Policies
Acceptable-use policies for employees are the starting point for managing insider risk. The company must define what constitutes the acceptable use of corporate computer resources, and employees must be made aware of these policies (and ideally should acknowledge that they have been made aware).
Policies provide a framework for investigations by defining what actions can be investigated. They can provide consent to search and monitoring (depending, of course, on other applicable laws).
Without policies in place, the organization might find it impossible to punish or terminate an employee. The employee can successfully argue that there was no explicit rule prohibiting a certain conduct, and absent that, the organization has no right ...
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.