Question-   CSG 3309 IT Security Management

Solution-

Executive summary

For this scenario, I support organizations shouldmonitor their employee’s email, web usage, and online activities if the security of an organization can be improved. In this, I started with an introduction then continued to reason then progressed to advantages and ends with a conclusion.

Introduction

Employee monitoring is generally surveying employee activities with the help of a software or using any other mediums. There is always a clash between monitoring vs privacy at the workplace. Some support it and some do not. But when considering organizations in this cyber/digital era it’s better to support it because without proper monitoring we cannot proceed further our business. What if an employee turns around his/her employer and decided to misuse his privileges then definitely it will cause a severe impact on the organization? And what if the same employee decided to leak your organization’s critical information resources? Or what if the threat comes within the organization which usually won’t be in risk analysis/mitigation strategies.

Reasons

There are several reasons why an organization should monitor its employee’s activities such as their emails, web usage. The primary reason is to protect the organization against legal problems. When we look at the current digital workplaces majority of the organizations equipped with the required resources to connect with the internet and their employees have access to them. So, in this case, if an employee uses the provided resources for illegal activities such as online bullying then the organization will get affect and face legal, and as well as reputation damages.

Insider threats

Insider threat is basically the threat that raises from within the organization. The successful insider threat attacks are due to non-adequate monitoring. According to Verizon’s 2019 Annual threat report (Verizon, 2019) , 34% of all the security breaches occurred in 2018 are due to insider threats and the percentage is 6% higher than 2017 and 9% higher than 2016.

According to Accenture & Ponemon’s research (Accenture/Ponemon Institute, 2019)  on the cost of cybercrime research 2019 reveals that the average cost of an insider threat is 1,621,075 USD in 2019 which is 15% higher than compared with 2018.

Example of insider threat

One of the examples for this insider threat is Anthem Medicare Insurance which took place in 2017. According to reports (espellman, 2017) , it’s been found that one of the employees emailed a file that consists the personal information of 18500 anthem members such as their Medicare ID numbers, including Social Security numbers, Health Plan ID numbers, names and dates of enrolment. This breach resulted in Anthem to pay 115 Million USD to settle the lawsuit. This entire thing happened due to an employee which teaches the importance of employee monitoring.

Another incident that happened in 2003 is Bae Systems vs CAAT. In which Bae system used a private detective to spy on CAAT and Where the key players got into CAAT by posing as employees and passed all the information to Bae systems  (High Court of Justice Queen's bench division, 2007).

Easy target

Presently when we look at most of the cybercrimes, they are not targeting an organization’s executive/board members rather they’re targeting low-level employees. Recently in the USA (Lindsey, 2020), it has been found that hackers are targeting the potential employees to spread malware on the organization’s system. Usually, most of the organizations send their employees to proper cybersecurity awareness training but still, employees fail in this at some point especially in business email compromise and/or phishing scams. Sometimes, the failures lead to ransomware attacks also.

In terms of productivity

Apart from the above-stated reasons productivity also involves the need for employee monitoring. A survey conducted in 2012 (Salary.com staff, 2012) particularly highlighted that 64% of employees use non-work related sites (especially Facebook, Twitter, etc..) on a regular basis. Every hour they spent on this directly impacts the financial, and resource consumptions (Budget on IT services like equipment, internet).

Advantages

  • As stated, before the primary advantage would be the organization would be safe. Apart from that we can spot the mistakes and can resolve the issues in an easy manner.
  • This also helps to identify the effective employee in the organization.
  • Also, this helps the organization to save a solid portion of the fund on their infrastructure resources.

Conclusion

Finally, to conclude this, for these reasons I support employee monitoring. Also, from an employee perspective, I must say that these are valid points. Apart from this, each county has its own laws that justify the monitoring. For example in Australia, Workplace Surveillance Act 2005 No 47 (Workplace Surveillance, 2017) justifies employee monitoring under the certain term and conditions which are fair.

Our happy customers

They are fast in responding to homework questions. they have the best technical writers. Thanks for helping me with my programming doubts.

studentDyana
5  stars image

I contact to disklib for homework, they help me out, despite there was some technical issue they gone through extra mile for me and provide me good quality work in first priority. 100% recommended.

studying on laptopAsif Waheed
5  stars image

Desklib's study resources are best & unique. Their study database is easy to access and easy to use.
100 % recommended.

library and studentsMike Taylor
5  stars image