Discuss your thoughts and opinions on the auditing of employee Internet use
Auditing Employee Usage
Most companies now include an “acceptable use policy” for employees that specifies how employees are permitted to use the Internet in the workplace. In many cases, companies will also back up the AUP by auditing Internet usage on the part of their employees. Discuss your thoughts and opinions on the auditing of employee Internet use. Is auditing an employee’s Internet use at work ethical, or does the employee have a legitimate expectation of privacy at work? If the company did not employ auditing, what would be an effective alternative to ensure compliance with the company’s AUP?Comment on another student’s post. Are these ideas realistic?Risk assessmentRisk assessment is a complex, yet necessary, process. Generally speaking, risk assessment follows this formula: risk = asset value * threat * vulnerability. As a security manager, in order to perform an adequate risk assessment, you will need to determine the business focus, which will in turn give you the value of the IT assets, what the possible threats are for those assets, and how vulnerable the assets might be to attack.Given the previous scenario of a medium-sized retail company with 2000 users, you might determine that assets, such as customer information or business strategy documents, have a high value to the business. What would be the most likely threats to those assets? What would be the most likely vulnerabilities that might expose those assets to attack? Determine a minimum of three likely threats and three likely vulnerabilities, and then provide an overview of the probable risk.Comment on another students’ post.