Controversial (maybe) question

[Dan Baxter <danthemanbaxter () gmail com>]

Okay, yesterday at work, I was asked if I could deploy some spyware to a PC
to determine what a particular user is doing.  The requestor was one of our
corporate attorneys, no less.

The concern is that this individual is possibly accessing sensitive
documents and getting them to a competitor.  I'm not at this location, so I
don't know the person, or the exact circumstances or requirements, yet.  I
have been told he's the "unofficial IT guy" for this location, so he may be
wary.

At present, we don't block access to USB drives.  We do block access to
cloud based storage (Dropbox, Copy, Skydrive, etc).

Ironically, this is the same atty that helped shoot down a DLP project I
was working on earlier this year.  I took gratification in pissing her off
by reminding her that this would be a perfect example of why we need one.

Anyway, assuming I get signoff from HR and our Ethics department (still
questionable), are there any suggestions of what I could deploy?  Also, I
realize some testing is going to need to be done to make sure it doesn't
set off alarms on his A/V.  Any other pitfalls I need to be aware of?

Thanks in advance.


Dan Baxter
-------------------------------------------------
Quis custodiet ipsos custodes?

"A sword never kills anybody; it is a tool in the killers hands."-Lucius
Annaeus Seneca, c.4BC-65AD

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com