On 3/20/07, Raymond Olavides <[EMAIL PROTECTED]> wrote:
Our jobs (as web developers, or sysad) is not to secure their pc, but to secure the data once it reaches our servers. That's why browsers has levels of security that users can customize. User awareness is better than overpowering user's security practices or controls.
In a corporate environment, sysads will have choice but to implement stringent security measures. One thing you have to take note is that implementing security measures is _not synonymous_ with invasion of privacy. Securing data as it comes and goes is just one facet of implementing security within the organization. It is still the obligation of the admin to employ security tools and policies (group pols, user pols) in order to meet stringent corporate security standards (HIPAA, Sarbanes Oxley, ISO, etc..). In other words, sysads _must_ be the ones to secure the corporate workstation since users have no idea what is going on and will only care about their day to day work flow. Security as the topic goes, is multifaceted. SysAds must secure the data, secure the equipment, and secure user activity. Though there really is a fine line between security and invasion of privacy. Securing user activity means you are only going to limit what the user can and cannot do while within the environment. Securing the equipment means securing how the machines are used, and what devices are allowed access to. And this must be implemented in the most transparent manner and make the user aware of the security policies and related activities that the SysAds will undertake. Actually snooping on users regarding what sites they're using (through remote viewing _without visual indicators that he is being monitored_ ) might be tantamount to invasion of privacy. But producing a list of sites where he has been, through automated tracking, is not invasion of privacy. Key to security is implement the rules and the fence to prevent whatever untoward event that may arise in the future and deter whatever issue that currently exists. Of course, SySAds must know the boundaries that they can tread on in implementing security. Again, with regards to security and privacy, SysAds will be treading on a very thin line. hat has no bite, barks loudest." Registered Linux User #400165 http://baudizm.blogsome.com http://phossil.ifastnet.com Subscribed to: LARTC, Open-ITLUG, PRUG, KLUG, sybase.public.ase.linux
_________________________________________________ Kagay-Anon Linux Users' Group (KLUG) Mailing List [email protected] (http://cdo.linux.org.ph) Searchable Archives: http://archives.free.net.ph
