On Tue, 23 May 2000, John, Lester wrote:
> What group in most of your companies handles this function of audit and
> reporting of inappropriate Email and Internet access?
ObSmartAssAnswer: Not the one that mandates 20-line disclaimers in 2-line
e-mails to mailing lists...
In my experience, it's generally a duty of the group which administers the
firewalls (either an INFOSEC group, the 'old Datacomm group', or the
technical admin group with the most clue in most of my experience-
sometimes it's the operational person in charge of peering at logs when
it's a "forced" deployment from on-high rather than a local issue)
Many companys only resort to looking at logs for content issues when there
is a complaint or obvious abuse. Some regularly search for keywords (but
outside of the securities industry it's fairly rare.)
IMO, it's probably considerably better to do it programatically if you're
mandated to do it, that way there's no chance of selective enforcement and
unfair or inconsistant practices. In those instances, it's best that
someone in a management, audit or security role review the material and
determine if the employee's direct supervisor (or HR) should counsel them,
dismiss them, or ask for behavioural clarification (though I've always
thought it'd be good work for an HR person to do.)
If you're going to do it, I'd also advise getting *signed* usage policies
from anyone (including contractors, vendors, salesmen, etc.) who may use
e-mail or the Web to cover you from ECPA charges. I'm not sure what to
advise on the use of SSL to open relay servers and mail encryption- but
make sure your policy covers both cases, because if not you'll possibly
fall south of the "expectation of privacy" clause of ECPA, especially if
someone external to the organization e-mails someone at work and it's
encrypted.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
