Re: Employee Monitoring S/W
- From: "ric" <publicmail@xxxxxxxxxxxxxxxx>
- Date: 28 Mar 2007 02:52:32 -0700
On Mar 27, 7:17 am, "Hesh" <maheshpandi...@xxxxxxxxx> wrote:
I understand this has always been a topic of debate. However, there
are no documents that I have come across which clearly states whether
it's a privacy violation or not. One of the docs is athttp://csrc.nist.gov/publications/nistbul/csl93-03.txt
The concern here is to monitor the employee activities w.r.t data
theft by the means of pen drives, CD / DVD RW, file uploads etc
largely by the laptop users. we have to enable these as many of them
are sales guys or users who are frequently traveling so this is just a
detective / corrective measure. The data that is carried is of
sensitive nature.
Though the s/w will be functioning in the stealth mode, the employees
will be getting a warning message that all the actions on these
business systems are monitored (as suggested by the most of the docs
available) and the access to the data collected by the monitoring
tools will be restricted to few users( a group of security admins)
only.
Regads,
On Mar 26, 9:01 pm, rober...@xxxxxxxxxxxx (Walter Roberson) wrote:
In article <1174894182.494886.105...@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
Hesh <maheshpandi...@xxxxxxxxx> wrote:
I'm currently evaluating the employee monitoring software and have
evaluated Spectorsoft and CWAT. I am looking for a software which can
monitor the employee PC activities(programs used, internet surfing,
document printing,screen snapshots etc..), also the data transferred
thru USB drives, CD / DVD RW, files uploaded to the websites with a
copy of the data transferred.
Please let me know if anybody has used / worked on any of such
products.
In the particular environment I work in, -some- of what you
describe would be deemed an illegal invasion of privacy. The
person doing the monitoring would also be exposed to confidential
email or documents that they did not have a "need to know", possibly
violating laws and probably violating confidentiality contracts.
For example, suppose an employee were (say) preparing a sexual
harassment complaint to be sent to Human Resources: such things
are seldom within the authority of the security manager to view.
Monitoring to the extent you describe could only be justified here
for environments in which employees would not be given unrestricted
internet surfing access, such as for defence department secret work;
what what be called here, "Protected/C" "disclosure of the information
could materially damage the security of the country".
I notice that you do not appear to be on the same continent I am,
so I have no idea what your local laws are; still I suggest that
you pass your plans by your corporate lawyer.- Hide quoted text -
- Show quoted text -
Oh, and you will also want to think about full disk encryption if the
data's that sensitive. Apocryphal stats suggest that some 40% of
laptops are stolen at some point in their life. I like Pointsec for
this, but it's commercial and expensive.
Ric
.
- References:
- Employee Monitoring S/W
- From: Hesh
- Re: Employee Monitoring S/W
- From: Walter Roberson
- Re: Employee Monitoring S/W
- From: Hesh
- Employee Monitoring S/W
- Prev by Date: Re: Employee Monitoring S/W
- Next by Date: Web Fraud Victims are stupid and greedy: a policeman writes
- Previous by thread: Re: Employee Monitoring S/W
- Next by thread: Security level of wireless network
- Index(es):
Relevant Pages
|
|
