Watchdog or Guardian? Unpacking the Issues Surrounding the Monitoring of InfoSec Employees

Much work has been conducted on the use of monitoring to improve quality of life (in such domains as the healthcare industry) versus the privacy trade-offs associated with such monitoring. However, little work has been done on the impact of monitoring on employees with information security responsibilities. We present here some initial results from interviews with such professionals, focusing on those who operated in classified environments. In particular, we draw attention to the benefits to being monitored that these employees identified: increased feeling of personal security, the presence of someone to help prevent you from making mistakes, simplifying collaboration in some instances, and the presence of an audit trail for employee protection. We also outline some of the complicating factors that may diminish these benefits. While government monitoring often has a negative connotation, we demonstrate that there are cases when voluntary monitoring as a condition of employment can be seen to have advantages to the employee.

[1]  John Weckert Trust and monitoring in the workplace , 2000, University as a Bridge from Technology to Society. IEEE International Symposium on Technology and Society (Cat. No.00CH37043).

[2]  John Weckert,et al.  Privacy, the Workplace and the Internet , 1999, WebNet.

[3]  Jeretta Horn Nord,et al.  E-monitoring in the workplace: privacy, legislation, and surveillance software , 2006, CACM.

[4]  Susan Gibson,et al.  What Makes an Effective Virtual Learning Experience for Promoting Faculty Use of Technology , 2006 .

[5]  Martin Höst,et al.  A Case Study on Scenario-Based Process Flexibility Assessment for Risk Reduction , 2001, PROFES.

[6]  Nina Wacholder,et al.  Using interview data to identify evaluation criteria for interactive, analytical question-answering systems , 2007, J. Assoc. Inf. Sci. Technol..

[7]  Marti A. Hearst,et al.  Reexamining the cluster hypothesis: scatter/gather on retrieval results , 1996, SIGIR '96.

[8]  Linda Skrla,et al.  Sexism, Silence, and Solutions: Women Superintendents Speak Up and Speak Out , 2000 .

[9]  Joy L. Hart,et al.  Workplace Surveillance and Managing Privacy Boundaries , 2007 .

[10]  J. Barlow,et al.  Implementing complex innovations in fluid multi-stakeholder environments: Experiences of ‘telecare’ , 2006 .

[11]  M. Zabinski,et al.  An interactive internet-based intervention for women at risk of eating disorders: a pilot study. , 2001, The International journal of eating disorders.

[12]  C. Stoll The Cuckoo's Egg : Tracking a Spy Through the Maze of Computer Espionage , 1990 .

[13]  James Bamford,et al.  Body of secrets : anatomy of the ultra-secret National Security Agency : from the Cold War through the dawn of a new century , 2001 .

[14]  M. Myers Qualitative Research and the Generalizability Question: Standing Firm with Proteus , 2000 .

[15]  IT Security Guidelines , 2008 .

[16]  Miranda Rose,et al.  Interviewing people with aphasia: Insights into method adjustments from a pilot study , 2007 .