The Dark Side of DLP and Employee Monitoring
My sense as an auditor is that most CIO’s are ethical and conscientious of the responsibility they have over the IT infrastructure, and that includes the opportunity to monitor anyone in the company undetected (especially when there is little or no Segregation of Duties over the IT Security infrastructure). However, I heard once that one or two CIO’s in the USA can not be trusted because they suffer from a psychological need to spy on who ever they dislike, but no one knows who these CIO’s are.
It is the responsibility of every organization to protect itself from thieves, fraudulent activities and those who plot against it in the market place. In order to effectively do that it must implement security processes and it must invest in security infrastructure. One of the processes required for effective security is the monitoring of its valuable assets and personnel which may be deemed at high risk resulting from some form of risk assessment. However, as always, the effectiveness and value of the monitoring process depends on how it is done, who does it and how it is perceived. If discovered, heavy handed employee monitoring can sour good employees and creates a culture of distrust. For companies that want the trust and good will of their employees, this would be a serious problem.
The excerpt below is from an article published in CIO.com dealing with this problem:
“Technology allows for flexibility in how, when, and where people work. However, instead of building a foundation of trust, employers are resorting to heavy-handed monitoring of employees’ actions.”
To read the rest of this article from CIO.com click the link below:
Shared via AddThis
The guy above with the binoculars looks very familiar to me. I think his name is Igor and he is the Manager of security somewhere. Stay away from him, he has no conscience, and spies on his mother just for fun.
Related articles by Zemanta
- Gartner: loosen up on social networks, security (news.cnet.com)