 |
Case Study #3:
Other tracking software including the company's filtering software shows that a specific employee has visited several websites that appear to contain pornography, breaking company policy. HR suggests immediate termination. This happens to be a very valuable employee who has never shown any signs of inappropriate behavior and has always been a very hard worker. In the incident management meeting, the IT Manager suggests checking the reporting provided by the new appliance that was recently installed to track employee workstation activity.
The reports support the evidence from the other tools showing indeed the employee did visit the websites, but it also shows that the activity on each website was extremely brief, actually only split seconds.
The Incident Management Team decides to speak with the employee to get more information about their actions. After interviewing the employee, he admits that on the date in question he had visited the websites, but did so by accident after inadvertently clicking on a link in a spam email in his personal hotmail account. As soon as the first window popped up the employee immediately closed it down and another popped up, again he closed it down quickly only to have another and another occurrence of the sequence. Finally he was able to get the process to stop, but he did not maliciously visit porn web sites.
Management was able to use the evidence to reprimand the employee, but instead of terminating the employee for the more serious pornography violation, they issued a warning about using personal email systems during work hours. In addition, they determined it necessary to create a new Information Security Policy that disallows use of personal email systems while at work.