Home page logo
/

basics logo Security Basics mailing list archives

RE: e-mail policies
From: "Tim Heagarty" <tim () heagarty com>
Date: Tue, 25 Feb 2003 13:35:50 -0700

Isn't all discipline selective? Upper levels of management don't come under
the same scrutiny and rules that the lower levels are required to live
under. The VPs won't be fired for chatting with their kids at college using
IM though they would drop one of their underlings in a heartbeat for the
same thing.

I understand what you are saying but does your HR and Legal agree with the
"occasional use" stance? My client's HR and Legal folks understood that the
people were going to use the systems personally but they required the
"absolutely no personal use" clauses just so they did have a tool available
for selective use. Be sure that you somehow define "occasional use", as it
will be difficult to terminate for just cause if you have not. It is easy to
define "never" and show violation. The employee probably has other things
stacked against them at that point anyway but your AUP won't be one of the
supports for the company's case, which is just why they want an AUP in the
first place.

Tim Heagarty MCSE, MCP+I
"There are only 10 kinds of people in the world, those that understand
binary, and those that don't."
Work: (928) 636-0489
Cell: (928) 533-9690

-----Original Message-----
From: Moeckel, Sharon [mailto:smoeckel () co bucks pa us]
Sent: Tuesday, February 25, 2003 12:40 PM
To: Tim Heagarty; security-basics () securityfocus com
Subject: RE: e-mail policies


My company's current policy is the same.  I am writing one that would allow
occasional use.  Otherwise, they do not enforce it until they want to get
rid of someone - and IMHO that is selective discipline.

-----Original Message-----
From: Tim Heagarty [mailto:tim () heagarty com]
Sent: Monday, February 24, 2003 8:47 PM
To: security-basics () securityfocus com
Subject: RE: e-mail policies


The email policies that I have written don't have any leeway for personal
communications. Any and all messages contained within the system are the
property of the company and may be read by an administrator in the normal
course of their duties. Absolutely no email of a personal nature should ever
be transmitted using the corporate email system.

Now, we all know that personal email is going to be transmitted, and by some
employees that's all that will EVER get transmitted. But, the statement is
out there, the employee had to sign it and if they ignore it and put their
personal information through our system, and they will, then the decision is
theirs and not from the company.

Tim Heagarty MCSE, MCP+I
"There are only 10 kinds of people in the world, those that understand
binary, and those that don't."
Work: (928) 636-0489
Cell: (928) 533-9690

-----Original Message-----
From: pablo gietz [mailto:pablo.gietz () nuevobersa com ar]
Sent: Monday, February 24, 2003 12:03 PM
To: security-basics () securityfocus com
Subject: e-mail policies


Dear gurus

We are defining policies for the use of corporate e-mail, I have doubts
about privacy of messages sent by employees. Since the e-mail system is
intended for business use, we need to prevent sensitive information
disclosure. If we respect the privacy , how can discover infidelity
employee?
 What is your opinion or the standard in this cases? What is the
companies approach?

Thanks a lot.

--
Pablo A. C. Gietz
Jefe de Seguridad Informática
Nuevo Banco de Entre Ríos S.A.
Te.: 0343 - 4201351










  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault