Jeffrey M. Stanton, associate professor in the School of Information Studies at Syracuse University and director of the Syracuse Information Security Evaluation Project, has recently released a new book, "The Visible Employee: Using Workplace Monitoring and Surveillance to Protect Information Assets -- Without Compromising Employee Privacy or Trust" (CyberAge Books, 2006). The book is co-authored by Kathryn R. Stam, assistant professor of anthropology at the SUNY Institute of Technology in Utica, N.Y. The research for the book was conducted in various Central New York organizations and was supported in part through the CASE Center. Stanton's research team provided a dozen CNY firms with no cost information security assessments that provided positive economic benefits by helping to guard the firms' information assets.
Despite the staggering sums organizations spend on information security, employee behavior is a major risk factor that is frequently overlooked or ignored, often leading to serious problems. The misuse of information systems by employees -- whether through error or intent -- can result in leaked and corrupted data, crippled networks, lost productivity, legal problems, public embarrassment and more. In response, companies are increasingly monitoring and controlling employee usage of network resources including the Internet -- but how well are they doing?
"The Visible Employee" reports the results of an extensive four-year research project, covering a range of security solutions used by organizations as well as the perceptions and attitudes of employees toward workplace surveillance. Emphasizing the human element in information protection, the authors consider whether employee monitoring, supported by well-designed, clearly communicated policies, can strengthen a firm's information security. The result, according to Ted Demopoulos -- a leading consultant, author and speaker on business technology topics including information security -- is "an eye-opening
book for employees with privacy concerns and employers worried about information security." Demopoulos describes the book as "carefully researched and remarkable for its objectivity."
Among the topics covered in "The Visible Employee" are: how employees affect information security; information security technologies and operations; employee monitoring, surveillance and privacy; information technology professionals' perspectives; employee perspectives on information security and privacy; and recommendations for managers, employees and information security professionals.
"Too little attention is paid to the human side of information security," says Stanton. "You need good security technology, and there is a lot of it available, but you also have to be able to educate and motivate employees to do the right thing.
"I wanted to write a research-based book that would show organizations how to develop, monitor and enforce their security policies in a humane and ethical manner."
Stanton has been an associate editor for the Journal of Information Systems Security and Human Resources Management, and his work has been published in top behavioral science journals. Stam teaches courses in anthropology, sociology, cultural diversity, and the social and ethical aspects of information technology. Her qualitative research on information technology and other topics has been published in numerous academic journals.
The CASE Center is a New York State Center of Advanced Technology supported by the New York State Office of Science, Technology and Academic Research (NYSTAR). NYSTAR's broad mission is to make New York State a national leader in high technology academic research and economic development.
"The Visible Employee" is a CyberAge Book from Information Today Inc. It is available through
bookstores; by calling (800) 300-9868; or online at http://www.infotoday.com.
