Analysis of Ethical and Legal Considerations in Security Monitoring

Verified

Added on 2023/03/30

AI Summary

This report analyzes the ethical and legal considerations related to security monitoring and provides insights on forming an incident response plan. It discusses the impact of tracking internet usage on employee privacy and the need for organizations to inform employees about privacy policies. The report also explores the role of audits and logging management in detecting security incidents and regulating security policies. Additionally, it highlights the importance of forming an incident response plan to recover from malware attacks and outlines the requirements for handling such incidents.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION ASSURANCE
INFORMATION ASSURANCE
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1INFORMATION ASSURANCE
Table of Contents
1. Introduction............................................................................................................................3
2. Discussion..............................................................................................................................4
2.1. Analysis of ethical and legal considerations related to security monitoring...................4
2.2. Analysis of audits and logging management process.....................................................4
2.3. Forming an incident response plan.................................................................................4
2.4. Analysis of requirements in the events of accidents.......................................................5
3. Conclusion..............................................................................................................................6
4. References..............................................................................................................................7

2INFORMATION ASSURANCE
1. Introduction
The employees of an organization needs access to internet for personal business
purpose. Sometimes an employee can access malicious websites by mistake and thus the
information about system can leak out through this process. Various organization tracks the
internet usage of their employees to control this kind of situation. This report will analyze
ethical and legal considerations related to security monitoring along with forming a response
plan for the situation.

3INFORMATION ASSURANCE
2. Discussion
2.1. Analysis of ethical and legal considerations related to security monitoring
The employees of an organization have access to the internet system of the
organization. The system of the organization can be affected by malware if any employee
access malicious websites from the system. Some organizations tracks the internet usage of
their employee for this purpose. This method can be said to be unethical as the privacy of an
employee is hampered by this organizational policy. It is illegal according to some standards
as the privacy of an individual is hampered by the application of this policy (Chen et al.
2015). The organizations should inform their employees about the privacy policies of the
organizations for avoiding unethical and illegal monitoring of data.
2.2. Analysis of audits and logging management process
Audits helps to detect the penetration in the computer system of any organization and
the identification of misuse of the system is also detected by this process. Logging is the
process by which the data about this kind of accident is tracked (Jans, Alles and Vasarhelyi
2014). These two process investigate the security incidents which are probable. The
investigators take help from the data tracked by this two process. It also helps to regulate the
security policy of the organization. Audits can track the handling of sensitive information
inside an organization. If any employee is related to illegal handling of sensitive data then
that particular employee can be easily tracked using this methods.
2.3. Forming an incident response plan
An incident response plan is the process to recover from an attack of malware in the
computer system of an organization. A taskforce consisting of IT technician should be
created as a response to the attack for preventing further effect of attack. The cause of the
attack should be analyzed by the technicians and they should identify the cause of attack

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4INFORMATION ASSURANCE
(Luttgens, Pepe and Mandia 2014). The access of the network should be disabled for every
employee and new type of security software should be installed in the system by the
technicians. Identification of the cause would help to reduce the chances of future attack on
the computer system.
2.4. Analysis of requirements in the events of accidents
There are some requirements which should be followed during the accident. These
requirements are analysis of the cause of the attack, communication between the technicians
and the higher authority of the organization, operational tools and software for potential
searching of the cause of accident and taking legal steps against the employees involved with
the case (Angelini, Prigent and Santucci 2015).

5INFORMATION ASSURANCE
3. Conclusion
The conclusion which can be drawn from the above report states that the computer
system of an organization can be affected by the malware attacks. The employees have access
to internet inside an organization and malware can enter through the internet system of the
organization. Some organizations tracks the internet usage of their employee for this purpose.
If the organization tracks the internet usage of their employees without prior knowledge of
the employee then it can be a highly unethical and illegal issue.

6INFORMATION ASSURANCE
4. References
Angelini, M., Prigent, N. and Santucci, G., 2015, October. Percival: proactive and reactive
attack and response assessment for cyber incidents using visual analytics. In 2015 IEEE
Symposium on Visualization for Cyber Security (VizSec)(pp. 1-8). IEEE.
Chen, Y.A.N., Ramamurthy, K.R.A.M. and Wen, K.W., 2015. Impacts of comprehensive
information security programs on information security culture. Journal of Computer
Information Systems, 55(3), pp.11-19.
Jans, M., Alles, M.G. and Vasarhelyi, M.A., 2014. A field study on the use of process mining
of event logs as an analytical procedure in auditing. The Accounting Review, 89(5), pp.1751-
1773.
Luttgens, J.T., Pepe, M. and Mandia, K., 2014. Incident response & computer forensics.
McGraw-Hill Education Group.

1 out of 7

+13062052269

info@desklib.com

Analysis of Ethical and Legal Considerations in Security Monitoring

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Threats, Attacks and Malware in IT Security - Desklib

Analysis of Information Security Issues - OPM Data Breach

Information Security For Businesses

Signs of a Network Data Breach & How to Prevent One

Digital Forensics and Incident Response

Xemba Translations Risk Assessment & Project Performance