Uploaded on

Monitoring employees or actually snooping? Now includes narration by Mike Gillespie - Advent IM MD and Director of Cyber Security Strategy for The Security Institute.

Monitoring employees or actually snooping? Now includes narration by Mike Gillespie - Advent IM MD and Director of Cyber Security Strategy for The Security Institute.

More in: Business , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
537
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
4
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Effective Employee Monitoring Mike Gillespie – MD Advent IM Ltd
  • 2. • Thinking about monitoring employees? • Monitoring or Snooping? • Monitoring, The Data Protection Act (1998) and the ICO • Managing resulting data • CIA h o l i s t i c s e c u r i t y Coming up…
  • 3. Thinking of monitoring employees? Data Protection h o l i s t i c s e c u r i t y
  • 4. Monitoring or Snooping? •Blanket employee coverage - not issue led •Covert – employees unaware •No policy or no education in place •Lack of DPA compliance •Clear, achievable and targeted objective •Employees aware, educated and accepting •Clear compliance with DPA for resultant data..we’ll come onto this later. h o l i s t i c s e c u r i t y
  • 5. Monitoring, DPA and the ICO • Why you are monitoring •What the process is •What you are monitoring – systems, applications, hardware etc •When you will be monitoring •Who will be responsible for monitoring •Who will have access to the data generated by the monitoring •How that resulting data will be held, managed and eventually destroyed Without consistent and effective rules and policies, culture will take over until policy becomes whatever culture dictates. h o l i s t i c s e c u r i t y
  • 6. Managing resulting data creation IT Dept h o l i s t i c s e c u r i t y
  • 7. Managing resulting data creation IT Dept h o l i s t i c s e c u r i t y
  • 8. CIA (not what you think...) integrity Availability confidentiality h o l i s t i c s e c u r i t y
  • 9. CIA (not what you think...) confidentiality Assurance that information is shared only among authorised persons or organisations. Breaches of Confidentiality can occur when data is not handled in a manner adequate to safeguard the confidentiality of the information concerned. Such disclosure can take place by word of mouth, by printing, copying, e-mailing or creating documents and other data etc. The classification of the information should determine is confidentiality and hence the appropriate safeguards. h o l i s t i c s e c u r i t y
  • 10. CIA (not what you think...) integrity Assurance that the information is authentic and complete. Ensuring that information can be relied upon to be sufficiently accurate for its purpose. The term Integrity is used frequently when considering Information Security as it is represents one of the primary indicators of security (or lack of it). The integrity of data is not only whether the data is 'correct', but whether it can be trusted and relied upon. For example, making copies (say by e-mailing a file) of a sensitive document, threatens both confidentiality and the integrity of the information. Why? Because, by making one or more copies, the data is then at risk of change or modification. h o l i s t i c s e c u r i t y
  • 11. CIA (not what you think...) availability Assurance that the systems responsible for delivering, storing and processing information are accessible when needed, by those who need them. h o l i s t i c s e c u r i t y
  • 12. HR Dept Managing resulting data creation h o l i s t i c s e c u r i t y
  • 13. HR Dept Managing resulting data creation h o l i s t i c s e c u r i t y
  • 14. Information Commissioners Office Guidance Section 5 of the ‘Quick guide to the employment practices code’ covers employee monitoring and can be accessed from the ‘For Organisations’ section of the ICO website www.ico.gov.uk h o l i s t i c s e c u r i t y
  • 15. Summary h o l i s t i c s e c u r i t y • Use the ICO Guidance • Have firm, clear objectives and targets • Be open and consistent • Ensure resultant data is managed in line with the Data Protection Act (1998)
  • 16. Find us on..... www.advent-im.co.uk www.adventim.wordpress.com @Advent_IM <insert LI link here> h o l i s t i c s e c u r i t y