Welcome to this, the sixth edition of The ISO27000 Newsletter, designed to keep you abreast of news and developments with respect to the ISO 17799 information security standard.
The information contained is free to our subscribers and provides guidance on a range of practical issues, plus commentary on recent Information Security incidents.
EMPLOYEE INTERNET ABUSE
Although employers are placing increased emphasis on setting up policies covering internet and email abuse, the message is not always getting across to the employees. According to Eric Jacksch, who is president of a leading Canadian IT security firm, employees are continuing to put their employers at risk and also wasting significant levels of corporate resources. These abuses include inappropriate email abuse, loss of productivity through slow web access, and downloading of music, games and pornography.
It is suggested that the first steps to address this are as follows:
- The first step is to ensure that your organization has a clear policy on the acceptable use of the organization's information resources
- Secondly, ensure that this (and other information security policies) is delivered effectively to the employee either through the PC or workstation/desktop, or through the organization's intranet. Also, ensure that the employee is made fully aware of the consequences of non-compliance.
- Thirdly, ensure that the employee is made aware of the organization's right to monitor all email and internet traffic in and out of the organization.
These steps alone should reduce the scale of the problem, but equally importantly, they lay a solid foundation should further action be required. For more policies see the address above.