Unformatted text preview: ess to many parts of computer systems and the network, this does
not mean it is ethical and right to overstep the bounds that could threaten a user’s privacy. Only the tasks necessary to enforce the security policy should take place, and
nothing further that could compromise another’s privacy.
Many lawsuits have arisen where an employee was fired for doing something wrong
(downloading pornographic material, using the company’s e-mail system to send out
confidential information to competitors, and so on), and the employee sues the company for improper termination. If the company has not stated that these types of activities were prohibited in its policy and made reasonable effort to inform the
employee (through security awareness, computer banners, the employee handbook) of
what is considered acceptable and not acceptable, and the resulting repercussions for
noncompliance, then the employee could win the suit and receive a large chunk of
money from the company. So policies, standards, and security-awareness activities need
to spell out these issues; otherwise, the employee’s lawyer will claim the employee had
an assumed right to privacy. ch10.indd 873 12/4/2009 11:39:09 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 CISSP All-in-One Exam Guide 874
Personal Privacy Protection
End users are also responsible for their own privacy, especially as it relates to protecting the data that is on their own systems. End users should be encouraged to
use common sense and best practices. This includes the use of encryption to protect sensitive personal information, as well as firewalls, antivirus software, and
patches to protect computers from becoming infected with malware. Documents
containing personal information, such as credit card statements, should also be
shredded. Also, it’s important for end users to understand that when data is given
to a third party, it is no longer under their control. Liability and Its Ramifications
As legislatures, courts, an...
View Full Document
This note was uploaded on 06/01/2013 for the course NET 125 taught by Professor Hurst during the Fall '12 term at Wake Tech.
- Fall '12