Re: Employee Monitoring S/W

On Mar 27, 7:17 am, "Hesh" <maheshpandi...@xxxxxxxxx> wrote:
I understand this has always been a topic of debate. However, there
are no documents that I have come across which clearly states whether
it's a privacy violation or not. One of the docs is athttp://csrc.nist.gov/publications/nistbul/csl93-03.txt

The concern here is to monitor the employee activities w.r.t data
theft by the means of pen drives, CD / DVD RW, file uploads etc
largely by the laptop users. we have to enable these as many of them
are sales guys or users who are frequently traveling so this is just a
detective / corrective measure. The data that is carried is of
sensitive nature.

Though the s/w will be functioning in the stealth mode, the employees
will be getting a warning message that all the actions on these
business systems are monitored (as suggested by the most of the docs
available) and the access to the data collected by the monitoring
tools will be restricted to few users( a group of security admins)
only.

Regads,

On Mar 26, 9:01 pm, rober...@xxxxxxxxxxxx (Walter Roberson) wrote:



In article <1174894182.494886.105...@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,

Hesh <maheshpandi...@xxxxxxxxx> wrote:
I'm currently evaluating the employee monitoring software and have
evaluated Spectorsoft and CWAT. I am looking for a software which can
monitor the employee PC activities(programs used, internet surfing,
document printing,screen snapshots etc..), also the data transferred
thru USB drives, CD / DVD RW, files uploaded to the websites with a
copy of the data transferred.
Please let me know if anybody has used / worked on any of such
products.

In the particular environment I work in, -some- of what you
describe would be deemed an illegal invasion of privacy. The
person doing the monitoring would also be exposed to confidential
email or documents that they did not have a "need to know", possibly
violating laws and probably violating confidentiality contracts.
For example, suppose an employee were (say) preparing a sexual
harassment complaint to be sent to Human Resources: such things
are seldom within the authority of the security manager to view.

Monitoring to the extent you describe could only be justified here
for environments in which employees would not be given unrestricted
internet surfing access, such as for defence department secret work;
what what be called here, "Protected/C" "disclosure of the information
could materially damage the security of the country".

I notice that you do not appear to be on the same continent I am,
so I have no idea what your local laws are; still I suggest that
you pass your plans by your corporate lawyer.- Hide quoted text -

- Show quoted text -

Whilst I can see what you mean, you're going about this the wrong way,
and the vendors of such "security software" are not going to tell you
this.

You should use a combination of Active Directory policies (assuming
Windows) and code of conduct policies to achieve this: viz:
* lock down the PC so users cannot alter network settings. Force
connection to internet to only go via a work VPN thru a web proxy.
Use filtering software to block undesirable sites, or just monitor
this periodically. Check for HTTP uploads, FTP access, etc.
* give them a firm code of conduct to physically sign that states
exactly what their work laptop is to be used for and what the
consequences of not adhering to that policy are, and what your
monitoring policy is. Get a lawyer to help write this or it's a
liability waiting to happen
* if you're worried about preventing print screen and the like, you
have the wrong employees. Nothing is going to stop them printing out
or taking a digital photo, or just writing out the data by hand.

In short, whilst it's tempting to try and put in a draconian system of
control, you need sensible restrictions backed up by a clear policy
document.

Ric

.

Relevant Pages

  • Re: Employee Monitoring S/W
    ... it's a privacy violation or not. ... The concern here is to monitor the employee activities w.r.t data ... violating laws and probably violating confidentiality contracts. ...
    (comp.security.misc)
  • Re: Security Breach... help needed
    ... system and network security so that access privileges can be ... revoked for that employee synchronized with the employee receiving notice. ... Monitor the perimeter often. ... System and network breaches don't ...
    (comp.security.firewalls)
  • Re: Packet sniffing problems
    ... >> asked me to set up a way to monitor employee surfing habits on our ... >> Windows 2000 server network. ... The company has every right to monitor the ...
    (comp.security.misc)
  • Re: [Patch][RFC] fcntl: add ability to stop monitored processes
    ... >> monitor). ... If you are trying to implement a security policy then the selinux ... *Neil Horman ... send the line "unsubscribe linux-kernel" in ...
    (Linux-Kernel)
  • Re: Open_Source
    ... When he finds a Post-It on their monitor with a password (or something ... those LEDs were blinking at the exact rate of the transmitted data, ... regarding security and untrusted code. ...
    (freebsd-questions)