Dailies
- Beast or Buddha
- Caoine
- Echoica
- Jina Bolton
- Lifehacker
- Overclockers Australia
- RiskAnalys.is
- Rory.Blog
- Schneier on Security
- Security Catalyst Community
- Security Ripcord
- Securosis.com
- Slashdot
- Whirlpool
Photos
Categories
- Books
- Computers
- Family
- Forensics
- General
- GTD
- Movies
- Music
- Privacy
- Profession
- Risk
- Security
- University and Studies
- Web Development
Monthly archives
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- December 2006
- June 2006
- May 2006
- April 2006
- March 2006
- August 2005
- July 2005
- June 2005
- May 2005
- April 2005
- February 2005
- October 2004
- September 2004
- August 2004
- July 2004
- June 2004
- May 2004
- April 2004
- March 2004
- February 2004
- January 2004
- December 2003
- November 2003
- October 2003
- September 2003
- August 2003
- July 2003
- June 2003
- May 2003
- April 2003
- March 2003
- February 2003
- January 2003
- December 2002
- November 2002
- October 2002
Search
Mitigating DoS with Employee Monitoring. What.
This article over on Computerworld Australia seems to have a couple of conflicting items that have been bugging me since I read it the other day. The article begins by mentioning potential changes to federal government legislation:
The changes will give employers power to intercept all Internet-based communications without consent, including e-mails and instant message (IM) discussions.
It’s at this point that all of sudden we go on a massive tangent, whereby the Attorney-General is saying that these legislative changes are a counter-terrorism measure, and that these changes could prevent breaches occurring:
…similar to the Estonian Denial of Service (DoS) attacks in which a 19 year-old hacker disabled the Web sites of banks, schools and the Prime Minister’s office.
Hopefully someone out there can explain to me exactly how allowing employers monitoring rights to their employees is a control against denial of service attacks? Or even better, how exactly a denial of service attack equates to a breach? Especially after they’ve done such a good job of defining what an Information Security Breach is in the “Draft Voluntary Information Security Breach Notification Guide“.
An information security breach occurs when personal information is exposed to unauthorised access, use, disclosure or modification as a result of a breach of an agency’s or organisation’s information security.
The only saving grace in the article was the comment from Nick Elsmore from SIFT where he states that these new laws will have minimal impact on businesses due to most enterprises having provisions for Internet monitoring within employee contracts. My experience in a few different enterprises has proven this to be the case.
Posted by Christian 
25 April 2008
2 Responses to “Mitigating DoS with Employee Monitoring. What.”
Oh boy! Sleep! That's when I'm a Viking! Says:
April 28th, 2008at
10:40 pm
Your confusing a Govt. policy (bad) with a guide distributed by the Privacy Commissioner. The hoped effect is that it will prepare the masses for new laws that may or may not come into effect as a result of the ALRC review into the Privacy Act 1988.
Although both Nick and yourself are correct there is a huge impact on the way we currently behave. Today email snooping has to be explicit (if not prohibited by various state laws) through the guise of your employer getting you to sign a policy that says they can snoop. The proposed change however, will mean that you cannot expect that privacy and it will no longer be your ‘right’ to sign away. This is one of the many examples that although seem innocuous are leading Australians ever down the path of police statehood.
@Oh boy!
Whilst I thought initially after reading your comment that I had confused the issue, if you look at the article it’s actually ComputerWorld AU that confused the issue. They mention that these new legislations are meant to help with counter-terrorism AND help prevent hackers stealing data, they then go onto mention that this legislation could help prevent a breach similar to the Estonian DoS!?!?
Unless I’m reading that article completely wrong.
Thanks for commenting!
-C
Post A Comment