j.whitaker on 26 October 2006 at 12:11 said:-
> This ties in with the widely held view that most damage/danger comes
> from within an organisation.
Yes, that is a recognised security weakness existing where trustworthiness
is lacking.
It is not valid as a blanket statement across all employees and all
organisations though.
Tinsley, Chris on 26 October 2006 at 12:17 said:-
> Some monitoring of emails has to take place to protect the
> organisation, but I doubt whether any Local authority
> routinely spies on its staff.
> Is this a problem more prevalent in private industry?
>
I was relating to experiences within the public sector.
For example:-
• After a weakening of internal I.T. security mechanisms to facilitate
justification of a dedicated security post and allow some internal
monitoring actions were taken by an individual to gain access to a
particularly sensitive file about some potentially vulnerable employees
which had additional password protection. Luckily for the people involved
all existing data had been deleted some time before any security/monitoring
changes took place.
• An exercise conducted to provide working examples of internal systems
insecurity and intended to identify the need for a full security review and
possible implementation of commercial security packages resulted in open
internal actions which would ensure security risks were unlikely to be
reported and the weaknesses remained out of sight out of mind.
So whilst I do agree that there great dangers for organisations can arise
internally, I do not necessarily agree that monitoring is an effective
mechanism for resolving them or truly increasing organisational security in
any way.
Ian W
> -----Original Message-----
> From: Tinsley, Chris [mailto:[log in to unmask]]
> Sent: 26 October 2006 12:17
> To: Ian Welton; [log in to unmask]
> Subject: RE: [data-protection] Email quarantine systems
>
>
> Like most Local Authorities we "monitor" emails at the
> firewall to filter out, viruses, spam and other unwanted
> content. The problem is always defining unwanted content and
> getting the balance right between privacy for the individual
> and protecting them from offensive or just plain irritating
> email content. All of this "monitoring" is done
> automatically, human intervention happens to check that the
> right emails have been blocked and to release any emails
> which have been blocked for the wrong reasons
>
> I think we can justify all of the decisions we make even if I
> personally do not agree with them (see my views on a previous
> thread Monitoring for swear words) and of course we fiddle
> with the blocking mechanisms to make them perform better.
>
> Some monitoring of emails has to take place to protect the
> organisation, but I doubt whether any Local authority
> routinely spies on its staff.
> Is this a problem more prevalent in private industry?
>
> Chris Tinsley MSc
> Wiltshire County Council
>
> Information is the key
>
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of Ian Welton
> Sent: 26 October 2006 12:04
> To: [log in to unmask]
> Subject: Re: [data-protection] Email quarantine systems
>
> An item I noticed published on the internet by a firewall
> expert may be of interest to this thread. It certainly
> matched my experiences.
>
> "When I started working on firewalls I was surprised to learn
> the company I worked for were more interested in "spying" on
> their employees then keeping crackers out of their networks."
>
> Crackers and organisational politics, with access to personal
> data becoming no more than a power play and privacy merely
> reduced to a respectful deniability whatever next.
>
>
> Ian W
>
>
> Date: Wed, 25 Oct 2006 22:13:22 +0100
> From: Charles Christacopoulos <[log in to unmask]>
> Subject: Re: Email quarantine systems
>
> Tim Trent wrote:
> > No. I have not consented by sending the email, not in the least
> > degree. I send the email to a person in an organisation.
> There are
> > no rules stated before the processing by the system happens.
> > Technically there can be no notices unless the system
> rejects each and
> > every "first inbound email" and states that any email is subject to
> > this type of system
> >
> >
>
> Hi Tim,
>
> For your points to be taken seriously you should stop
> top-posting (the same applies to others). Surely - Shirley
> even if you like airplane (the film that is) - your comment
> is not more important than the one you responded to, however
> much you may think so.
>
> If you can rant so can I. Free country 'n all that.
>
> My most significant contribution to your issue is ...
>
> Geez. The end is near.
> Aye ...
>
> :-)
> Charles
>
>
> --
> Charles Christacopoulos, Management Information Officer,
> Strategic Information Management, Tower Building, University
> of Dundee, Dundee, DD1 4HN, Scotland, United Kingdom.
> Tel: 44(0)1382-344891. Fax: 44(0)1382-348845.
> http://www.somis.dundee.ac.uk/
> :: egothor http://www.egothor.org/
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|