Home page logo
/

basics logo Security Basics mailing list archives

RE: e-mail policies
From: "Michael Whang" <michael.whang () computer org>
Date: Tue, 25 Feb 2003 13:19:39 -0700

One of the most important aspects, at least legally, is to write an
acceptable use policy for corporate email and resources.  Just because
the resources belong to a company, one cannot automatically assume that
everything an employee does is privy to the company managers and
administrators.  There's still some semblance of privacy rights in many
countries.  

You, as the IT administrator or manager, need to clearly write down what
an employee can and cannot do.  Also, another important aspect is to
declare what penalties exist if an infraction occurs.  As an example:
"We, as the company, own the resources and expect each and every
employee to follow company policies and procedures regarding acceptable
use of said resources...and we will from time to time audit usage of
company resources to include email correspondence."

Most importantly, when writing an acceptable use policy, consult with
your corporate attorney to hammer out the legalese.   

-----Original Message-----
From: chris [mailto:chris () byteme no] 
Sent: February 25, 2003 02:16
To: security-basics () securityfocus com
Subject: RE: e-mail policies

Dear gurus

We are defining policies for the use of corporate e-mail, I have
doubts
about privacy of messages sent by employees. Since the e-mail system
is
intended for business use, we need to prevent sensitive information
disclosure. If we respect the privacy , how can discover infidelity
employee?
 What is your opinion or the standard in this cases? What is the
companies approach?

Thanks a lot.

--
Pablo A. C. Gietz
Jefe de Seguridad Informática
Nuevo Banco de Entre Ríos S.A.
Te.: 0343 - 4201351

Hi

Although I'm not a guru, I'll give you my opinion (probably not the
standard
;).

Define strict policies.  Make it clear that the corporate e-mail is not
for
personal use.  Why?  Because studies on the use of corporate e-mail show
that the productivity, in many cases, is decreased.  Sending personal
e-mail
to colleagues or people outside the corporation generates expectations
on
reply, and results in the habit of checking for new mail very often, and
therefore interrupts work.
There you go - no need for privacy anymore.  Now you can install e-mail
filters, e.g. based on words that's not acceptable in corporate
messages,
and bust infidel employees.


- chris



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault