good attempt at breaking down the legalese - handy book to have for reference. ( )

I guess I can count myself lucky. I've always worked with companies who operate on or near the cusp of the latest and greatest ubiquitous technologies. As such, a book detailing the legal liability versus personal freedoms with using such technologies in the workplace, did not provide me very much more information than I already knew, presenting suggested policies that I had seen repeated and rerepeated ad nauseum.

This book takes the reader, presumably an entity who is writing the technology policy for the company, and presents the pros, cons, and everything in between with allowing or disallowing employees to use certain things like smartphones or social media or blogs as part of their job, or even during their off time for personal reasons while on the job.

This may be of interest to people running their own businesses, looking for more information on writing policies that don't sound like they're carved into stone slabs; but for me, the part I found most interesting were the real-world examples.

If you're already working for a company that uses things like Facebook, Twitter, or Blackberries, odds are someone already knows all of this information and has put it into a policy you probably skimmed through on your first day on the job. Otherwise, this book may be good for you or your business. Just be sure to read it yourself before shuffling it up to your CEO, or else you may find that your company will have a more rigid stance on simple things like e-mail and blogging. :O ( )

What a great resource! I learned a lot but also the CD-Rom containing all the policies discussed in the book was worth its weight in gold.

This book is short and easy to read and includes all of the sample policies on a CD-ROM (rtf files). It is more focused on how to write policies so as to reduce the company's liability (i.e. exposure to lawsuits) than on how to write them so as to reduce losses (e.g. secrets getting out by social engineering). What was covered in the scope of this book was covered quite clearly and will help managers make the case for the policies as well as writing them.

However, above and beyond policies to not screw things up, how do you design your workplace so as to prevent screwing things up? I think that this book and something like Kevin Mitnick's books really need each other to round out the whole picture.

In addition, I believe it would help employees to see more specific examples at certain points in the policy. For example, is using a company email address when posting a blog comment (where only the blog's owner/moderator sees the email address) considered company-sponsored enough to require a disclaimer? What counts as confidential information that should not be stored on certain devices? (e.g. those who deal with HIPAA requirements get detailed training on exactly what can and cannot be revealed) What kinds of passwords and so forth must be set up?

Overall, I think this is useful, but I think employers need to know that the policy manual is only the first step in the process.

Possible erratum: p. 70, I suspect she means "incarnations" rather than "incantations," although technically the WWW is only a part of the Internet anyway. ( )

What really worked for me within the text was the explanations of why the different policies should be implemented. The real world examples were also an added advantage giving the reader a window into past experiences which could impact a current company. The sample policies within the text and on the CD provide an excellent opportunity for someone to build upon them and create a substantive policy for their company. What I thought was lacking was additional details on technologies such as flash drives which can be used to steal important documents and files or to load malicious files on the system. Additionally the remote access information was not very detailed since there are many types of remote access include VPN uses. I felt the book was more valuable as a tool in which updating policies or a desk reference would be the best use of the material. ( )