Dealing with Inappropriate Activity – CompTIA A+ 220-801: 5.4

Unfortunately, you’ll sometimes find that the computing resources in your organization are being used for inappropriate purposes. In this video, you’ll learn how to properly address and resolve these issues.
<< Previous Video: ProfessionalismNext: An Overview of Windows XP >>

Unfortunately in today’s computer networks, you may find yourself in a position of identifying people that may not be doing appropriate things based on your company policies. Or in some cases, they may be doing things that are actually illegal. And in those situations, you may be tasked with both identifying and resolving these types of issues. One of the first things is identifying the problem to begin with. And that will be the first response to the issue. You may have logs that are identifying the inappropriate use on the network. You may be seeing this information in person on someone’s desktop, or there may be data that you can monitor going over the network that identifies the inappropriate use.

When these types of circumstances arise, it’s your responsibility to gather all of this information and protect it. You want to get logs that you might have. You want to go to all your different data sources and gather as much information as possible relating to that particular event. At that point, you’re reporting to the proper channels. This isn’t something that you’ll handle on your own. You’ll almost always be required to involve many different parts of the organization. And you need to make sure you are able to do that as quickly as possible.

Without having a documented security policy, it’s almost impossible to know what might be deemed appropriate and what might be deemed inappropriate. So you want to make sure that you document every part of that. And usually, it’s your security department that’s handling putting together the exact security policies for your organization. The documentation also has to be made available. It’s no good unless people are able to read and understand exactly what’s expected of them when they’re using the network at your organization. And, of course, these things are in constant change. Security policies never stay the same. So you want to be sure, of course, that it is being updated constantly, there is a process in place, and that everybody has access to exactly that information.

Because you’re the one who has access to the data, you’re also going to be expected to keep all of that data safe. You’ll have a chain of custody from the moment you grab that information all the way until you’re finished using that information. So you want to make sure that whatever you do with it, you’re able to make sure that it is not changed. It’s not modified in any way, and that only certain people have access to those details. You’ll also want to be sure that you document everybody who has access to that data. Not only will you have a backup of that information, but you want to put methods in place so that that information is not tampered with.

You don’t want people either deleting information accidentally or on purpose. And it’s very common to take hashes of information so that you can compare the data the day you got it verses looking at the data three months later. Documentation is really the key. All of these logs and the data that you’re gathering is going to make the determination on whether this was inappropriate or not inappropriate. And, therefore, you not only need to collect the data but store it somewhere safe. Make sure that no one can get access to that information or tamper with any of that data. It’s very common to make digital signatures and hashes of everything so that when you look at this data later, you can verify that it is exactly the data that you gathered on day one.