"Big Brother Does
Not Keep
Your Assets Safe"
 |
ISSE 2004 Essay on Employee Privacy and IT Security Pages 75-85
ISBN
3-528-05910-9 |
|
There seem
to be many reasons today to increase employee and user monitoring as a
measure
of security. The well-known insider threat is the first one: Statistics
tell
that security breaches caused by employees or internal users of
information
systems outrun the attacks of external hackers in number and severity.
In
connection to this aspect another motivation to implement workplace
surveillance
is the fact that in many countries a CEO or a board member of a company
can be
held responsible for the use employees make of the communication
systems provided
by their employers. Nowadays a
third reason has become even more important than the two already
mentioned. Organisations
struggling with the increasing pressure by law and by financial
regulations to
implement risk management realise that the behaviour of employees is a
source
of “uncertainty and unpredictability in any organisation’s
environment”. The best measure to minimise this risk seems to
watch
every
person working in an organisation as closely as possible to predict
what he or
she is up to. Companies try to make starting lawsuits against insiders
as easy
as possible. As a result of these considerations preventative security
measures
like access control are often devaluated. Employee monitoring is
presented as
the key to secure IT environments and communication systems. Unfortunately,
technicians and managers tend to overlook the drawbacks and unwanted
side
effects of surveillance. This article will focus on these aspects. It
aims to show
that monitoring can undermine the power of an organisation and its
chance to be
a learning organisation, because the unpredictable elements of the
employees'
behaviour are not only a source of uncertainty, but also a source of
creativity
desperately searched for in a period of weak economy. Furthermore,
surveillance
itself poses new security threats to those who use it thoughtlessly. |
Back
to "University, jobs, publications"
Zurück
zu "IT-Fachbücher"
Impressum