Matakuliah
Tahun
Versi
:A0334/Pengendalian Lingkungan Online
: 2005
: 1/1
Pertemuan 3
Information at Risk
1
Learning Outcomes
Pada akhir pertemuan ini, diharapkan mahasiswa
akan mampu :
• Mahasiswa dapat menyatakan Resiko
Informasi
2
Outline Materi
• Cyberliabilities in The Workplace
– Controlling Employee Use of Electronic
Communications
– Avoiding Monitoring Problems
• Data Complacency
3
Cyberliabilities in The Workplace
• The rise in electronic methods of
communications such as email and the
Internet have provided employees with a
greater degree of flexibility and freedom.
4
• Employers have good reason to be
concerned about email or Internet usage.
Time spent on non-business-related
emails or surfing the Internet may reduce
profitability by reducing time spent on
legitimate business.
5
• Employers will also be concerned to
prevent the infection of their networks by
viruses, which may enter the system via
attachments to emails sent from outside.
‘Spam’ (unsolicited or junk email) uses
valuable bandwidth and email server
space and wastes email recipients’ time.
6
Controlling Employee Use of Electronic
Communications
• There is an increasing range of products
now available that can monitor email and
Internet use of communications, which
includes guidance on Internet sites to
avoid and on the appropriate use of email
and the telephone.
7
• The policy should warn employees that
their emails may be monitored, highlight
the disciplinary sanctions for inappropriate
use of email or the Internet, and be
included in the employment contracts and
company handbook. It is also advisable to
put a message on computer screens
stating that the computer user consents to
monitoring as stated in the company
handbook.
8
• Employees should be consulted on the
benefits of an Internet policy to ensure that
the employer’s conduct is seen as
reasonable.
9
Data Complacency
• Technologies such as email pose a potentially
dangerous shift in corporate mentality, a shift
that is seeing the sensitivity of corporate data
increasingly undermined through an ability to
circulate information with a degree of immediacy
tat was unthinkable just a few years ago.
Sensitive company documents, which would
once have been physically field, marked as
confidential and sealed in an envelope when
sent to an external party, are now easily
accessible from a corporate network by large
numbers of employees who have the means at
hand to routinely circulate its contents around
the world without a second thought.
10
• For centuries technology has been the
root cause of changes within business
practice.
11
• An email of the highest confidentiality will
therefore be subject to digital signing, data
encryption and any other mechanism that
is in place to guarantee the integrity of the
data. A staff memo, depending on its
content, may in turn pass through the
gateway untouched.
12
• Security labelling is now being applied within the
corporate environment, with a new generation of
software adopting a more pragmatic approach
by managing email on the boundary between
organisations and the outside world. This
approach offers the benefits of configurable
policy-setting at a sever level, allowing the
definition and management of email policies
from a corporate perspective regardless of
desktop set-up. The responsibility for applying
security is thus removed from the user and
passed back to the organisation.
13
• It seems it is not only the information that
is undervalued but also the resulting
effects of mismanaged data and the
possibility of a breach in confidentiality.
14
The End
15