Security Basics mailing list archives

Re: in-to-out security

From: Kenton Smith <listsks () yahoo ca>
Date: Tue, 28 Mar 2006 17:59:59 -0500 (EST)


--- Joe George <j.george () conservation org> wrote:

<snip>

1.    Was I right to suggest this rather than help my
colleague look
for an app/training solution?

Yes, I would never agree to secure someone's network
without there being applicable policies in place
first. If there is no policy you have no starting
point from which to come up with a security plan.

2.    How would you convince an obviously passive CTO
to do the right
thing?

Check the law. I know you've asked this further on but
this may be the only way to get through to this guy.
The only other thing I can think of is that if they
expect their employees to trust and respect
management, then management has to do the same thing
in return. Tell them what you're doing up front. The
people who are really against it might quit, but the
ones left behind are probably the ones who are already
using the company's resource properly.

3.    If such an application/training exists, can you
suggest
something?

There are many companies that offer both software and
training programs in user awareness. I don't know any
off-hand but Google will find a bunch.

4.    Is it legal to implement user-monitoring without
informing the
staff?  This is where I think policy

This would be something that he'd have to investigate.
I am not a lawyer and the laws vary from
state-to-state. I'd be very surprised though if there
isn't a precident saying that you at least have to
tell people you're monitoring them.


Kenton


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

in-to-out security Joe George (Mar 28)
- Re: in-to-out security ilaiy (Mar 29)
- RE: in-to-out security David Gillett (Mar 29)
- Re: in-to-out security Kenton Smith (Mar 29)
- <Possible follow-ups>
- RE: in-to-out security Jordan.Dallas (Mar 29)
- RE: in-to-out security Beauford, Jason (Mar 29)
- RE: in-to-out security Joe George (Mar 29)