Comment by reaperducer
5 hours ago
Working on the systems/security/infrastructure side, we can already do this
IT having the information for security is one thing.
In the hands of power-hungry lower middle managers, it becomes a weapon.
5 hours ago
Working on the systems/security/infrastructure side, we can already do this
IT having the information for security is one thing.
In the hands of power-hungry lower middle managers, it becomes a weapon.
I think that's the difference.
First security job I had, the CISO had already declared that enforcing "no Youtube, porn, whatever" at work was a managerial problem and not a security problem [0]. And when management needed data from computers about an employee, they had to go through security -- they couldn't just fish around on their own. HR was involved, there was a paper trail, and requests were scope limited.
There are companies that do incredibly invasive employee monitoring, but those dystopias don't use EDR or whatever. They use some other vendor's spyware to replace management with creeping.
For some reason I'm reminded of the chains or cables used to keep operator hands (Posson's pull-backs) from being crushed in a press brake.
[0] The malware, etc that can come from those sites was a security problem -- but checking if creepy Bob was looking at boobs on company equipment or even just wasting time had nothing to do with infosec.
In my experience the most common use of this data is to build case for firing someone for cause when upper management wants them out. It's rarely used for actual security purposes.