant with 5,000 locations and over 1 million financial transactions per day into compliance with PCI requirements. 
Responsible for several ongoing projects to bring retail and mainframe financial settlement systems, applications, and processes into compliance with Sarbanes-Oxley requirements and Payment Card Industry (PCI) standards for credit card security.  Developed compliant work processes and incident response protocols.
Project includes an initial audit of all related platforms, scope definition, all pre-audits of involved IT systems, and managing all projects and sub-projects to correct deficiencies.  Efforts include replacing or augmenting work processes, application and hardware modifications, and documenting and auditing results.  Combined budget responsibility of $1.5 million.

Telecom Were Us (Until we filed  Chapter 11)    Tulsa, OK          1999 – 2003
Supervisor, Network Maintenance Engineering

Manage 11 employees responsible for the hardware, operating systems, databases, security, and applications monitoring North America’s largest next-generation fiber network. Systems included corporate financial and human resource systems (Peoplesoft), Livelink, and dozens of minor applications running on Unix and Windows NT platforms. Managed employees in remote offices. Managed $1M cost center.  Provided project management for all non-capital projects.

Responsible for security configurations and access controls for HP-UX, NT 4.0, and Sun Solaris environments.

 
Supervisor of Information Technology

Managed 12 employees providing systems support for real-time backbone broadcast network in a 24x7 mission critical video broadcasting environment for major cable news outlets.  Managed remote employees in Toronto office.  Participated in massive reorganizations on a near-quarterly basis.  Responsible for all aspects of employee management as well as providing budgetary forecasting and expense reconciliation for $1.2M cost center.  Responsible for systems integrity and security configurations. 

Supervisor, Network Operating Systems

Managed $4.5M department consisting of 12 employees responsible for back office, file and print and email services for enterprise of 12,000 end-users.  Responsible for implementation of security standards and configurations for back-office environment. 
Managed remote employees in Oklahoma, Colorado, Illinois, New Jersey, Virginia, Missouri, Texas, Alberta and Ontario. Developed and implemented plans to consolidate regional administration teams into enterprise group, with common standards and processes.  Guided the development of new enterprise processes.

Big PetroChemical Company, Clear Lake, TX                   1996 - 1999
Change Manager

Assisted in the development, refinement and implementation of change control processes and security change reviews for first North American petrochemical rollout of 5 SAP-R3 modules.  $900M project included new infrastructure, application and database environments with 12,000 roaming desktop workstations and back office systems. 

IT Analyst

Performed server configuration management in environment of 100 Windows NT servers, 25 Exchange Servers, 12 SMS servers and various miscellaneous application platforms.  Duties included creating software distribution packages, implementing security standards, providing access control,  building hardware configurations, and performing work on capital projects. 

IT Pimps R Us v. 1.0, Houston, TX                      1994 - 1996
Server Administrator

Provided server administration, system architecture, security configurations, access control, and migration services for various clients performing upgrades to Windows NT or Windows 95 systems.  Assembled and installed Compaq servers and workstations, provided help desk support and functioned as team technical lead for 9 installers.

Cumberland County Sheriff’s Dept, Fayetteville NC                1986 - 1990
Deputy Sheriff

Enforced laws and regulations, investigated crimes, and testified at trial.

EDUCATION:

University of Phoenix, Tulsa, OK
B.S., Business Management (With Honors),

Training & Certifications

•   CISSP Core Cirriculum
•   Certified Information Privacy Professional
•   The Big Pipeline Company Leadership Program, Management Curriculum
•   Introduction to SAP-R3
•   Microsoft Certified Trainer, Windows NT 4.0
•   Microsoft Product Specialist, Windows NT 4.0
•   United States Army Physical Security School
The worst enemy of a good plan is the dream of a perfect plan.  - Karl von Clausewitz

Offline Centurus

  • Old Mad Man Making Ship Again....Kinda?
  • Captain
  • *
  • Posts: 8505
  • Gender: Male
Re: Workplaces to see more spats over after-hours
« Reply #9 on: July 08, 2008, 12:32:53 pm »
Pimps R' Us?  Can you help me get a job with them?
The pen is truly mightier than the sword.  And considerably easier to write with.

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Re: Workplaces to see more spats over after-hours
« Reply #10 on: July 08, 2008, 12:46:24 pm »
I'm in security & compliance.  I WANT my Palm (Blackberry, bah!).. it's like my air raid siren. 


Cool. IT security and compliance?


A weird hybrid position you find in large retailers handling PII or cedit card data in large volumes.

 I'm 1/3 Information Privacy Officer, 1/3 IT Security, and 1/3 Program / Project Manager.  I'm the guy who goes to the IT security officer and says, "Company practices are not strict enough here and here due to this regulatory requirement".  We're increasing controls beyond the minimum baseline you've established.  I do a lot of risk management and analysis.


What's you opinion on FISMA, if you have one?

We do a lot of SCP and CISSP and CEH training here and I'm always curious how those in the security inductry see some of thes regs.
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Re: Workplaces to see more spats over after-hours
« Reply #11 on: July 08, 2008, 12:49:14 pm »
Draco--

You're boss is right, PMP/PMI is good. I think you might want to look into ITIL too.
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline Dracho

  • Global Moderator
  • Rear Admiral
  • *
  • Posts: 18289
  • Gender: Male
Re: Workplaces to see more spats over after-hours
« Reply #12 on: July 08, 2008, 01:11:44 pm »
I'm in security & compliance.  I WANT my Palm (Blackberry, bah!).. it's like my air raid siren. 


Cool. IT security and compliance?


A weird hybrid position you find in large retailers handling PII or cedit card data in large volumes.

 I'm 1/3 Information Privacy Officer, 1/3 IT Security, and 1/3 Program / Project Manager.  I'm the guy who goes to the IT security officer and says, "Company practices are not strict enough here and here due to this regulatory requirement".  We're increasing controls beyond the minimum baseline you've established.  I do a lot of risk management and analysis.


What's you opinion on FISMA, if you have one?

We do a lot of SCP and CISSP and CEH training here and I'm always curious how those in the security inductry see some of thes regs.


What I am going to say next is my opinion only:

In the private sector we don't deal with FISMA much, other than some of its provisions are what became Sarbanes-Oxley for us.  That said, both FISMA and SoX, and PCI for that matter, are really compliance programs and thus they are Risk Management programs.  Just because you pass an audit doesn't really mean diddley-squat, other than you passed an audit that said at this particular point-in-time your program met some minimum standard.. maybe.. sometimes the auditors only sign off that they followed the methodology and didn't notice any deficiencies, but that doesn't mean deficiencies do not exist.

Personally, I like to build my security controls around ISO 27001 (NIST SP 800-53 for you government types).  800-53 is sort the the "mother of all security standards and controls".  The ISO is built on it, as are most of what came later.  Therefore, as a "baseline standard", if you are in compliance with ISO27001, you'll probably only need to make minor tweaks to your security to meet new requirements (such as PCI-DSS), because your program is built upon the foundation that the new requirement will probably use (thus reducing compliance costs over the long-haul, and reducing the number of "Compliance silos" your organization must maintain).

As for ITIL... ok.. how to explain this..bear with me..

There are basically 3 entities in the world that compromise world trade, and these standards and laws are very tied in with the model.  You have the OECD, or Organization for Economic Development and Cooperation.  The members of this group are governments and they issue laws, such as the EU Directives on Data Privacy, Sarbannes-Oxley, etc.  So you have component 1 of security, which are the legal requirements.

Now, in order for these members to interact there must be uniformity, such as weight & measures, values.. you know.. standards.. that's where ISO comes into play.  They write standards that ensure nations are doing things to the same level.  So aspect #2 of security.. standards.  It is also important to remember that the ISO standards are a matched set, if you are following 27001, you'll never do anything to endanger your manfacturing unit's ISO9001 certification, or your App Development team's 13331 (IIRC) processes.

The last group deals with how the money flows between nations.  This organization is called COSO, or the Committee of Sponsoring Organizations of the Treadway Commission.  This body deals with money, and CFO's, so naturally they are interested in governance.  Things such as the rules for accounting originate in this body, so naturally auditing will be closely tied to these rules.  Part 3 of security - Accountability

So, a lot of people misunderstand the differences between these groups and what exactly is going on.  I hear people say "is your IT security ITIL, or CoBit, or ISO?", when the answer should be "Yes".  ISO27001 would be the security controls around your environment, while ITIL would be the process for a help desk interfacing with customers (although it is morphing into something more), and CoBit would be the IT Governance model your CFO uses to validate controls (which should have been developed at the ISO level).

Here is a little slide I made for a presentation to our executives (Credits to David Cannon of CertTest):
« Last Edit: July 08, 2008, 01:25:30 pm by Dracho »
The worst enemy of a good plan is the dream of a perfect plan.  - Karl von Clausewitz

Offline Dracho

  • Global Moderator
  • Rear Admiral
  • *
  • Posts: 18289
  • Gender: Male
Re: Workplaces to see more spats over after-hours
« Reply #13 on: July 08, 2008, 01:13:52 pm »
Another way to think of it is like the "Fire Triangle".  Good security has 3 elements, and if one side is poor, your programs will fall out of compliance.

The worst enemy of a good plan is the dream of a perfect plan.  - Karl von Clausewitz

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Re: Workplaces to see more spats over after-hours
« Reply #14 on: July 08, 2008, 08:03:32 pm »
I'm in security & compliance.  I WANT my Palm (Blackberry, bah!).. it's like my air raid siren. 


Cool. IT security and compliance?


A weird hybrid position you find in large retailers handling PII or cedit card data in large volumes.

 I'm 1/3 Information Privacy Officer, 1/3 IT Security, and 1/3 Program / Project Manager.  I'm the guy who goes to the IT security officer and says, "Company practices are not strict enough here and here due to this regulatory requirement".  We're increasing controls beyond the minimum baseline you've established.  I do a lot of risk management and analysis.


What's you opinion on FISMA, if you have one?

We do a lot of SCP and CISSP and CEH training here and I'm always curious how those in the security inductry see some of thes regs.


What I am going to say next is my opinion only:

In the private sector we don't deal with FISMA much, other than some of its provisions are what became Sarbanes-Oxley for us.  That said, both FISMA and SoX, and PCI for that matter, are really compliance programs and thus they are Risk Management programs.  Just because you pass an audit doesn't really mean diddley-squat, other than you passed an audit that said at this particular point-in-time your program met some minimum standard.. maybe.. sometimes the auditors only sign off that they followed the methodology and didn't notice any deficiencies, but that doesn't mean deficiencies do not exist.

Personally, I like to build my security controls around ISO 27001 (NIST SP 800-53 for you government types).  800-53 is sort the the "mother of all security standards and controls".  The ISO is built on it, as are most of what came later.  Therefore, as a "baseline standard", if you are in compliance with ISO27001, you'll probably only need to make minor tweaks to your security to meet new requirements (such as PCI-DSS), because your program is built upon the foundation that the new requirement will probably use (thus reducing compliance costs over the long-haul, and reducing the number of "Compliance silos" your organization must maintain).

As for ITIL... ok.. how to explain this..bear with me..

There are basically 3 entities in the world that compromise world trade, and these standards and laws are very tied in with the model.  You have the OECD, or Organization for Economic Development and Cooperation.  The members of this group are governments and they issue laws, such as the EU Directives on Data Privacy, Sarbannes-Oxley, etc.  So you have component 1 of security, which are the legal requirements.

Now, in order for these members to interact there must be uniformity, such as weight & measures, values.. you know.. standards.. that's where ISO comes into play.  They write standards that ensure nations are doing things to the same level.  So aspect #2 of security.. standards.  It is also important to remember that the ISO standards are a matched set, if you are following 27001, you'll never do anything to endanger your manfacturing unit's ISO9001 certification, or your App Development team's 13331 (IIRC) processes.

The last group deals with how the money flows between nations.  This organization is called COSO, or the Committee of Sponsoring Organizations of the Treadway Commission.  This body deals with money, and CFO's, so naturally they are interested in governance.  Things such as the rules for accounting originate in this body, so naturally auditing will be closely tied to these rules.  Part 3 of security - Accountability

So, a lot of people misunderstand the differences between these groups and what exactly is going on.  I hear people say "is your IT security ITIL, or CoBit, or ISO?", when the answer should be "Yes".  ISO27001 would be the security controls around your environment, while ITIL would be the process for a help desk interfacing with customers (although it is morphing into something more), and CoBit would be the IT Governance model your CFO uses to validate controls (which should have been developed at the ISO level).

Here is a little slide I made for a presentation to our executives (Credits to David Cannon of CertTest):


Excellent. Can I use the image?
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista

Offline Dracho

  • Global Moderator
  • Rear Admiral
  • *
  • Posts: 18289
  • Gender: Male
Re: Workplaces to see more spats over after-hours
« Reply #15 on: July 08, 2008, 11:51:55 pm »
The diagram illustrating how the various standards interact is based on a diagram by David Cannon of CertTest, out of Dallas.  You should credit him if you use it.  The fire triangle analogy is my original work and you're welcome to use it.
The worst enemy of a good plan is the dream of a perfect plan.  - Karl von Clausewitz