An example of how the staff training on information security, data protection and privacy (IS/DPP) could look.
This part is on an aspect that overarches all previous ones: monitoring. It touches on both perspectives of staff involvement:
- staff works with the data, processes it, etc. and thus is the agent of the company
- the company, to show accountability, should set up a balanced way of controlling the staff, which per se involves processing personal data of the staff members
The slides come with notes that in short explain the visuals on the slides.
3. 3
- Internal - Page
Behind the Curtains
Monitoring is almost entirely behind the
curtains.
But there is also the soft “social control” of
the colleagues and line management.
6. 6
- Internal - Page
Key Takeaways
Monitoring is a part of a proper organization of
(the layers of) security.
ABC Group balances the need for monitoring
with respect of your privacy.
You can find more information on the Sharepoint
webportal.
30 sec IS/DPP survival kit
WrapUp
Editor's Notes
Welcome to the eight part of the baseline training IS/DPP.
Herein we highlight the principles of monitoring.
Monitoring the layers of security, including the human factor, is a red thread throughout it all.
Sometimes it is an explicit legal obligation. For example in the access to the national register it is mandatory.
Most of the time it is an implicit legal obligation as the closing piece of a proper organsation and the layers of security.
Monitoring is almost entirely behind the curtains, with applications that mainly flag strange behavior like a lot of requests on the network.
But there is also the soft “social control” of the colleagues and line management.
Monitoring is not some people in HR or IT constantly looking at every detail you do.
On the contrary.
To respect your privacy as a staff member, ABC Group applies the so-called theory of the landing airplane.
That means that in general the information gathered for reporting is aggregated at a high level and does not allow identification of individuals.
If in that data anomalies are detected, then the team can dig down to a lower level to try to determine where the issue is.
If the issue can be resolved without digging deeper, that is where it ends.
The theory exceptionnaly allows for immediate identification, mainly when there is an immenent threat
to ABC Group’s interests or systems or
to other individuals.
We will not go into depth here, but refer to the intranet page on IS/DPP, where we provide all information.