Embed Size (px)
Citation preview
Hosted by
Employee MonitoringBalancing Best Practices and Privacy
by Kevin Beaver, CISSPfounder and principal consultantPrinciple Logic, [email protected]
Copyright © 2003, Principle Logic, LLC, All Rights Reserved.
Hosted by
Kevin Beaver Information security consultant, author, and trainer
15+ years of IT/security experience
Specialize in security incident response, security assessments, network security, and security policy and strategy development
Author of the upcoming book Ethical Hacking for Dummies by John Wiley
Co-author of the new book The Practical Guide to HIPAA Privacy and Security Compliance by Auerbach Publications
Author of the new book The Definitive Guide to Email Management and Security by Realtimepublishers.com
Columnist and information security advisor for SearchSecurity.com, SearchMobileComputing.com, ITSecurity.com, and HCPro’s Briefings on HIPAA newsletter
Hold CISSP, MCSE, MCNE, and IT Project+ certifications
Bachelor’s in Computer Engineering Technology from Southern Polytechnic State University and Master’s in Management of Technology from Georgia Tech
Copyright © 2003, Principle Logic, LLC, All Rights Reserved.
Hosted by
What We’ll CoverBenefits of employee monitoring
When employee monitoring won't work
Implementing an employee monitoring program
Tips for effective employee monitoring policies
Case studies on employee monitoring
Good resources on the subject
BTW – I’m not a lawyer…This isn’t legal advice. Please obtain professional advice that’s tailored to your particular needs!
Copyright © 2003, Principle Logic, LLC, All Rights Reserved.
Hosted by
Questions to Consider
Have you thought about monitoring your
employees’ computer and Internet usage?
Is this monitoring fair?
Do you go for what’s best for the company or
your employees?
Copyright © 2003, Principle Logic, LLC, All Rights Reserved.
Hosted by
Benefits of Employee Monitoring
Enhance employee productivity
Help catch trade secrets leaving the company
Protect the employees and business from sexual harassment, defamation, or illegal activity lawsuits
Copyright © 2003, Principle Logic, LLC, All Rights Reserved.
Hosted by
…Benefits of Employee MonitoringDecrease network bandwidth consumption
Assist with storage capacity planning
Help with management and maintenance of information systems
Copyright © 2003, Principle Logic, LLC, All Rights Reserved.
Hosted by
Best Practice or Invasion of Privacy?Before the Internet, this wasn’t an issue
Who’s doing this?
What about employee rights?
Copyright © 2003, Principle Logic, LLC, All Rights Reserved.
Hosted by
When Monitoring Won’t WorkMorale considerations
Micromanagement
Is this a good business decision?
Copyright © 2003, Principle Logic, LLC, All Rights Reserved.
Hosted by
Who’s Responsible?Can user’s be trusted?
Enforcement of employee monitoring
This is a two way street
Copyright © 2003, Principle Logic, LLC, All Rights Reserved.
Hosted by
Can it Really Work?
Obtain and maintain buy-in
Treat people properly
Show the business value
Tell people what’s expected of them
Copyright © 2003, Principle Logic, LLC, All Rights Reserved.
Hosted by
Implementing the ProgramGet others involved
Obtain buy-in
Look at the big picture – keep morale in check
Focus on expectations
Come up with a detailed plan
Develop policies and sanction plan
Get the word out
Copyright © 2003, Principle Logic, LLC, All Rights Reserved.
Hosted by
Creating Effective Policies
Be as specific as possible
If you say you’re going to do it, then do it…
Make your policies enforceable and enforce
them – for everyone
Bottom line goal is to state “This is how we do
it here.”
Copyright © 2003, Principle Logic, LLC, All Rights Reserved.
Hosted by
…Creating Effective Policies
Should consider including:
• The organization reserves the right…
• When
• What
• How
Copyright © 2003, Principle Logic, LLC, All Rights Reserved.
Hosted by
Technologies to Use
Low-tech and high-tech solutions
Content filtering software
Network analyzers
Desktop solutions
Copyright © 2003, Principle Logic, LLC, All Rights Reserved.
Hosted by
Real-World Case Studies
Copyright © 2003, Principle Logic, LLC, All Rights Reserved.
Hosted by
Finding a BalanceIt’s not going to be easy at first
Don’t allow anything to be assumed
Use meaningful discretion
Never, ever let monitoring get in the way of
productivity
Copyright © 2003, Principle Logic, LLC, All Rights Reserved.
Hosted by
Closing ThoughtsIt’s up to you
Employers should (and do) have the right to decide how their own property is used
Talk to your lawyer and HR experts
Determine what makes the most business sense for your organization
It could be that the risk of monitoring is much less than the risk of not monitoring
Copyright © 2003, Principle Logic, LLC, All Rights Reserved.
Hosted by
THANKS!THANKS!
Copyright © 2003, Principle Logic, LLC, All Rights Reserved.
![CISSP Planning Kit - [SAFEWAY]safewayconsultoria.com/wp-content/uploads/2017/06/global-cissp... · CISSP ® Planning Kit. Have questions? ... CISSP Study Guide, 7th Edition CISSP](https://img.pdfslide.us/doc/110x75/5b7bf36b7f8b9a4c4a8daafb/cissp-planning-kit-safeway-cissp-planning-kit-have-questions-cissp.jpg)
![[eBook][Computer][Security][CISSP]CISSP telecom and network.ppt](https://img.pdfslide.us/doc/110x75/577cc4781a28aba711996c01/ebookcomputersecuritycisspcissp-telecom-and-networkppt.jpg)
