On Sun, 12 Feb 2006, Nick FitzGerald wrote:
Go to HR, explain that the new security policy about not running Google Desktop is make-or-break and explain why. To achieve this you may need higher-level management buy-in, so hopefully you can threaten exposure under HIPAA, Sarbanes-Oxley or some such _IF_ the policy is ever breached. Make it a matter of "if our IDS sees traffic from your machine to desktop.google.com (or whatever) its an automatic HR warning", and then let your standard (two, three, whatever strikes and you're out) HR policy deal with enforcement.
Yes. And one of the prerequisites to this is the ability to monitor and detect this type of traffic.
Which was the reason for my response to J.A.'s e-mail. -- Greg Boyce _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
