Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Boot floppy

From: "Morning Wood" <se_cur_ity () hotmail com>
Date: Sat, 14 Apr 2007 22:30:09 -0700
It seems to me from the OP's follow up post that the primary problem is that they are looking at a highly political situation in a very small company. Small in like 10 staff total kind of small. Companies like that simply don't have HR departments and typically have no policies in place that give an admin any rights. 

dont see why this has gotten to such a big thread...

Employee = Company Asset
Laptop     = Company Asset
------------------------------
no violation or reasonable expectation of privacy
regarding said Company Asset laptop.

It is a company asset, period.
( just like the packets originating from Company network assets )

solution:
1. Call local FBI, aprise of situation.
2. take the laptop away.
3. suspend employee pending forensics.
( same as if if an Employee is suspected of using / doing illegal activity from the company car. While the Employee can take it home and use it for personal use, it is a Company asset and therfore enjoys no reasonable expectation from the protection of privacy. ) 


M.W





------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: