Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Policy Violations

From: aaa.bbb () ccc com
Date: Tue, 5 May 2009 12:42:09 -0600
John, this is really the wrong place to be asking that question.  It is really more a matter for HR.  IT can identify 
the IT related impact of specific violations but HR and ultimately senior management is going to have to decide what 
level of sanction they want to apply.  

Somebody spending all day surfing non  work related sites is penny ante compared to someone caught running his own 
personal business using corporate computers vs someone with lots of kiddie porn on his work computer.  The level of 
sanction has to reflect the potential impact on the company.  A surfer just wastes his time, the "moonlighter" is 
increasing load on corporate computer resources like servers and internet bandwidth and may expose the company to 
additional unexpected malware attacks.  But the porn-kink can involve the company in external investigations both 
police and media and associated bad publicity.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: