If the company has not stated that these types of

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ess to many parts of computer systems and the network, this does not mean it is ethical and right to overstep the bounds that could threaten a user’s privacy. Only the tasks necessary to enforce the security policy should take place, and nothing further that could compromise another’s privacy. Many lawsuits have arisen where an employee was fired for doing something wrong (downloading pornographic material, using the company’s e-mail system to send out confidential information to competitors, and so on), and the employee sues the company for improper termination. If the company has not stated that these types of activities were prohibited in its policy and made reasonable effort to inform the employee (through security awareness, computer banners, the employee handbook) of what is considered acceptable and not acceptable, and the resulting repercussions for noncompliance, then the employee could win the suit and receive a large chunk of money from the company. So policies, standards, and security-awareness activities need to spell out these issues; otherwise, the employee’s lawyer will claim the employee had an assumed right to privacy. ch10.indd 873 12/4/2009 11:39:09 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 CISSP All-in-One Exam Guide 874 Personal Privacy Protection End users are also responsible for their own privacy, especially as it relates to protecting the data that is on their own systems. End users should be encouraged to use common sense and best practices. This includes the use of encryption to protect sensitive personal information, as well as firewalls, antivirus software, and patches to protect computers from becoming infected with malware. Documents containing personal information, such as credit card statements, should also be shredded. Also, it’s important for end users to understand that when data is given to a third party, it is no longer under their control. Liability and Its Ramifications As legislatures, courts, an...
View Full Document

Ask a homework question - tutors are online