Which of the following is most appropriate to notify an external user that session monitoring is being conducted?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
Banners at the log-on time should be used to notify external users of any monitoring that is being conducted.A good banner will give you a better legal stand and also makes it obvious the user was warned about who should access the system and if it is an unauthorized user then he is fully aware of trespassing.
This is a tricky question,the keyword in the question is External user.
There are two possible answers based on how the question is presented, this question could either apply to internal users or ANY anonymous user.
Internal users should always have a written agreement first, then logon banners serve as a constant reminder.
Anonymous users, such as those logging into a web site, ftp server or even a mail server; their only notification system is the use of a logon banner.
References used for this question: KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 50
and Shon Harris, CISSP All-in-one, 5th edition, pg 873
The most appropriate method to notify an external user that session monitoring is being conducted is through Logon Banners. Logon Banners refer to a notification message that appears on a user's screen before they log in to a system or application. The banner message can inform the user about the acceptable use policy, legal notices, or other relevant information.
When it comes to session monitoring, it is essential to notify the users to maintain transparency and to ensure that they are aware of their actions being monitored. The logon banner serves as an appropriate notification mechanism as it appears before the user logs in to the system, providing them with the opportunity to read and acknowledge the message.
A wall poster or employee handbook may not be an effective method to notify external users about session monitoring as they may not be easily accessible or noticeable. Additionally, a written agreement may be more suitable for employees who have already signed contracts, but it may not be practical for external users who have limited engagement with the organization.
In summary, using a logon banner is the most appropriate method to notify external users that session monitoring is being conducted as it is transparent, easily accessible, and provides users with the opportunity to acknowledge the message before logging in.