Security Basics mailing list archives
Re: Policy Violations
From: aaa.bbb () ccc com
Date: Tue, 5 May 2009 12:42:09 -0600
John, this is really the wrong place to be asking that question. It is really more a matter for HR. IT can identify the IT related impact of specific violations but HR and ultimately senior management is going to have to decide what level of sanction they want to apply. Somebody spending all day surfing non work related sites is penny ante compared to someone caught running his own personal business using corporate computers vs someone with lots of kiddie porn on his work computer. The level of sanction has to reflect the potential impact on the company. A surfer just wastes his time, the "moonlighter" is increasing load on corporate computer resources like servers and internet bandwidth and may expose the company to additional unexpected malware attacks. But the porn-kink can involve the company in external investigations both police and media and associated bad publicity. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Policy Violations John D (May 04)
- Message not available
- Re: Policy Violations John D (May 05)
- Message not available
- Re: Policy Violations Stephen Mullins (May 11)
- <Possible follow-ups>
- Re: Policy Violations aaa . bbb (May 05)
- Re: Policy Violations aaa . bbb (May 05)