Monitoring is fine, but what do you do about what you find !
We have a couple of situations recently that have raised an interesting issue.
One prospective client on seeing netReplay’s power to reveal what people are actually doing visibly recoiled and made the comment that he would rather not know.
This not an uncommon reaction, but clearly can’t be the right one.
A new customer of ours is taking what I think is a better approach. They have run the system for a few weeks and have found things that are disturbing to say the least. Their approach is to incrementally revise and enforce their Acceptable Use Policy.
They are seeing where their problems lie and first off sending out general warnings. Then see what problems remain, and if necessary start warning individuals in an iterative process.
Along the way there are been disciplinary issues, but by taking a staged approach they have not had wholesale issues to resolve and the end result will be a much cleaner, compliant organisation.
Risk Manager 1, Threats 0 !