Systems Security Certified Practitioner – SSCP – Question0478

If an organization were to monitor their employees' e-mail, it should not:

A.
Monitor only a limited number of employees.
B. Inform all employees that e-mail is being monitored.
C. Explain who can read the e-mail and how long it is backed up.
D. Explain what is considered an acceptable use of the e-mail system.

Correct Answer: A

Explanation:

Monitoring has to be conducted is a lawful manner and applied in a consistent fashion; thus should be applied uniformly to all employees, not only to a small number. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 9: Law, Investigation, and Ethics (page 304).