Matakuliah Tahun Versi :A0334/Pengendalian Lingkungan Online : 2005 : 1/1 Pertemuan 3 Information at Risk 1 Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu : • Mahasiswa dapat menyatakan Resiko Informasi 2 Outline Materi • Cyberliabilities in The Workplace – Controlling Employee Use of Electronic Communications – Avoiding Monitoring Problems • Data Complacency 3 Cyberliabilities in The Workplace • The rise in electronic methods of communications such as email and the Internet have provided employees with a greater degree of flexibility and freedom. 4 • Employers have good reason to be concerned about email or Internet usage. Time spent on non-business-related emails or surfing the Internet may reduce profitability by reducing time spent on legitimate business. 5 • Employers will also be concerned to prevent the infection of their networks by viruses, which may enter the system via attachments to emails sent from outside. ‘Spam’ (unsolicited or junk email) uses valuable bandwidth and email server space and wastes email recipients’ time. 6 Controlling Employee Use of Electronic Communications • There is an increasing range of products now available that can monitor email and Internet use of communications, which includes guidance on Internet sites to avoid and on the appropriate use of email and the telephone. 7 • The policy should warn employees that their emails may be monitored, highlight the disciplinary sanctions for inappropriate use of email or the Internet, and be included in the employment contracts and company handbook. It is also advisable to put a message on computer screens stating that the computer user consents to monitoring as stated in the company handbook. 8 • Employees should be consulted on the benefits of an Internet policy to ensure that the employer’s conduct is seen as reasonable. 9 Data Complacency • Technologies such as email pose a potentially dangerous shift in corporate mentality, a shift that is seeing the sensitivity of corporate data increasingly undermined through an ability to circulate information with a degree of immediacy tat was unthinkable just a few years ago. Sensitive company documents, which would once have been physically field, marked as confidential and sealed in an envelope when sent to an external party, are now easily accessible from a corporate network by large numbers of employees who have the means at hand to routinely circulate its contents around the world without a second thought. 10 • For centuries technology has been the root cause of changes within business practice. 11 • An email of the highest confidentiality will therefore be subject to digital signing, data encryption and any other mechanism that is in place to guarantee the integrity of the data. A staff memo, depending on its content, may in turn pass through the gateway untouched. 12 • Security labelling is now being applied within the corporate environment, with a new generation of software adopting a more pragmatic approach by managing email on the boundary between organisations and the outside world. This approach offers the benefits of configurable policy-setting at a sever level, allowing the definition and management of email policies from a corporate perspective regardless of desktop set-up. The responsibility for applying security is thus removed from the user and passed back to the organisation. 13 • It seems it is not only the information that is undervalued but also the resulting effects of mismanaged data and the possibility of a breach in confidentiality. 14 The End 15