Question

"IT Security Policy Enforcement and Monitoring" Please respond to the following:

Describe how monitoring worker activities can increase the security within organizations.  Describe the rationale that managers should use to determine the degree of monitoring that the organization should conduct.
Explain the extent to which you believe an organization has the right to monitor user actions and traffic. Determine the actions organizations can take to mitigate the potential issues associated with monitoring user actions and traffic.

Answer 1

There are many ways to eliminate the the threats and improving the security within a organisation one such method is use of surveillance and tracking methods,there are lots of valid reasons in favour of monitoring workers,it can help to reaffirm compliance with regulations, videos monitioring or other surveillance helps as a evidence in case of lawsuit and helps to build corporate culture,the main goal behind monitoring workers are to prevent internal work thefts,to make sure that companys resources is being used properly,in case of attendance helps you to check on their overtime and holidays record,it makes worspace safer as the email tracking helps in resolving any kind of harassment claims,not only that it helps in managing workers security if the employess do not respond or are found missing gps look up can be very useful
When it comes to workers monitoring there are various factors you should consider off as there are not many laws regarding that company can monitor the workers but if someone has given a valid legal consent that he can be monitored its legal
There has to be set written policies that workers have to follow:
*Rules:The foundation of any good organisation checks and balances ,a high level manager should be appointed to supervise the monitoring and make sure no personal data is being collected or wrongfully being used they have to set rules for acceptable use of phone,calls messaging,emails and content download from internet there has to be a code of conduct on how monitoring will be done and how the data will be collected

*Transparency :you have to gain there trust and explain the risks for the company from improper use of resources provided to workers

*Proper tools for monitoring or surveillance
like filtering and block the some websites which are not required in a workspace,all the computers and phones provided by company will be monitored but the pc and phones brought by workers has to be monitored with workers consent and some keyword triggers should be used to ignore the data,conference video records are stored to analyse and improving their workers which is good and tracking phone calls is usually used in call services company to ensure customer satisfaction,employer should have moral code to hang up or not record any personal calls and proper equipments should be used to track the employees and main thing they should only be tracked when they are in a office work.

there are no official legal rules regarding the ways in which the employer should monitor so the ethics should be maintained and the consent from the workers should be taken to proceed on surveillance
The actions organizations can take to mitigate the potential issues associated with monitoring user actions and traffic are :

*Formalized and good engineered monitoring program should be established

*Consistently enforce policies and control

*Take a proper consent from the workers and explain about how they will be monitored.

*They have to protect their important assets

there are many examples where the monitoring the workers have saved the company from huge losses and the workers from being harrased;

many insider trading was stopped

Celeste O'Keefe The chief executive of DANCEL Multimedia has fired nearly 5-8 employees for wrongful use of company resources and leaking company data.

Dow Chemical Company fired 50 workers for sending and storingporn or violent emails.

The New York Times fired 20 employees for sending offensive email.

IBM employees spend average of 250hrs in surfing the stuff which were not required.