10-03-2007, 02:04 AM
|
| Junior Member | | Join Date: Sep 2009
Posts: 0
| |
 Re: Employee Monitoring S/W
On Mar 27, 7:17 am, "Hesh" wrote:
> I understand this has always been a topic of debate. However, there
> are no documents that I have come across which clearly states whether
> it's a privacy violation or not. One of the docs is athttp://csrc.nist.gov/publications/nistbul/csl93-03.txt
>
> The concern here is to monitor the employee activities w.r.t data
> theft by the means of pen drives, CD / DVD RW, file uploads etc
> largely by the laptop users. we have to enable these as many of them
> are sales guys or users who are frequently traveling so this is just a
> detective / corrective measure. The data that is carried is of
> sensitive nature.
>
> Though the s/w will be functioning in the stealth mode, the employees
> will be getting a warning message that all the actions on these
> business systems are monitored (as suggested by the most of the docs
> available) and the access to the data collected by the monitoring
> tools will be restricted to few users( a group of security admins)
> only.
>
> Regads,
>
> On Mar 26, 9:01 pm, rober...@hushmail.com (Walter Roberson) wrote:
>
>
>
> > In article <1174894182.494886.105...@p77g2000hsh.googlegroups. com>,
>
> > Hesh wrote:
> > >I'm currently evaluating the employee monitoring software and have
> > >evaluated Spectorsoft and CWAT. I am looking for a software which can
> > >monitor the employee PC activities(programs used, internet surfing,
> > >document printing,screen snapshots etc..), also the data transferred
> > >thru USB drives, CD / DVD RW, files uploaded to the websites with a
> > >copy of the data transferred.
> > >Please let me know if anybody has used / worked on any of such
> > >products.
>
> > In the particular environment I work in, -some- of what you
> > describe would be deemed an illegal invasion of privacy. The
> > person doing the monitoring would also be exposed to confidential
> > email or documents that they did not have a "need to know", possibly
> > violating laws and probably violating confidentiality contracts.
> > For example, suppose an employee were (say) preparing a sexual
> > harassment complaint to be sent to Human Resources: such things
> > are seldom within the authority of the security manager to view.
>
> > Monitoring to the extent you describe could only be justified here
> > for environments in which employees would not be given unrestricted
> > internet surfing access, such as for defence department secret work;
> > what what be called here, "Protected/C" "disclosure of the information
> > could materially damage the security of the country".
>
> > I notice that you do not appear to be on the same continent I am,
> > so I have no idea what your local laws are; still I suggest that
> > you pass your plans by your corporate lawyer.- Hide quoted text -
>
> - Show quoted text -
Oh, and you will also want to think about full disk encryption if the
data's that sensitive. Apocryphal stats suggest that some 40% of
laptops are stolen at some point in their life. I like Pointsec for
this, but it's commercial and expensive.
Ric
 |