Session Monitoring Notification for Internal Users

Session Monitoring Notification

Prev Question Next Question

Question

Which of the following is most appropriate to notify an internal user that session monitoring is being conducted?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Explanation.

This is a tricky question,the keyword in the question is Internal users.

There are two possible answers based on how the question is presented, this question could either apply to internal users or ANY anonymous/external users.

Internal users should always have a written agreement first, then logon banners serve as a constant reminder.

Banners at the log-on time should be used to notify external users of any monitoring that is being conducted.A good banner will give you a better legal stand and also makes it obvious the user was warned about who should access the system, who is authorized and unauthorized,and if it is an unauthorized user then he is fully aware of trespassing.Anonymous/External users, such as those logging into a web site, ftp server or even a mail server; their only notification system is the use of a logon banner.

References used for this question: KRUTZ, Ronald L.

& VINES, Russel.

D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 50

and Shon Harris, CISSP All-in-one, 5th edition, pg 873

The most appropriate way to notify an internal user that session monitoring is being conducted is through a Logon Banner.

A logon banner is a message that appears on the screen when a user logs in to a system. The banner can be used to display a warning or legal message to the user. In this case, the logon banner would indicate that session monitoring is being conducted and that the user should not expect privacy when using the system.

A wall poster or employee handbook would not be as effective as a logon banner because users may not see the poster or may not read the relevant section of the handbook. A written agreement could be effective but would require each user to sign an agreement and could be difficult to enforce.

Therefore, a logon banner is the most appropriate way to notify internal users that session monitoring is being conducted. It is a clear and direct message that is displayed to the user each time they log in, ensuring that they are aware of the monitoring and cannot claim ignorance if their actions are monitored.