ЕКОНОМ1КА: реали часу
№5(10), 2013
ECONOMICS: time realities
1НФОРМАЦ1ЙНЕ ТА МАТЕМАТИЧНЕ ЗАБЕЗПЕЧЕННЯ ЕКОНОМ1ЧНИХ ПРОЦЕС1В
INFORMATION AND MATHEMATICAL SUPPORT OF ECONOMIC PROCESSES
УДК 65.012.123
THE INFORMATION SECURITY SOFTWARE IN BUSINESS
L.N. Lingur, senior lecturer O.G. Yesina, senior lecturer Odessa national polytechnic university, Odessa, Ukraine
Under present conditions business and entrepreneurship, the state apparatus are unimaginable without the application of information technologies. Automating the process of information's collection, storage, processing and using, integrated automation of administrative activity has become a logical stage of public and commercial structures' development.
The growth of information flows, increasing dynamics of business processes and the ever-increasing demands of modern society dictate the need for modernization of the existing and the introduction of new high-tech systems, designed to optimize business in the sphere of enterprise's management.
Problems of business's information security are currently the key components of any enterprise's activity. At the same time the most important are issues of internal security. Solving these problems is not easy, because for carrying out production tasks the company's employees are given access to the company's information resources, including confidential information.
Today, no one doubts that it is necessary to ensure the security of organization's information resources. A common approach to the implementation of this process involves carrying out the examination of system, audit of information security, development of new or correction of existing security policy.
Analysis of recent researches and publications
Nowadays in Ukraine the researches about financial and working time losses due to uncontrolled access to the Internet are almost absent. Most studies are carried out by recruiting and auditing, consulting companies (FBK, Ipsos) [9]. Their researches show that about 70% of Internet traffic is used not in companies' interests; annually each employee spends about 50 hours of working time on websites and in programs, unrelated to work.
ЛтгурЛ.М., CcinaOT. Программ продукты тформацшноi безпеки б пне су
У стати розглядаються причини контролю й облжу робочого часу спшробшшюв, а також програмш засоби мониторингу дш користувач1в на службових комп'ютерах. Визначено оптимальш продукта мониторингу, даш рекомендацп з Ьшього використання. Стаття також буде щкава кер1вникам шдприемств i викладачам таких дисциплш як «1нформащши системи на шдприемствах», «1нформацшний б1знес» i студентам економ1чних i комп'ютерних спещальностей.
Rmo4oei слова: шформацшна безпека, мониторинг дш користувач1в, облпс робочого часу.
ЛингурЛ.Н., ЕсинаО.Г. Программные продукты информационной безопасности бизнеса
В статье рассматриваются причины контроля и учета рабочего времени сотрудников, а также программные средства мониторинга действий пользователей на служебных компьютерах. Определены оптимальные продукты мониторинга, даны рекомендации по их использованию. Статья также будет интересна руководителям предприятий и преподавателям таких дисциплин как «Информационные системы на предприятиях», «Информационный бизнес» и студентам экономических и компьютерных специальностей.
Ключевые слова: информационная безопасность, мониторинг действий пользователей, учёт рабочего времени.
Lingur L.N., Iesina O.G. The information security software in business
The article determines the reasons for control and accounting of staff time, as well as software tools for users' activity monitoring on office computers. The optimal monitoring products, recommendations for their use were given. The article also will be interesting for heads of enterprises and for teachers of «Information systems at enterprises», «Information business» disciplines, for students of economic and computer specialties.
Keywords: information security, users' activity monitoring, time tracking.
iH^opMa^HHe Ta MaTeMara^He 3a6e3ne^eHHa eKOHOMWHHX npo^cÍB
Information and mathematical support of economic processes
A.V. Bochkin's dissertational work "The monitoring system of working time across the enterprise" is definitely interesting. This work reviews existing management techniques, automation of staff time monitoring, including:
— management techniques of the enterprise (ERP,
CRM, BI);
— project management techniques;
— assessing the work of the personnel methodology;
— working hours accounting methodology.
The results of this work are methods of complex staff time monitoring across the enterprise with reference to the use of information systems' resources and formation of time consuming, wages, Internet traffic metrics [1]. The author also examines existing software tools for users' actions monitoring from the standpoints of: existing functionality, availability of ready-made solutions for business, ease of its installation on enterprises' workstations network.
The purpose of this article is to review the main reasons of staff time monitoring and accounting, analysis of modern software for users' actions monitoring and to determine the optimal products from the standpoints of executable functionality.
The main material
Let us consider the reasons for monitoring the office workers' activities.
According to the results of large-scale researches, carried out by a large number of Western companies, the main reason for the low labor efficiency and financial losses of organizations consists in using the work time for other purposes.
The IDC Research company, British Institute of Public Opinion, Business Week newspaper, American Management Association and a number of large Internet projects, such as Vault.com, ZDNet Interactive, Websense and others were involved in the research. [1]
There are many reasons for control and accounting of staff time, as well as for tracking and monitoring users' actions, accounting the software installed on office computers:
Firstly, it is effective working time losses. Unregulated activity of the staff during the working day leads to 40% loss of work efficiency (for American and Russian business).
Secondly, the difficulty of staff's visual control. For people working in the office it is very difficult to control the implementation of work. Employee, sitting in front of the computer all day and being confident in the absence of control, can devote only a small part of his time to work.
Inaction of workers is a particular problem. Scientists in British Institute of Public Opinion have found out that office workers averagely spend 75 minutes of their working time without actions every day. Meanwhile, even an hour of each employee's wasted time for sufficiently large organization radically affects the efficiency of labor and business costs.
The protection of overhead information and commercial secrets must be presented separately. The main threat comes precisely from the "inside" of the organization. 58% of industrial espionage cases and 60% of loopholes use in security systems are handiworks of the company's employees. When monitoring the personnel, you reduce the risk of information leakage.
The most important thing is to assess the economic damage. About 90% of surveyed companies admitted the existence of significant losses, caused by the employees' activities: paid working time, communication channels and other resources are irrationally used. [1]
Proceeding from the above stated reasons, we can make a conclusion about the need for creating the ways to control the activities and organization of employees' work. One of such tools is the working time monitoring systems.
The monitoring system is a convenient tool for the analysis of business. It allows you to identify the problems of employee's work organizing, evaluate their professional qualities and the effectiveness of work in various structural units of the organization.
In recent years, major American and European companies are moving to constant monitoring of their employees' activities. In the western market many monitoring programs are produced. Modern IT-industry also provides the choice among this type of software for corporate executives.
Such programs, as a system of staff time accounting and control LanAgent, feature-rich program Security Curator, as well as software products Boss Everyware, StaffCop Standard and others deserve attention.
Sanctioned monitoring software products are used by the security administrator of computing system to ensure its observability - «computing system property, that allows fixing of users' and processes' activities, using passive objects, as well as clearly setting the IDs of users and processes involved in particular events to prevent violation of security policy and/or ensuring responsibility for certain actions». This property, depending on the quality of its realization, allows a greater or lesser degree of control, how employees comply the established rules of safe work on computers and security policy. What are monitoring programs used for? Their use allows the specialist, responsible for the enterprise's information security, to determine, locate and control:
— all cases of unauthorized access to confidential information with a precise indication of time and networked workstation, from which this attempt was carried out;
— cases of unauthorized software installation;
— use of personal computers during outside working hours, identifying the purpose of such use;
— cases of unauthorized modems usage in the LAN by analyzing the facts of illegally set specialized applications' launching;
ЕКОНОМ1КА: реалп часу
№5(10), 2013
ECONOMICS: time realities
— all cases of critical words and phrases typing, any critical documents preparation, transmission of which to third persons would result in material loss;
— facts of PCs misuse:
— getting reliable information, based on which the information security policy of the enterprise will be developed;
— access to servers and PCs;
— contacts of children while surfing the Internet;
— conducting of information audit;
— computer incidents' exploring and investigating;
— carrying out scientific researches, associated with determining the accuracy, promptness and adequacy of staff response to external influences;
— identifying the loading of computer workplaces at the enterprise;
— restoring the critical information after the failures of computer systems;
— Etc.
On the fig 1 we presented a report on a single computer, in a ratio of ON/OFF, active/inactive. This is one of the reports, both in the content and the type of presentation.
Security Curator is an information security providing system of new generation, uniting in itself the ability to monitor the activities of employees, control their actions and blocking of potentially dangerous information leakage paths.
Security Curator carries out almost all types of monitoring and logging of employees' personal computers. In particular:
— Control of the staff efficiency and main confidential information leakage paths.
The following software products are the most popular among heads of enterprises and system administrators.
Most of the monitoring activities can be performed using a single software package: LanAgent showed itself well when working with 300 workstations, which proves the good scalability of this software.
The special features, provided by the software package LanAgent are especially worth mentioning, such as monitoring of storage devices' connections and disconnections, control of keyed-in and copied texts, which are an instrument for detecting leaks of important information. Tools of reporting allow printing reports, converting them into various types, compiling users work statistics and using it for business purposes. [5]
— Ability to disable or lock applications, processes, files operations, sites, chatting.
— Notification system for security policy violation.
— Generation of detailed statistical reports about the use of computers in the organization.
— Convenient search and data filtering system. Logging of actions allows evaluating the
effectiveness of staff, preventing wasteful use of working hours and identifying potential confidential information leakage paths.
Security Curator conducts real-time monitoring of almost all employees' actions when working at the computer. Information about users' activities is updated in real time mode. At the same time the screenshots saving is constantly carried out when
Отчет по статистике работы компьютера
с : 28.10.13 по : 29.10.13
Имя комгаготера: Tp апрес: Mac апрес:
AX1 102.168.5.5 D0-3A-2M0-79-30.
Время в состоянии выключен: 1д.5ч. 45мин.
Время работы. Од. 10ч. ЗЭммн.
► активная работа: Чч- Эч. изннн
► фОСТОЙ : Од. Оч. 51 нин.
Круговая диаграмма соотношения работы компьютера
Fig. 1. Statistics report window in the system LanAgent
iH^opMa^HHe Ta MaTeMara^He 3a6e3ne^eHHa eKOHOMWHHX npo^cÎB
Information and mathematical support of economic processes
making any action, there is also the possibility of observing the user's desktop in real time. If the user is working with USB-devices, the backup of files is done. [3]
Boss EveryWare logs all the programs, which user launches and takes into account the time, that he spent on them. It records all symbols typed by the user, allowing the computer owner or network administrator to answer questions about created correspondence. Boss EveryWare registers the computer's idle time, notifies the network administrator about installed programs, what software was used and what websites were visited.
Boss EveryWare can warn the user that application or program is prohibited on this computer. Or it can completely disappear from view and secretly keep a log-file of computer usage. This program is password protected and only the network administrator has access to it. [4]
This program allows selecting the reports on user or application, creating filters of incoming and outgoing data, grouping the data, showing full URLs or just domains, displaying non-character keystrokes etc.
StaffCop Standard - system of corporate information security.
StaffCop Standard controls all employees' actions in front of the computers and allows receiving information about the work of each of them in on-line mode and in the form of visual reports over any period of time.
Based on the information collected about users' activity on computers, manager or network administrator can optimize the work schedule of employees, as well as identify and eliminate the leakage of confidential information, analyzing what exactly an employee was doing, and how much time it took. [3]
Main features of the program:
Social networks monitoring: VKontakte, Odnoklassniki and Facebook. It is a possibility to determine: with whom employees communicate, which messages they send, what profiles they view and much more - it will help to detect the spread of confidential information through social networks.
The ability to view all employees' search queries in Yandex, Google, Rambler and many other search systems. This will provide an opportunity to understand, what is relevant for the employee at the moment, whether he is looking for useful information or he is focused on something else.
Generation of detailed reports on the employees' actions at the computer: diagrams of software and games use, diagrams of visiting sites and chatting in ICQ. This makes it possible to determine, on what most of the time at the computer is spent. There is the ability to send reports to email, FTP using the Report Scheduler.
Capturing screenshots - what the employee had seen on the screen;
All correspondence in ICQ, Mail.Ru agent and in other online pagers is available, that will also allow
controlling one of the most common information leakage channels;
Thanks to keyboard spy you can see, what the employee clicks on the keyboard, whether the text relates to work or it is just social interaction with colleagues and friends in the workplace;
Stealth work mode - the system is maximally hidden from the PC's user, and it is difficult to determine that the computer is being monitored;
All actions with the files, history of printed documents, connected USB devices, installed programs and many other activities are logged.
Introduction of StaffCop Standard allows evaluating and improving the effectiveness of the organization, and helps to raise the level of corporate security. The program allows you to keep track of correspondence, in which the employee may disclose confidential information and to determine which files have been copied to removable storage devices. Also, almost all personnel's actions at computers are monitored, which allows you to evaluate the effectiveness of work.
Personnel monitoring system «GLOSAV» -service that combines the convenience and advanced information technologies - makes it possible to significantly improve the efficiency of the enterprise and its competitiveness. [6]
Personal monitoring is a powerful alternative mechanism to improve personnel efficiency. Availability of reliable information about the whereabouts of staff gives you the opportunity to effectively plan the work schedule, increase productivity, reduce costs and improve service quality.
Personnel monitoring system «GLOSAV» is characterized by high productivity and scalability and in combination with flexible settings enables a maximum efficiency when managing the staff.
Yaware system is of particular interest from the standpoint of friendliness towards users.
Unlike the previously discussed software, Yaware is a system that is open for the user; its results of work are available for both manager and employee.
On the one hand, manager can see information about the activities of all employees, from the other hand - each user can analyze their work over a certain period of time. Thus, besides being a tracking tool, system is a tool for time management.
Yaware is an online service to monitor user's activity on a computer. The system automatically collects information about what the employee does on a PC, fixes applications and web sites launching (active tab), time of their activity and inactivity, whereupon it lines up productivity graphics. The service automatically records the start/end of the working day, breaks, actual hours worked.
Yaware fixes what programs/sites are used, when the working day started/stopped and what happened during the day. It allows you to enter data about the time when computer does not work.
The system generates visual reports in the form of graphs and Gantt charts. All graphs and diagrams are
EKOHOMIKA: peoaiï uacy
№5(10), 2013
ECONOMICS: time realities
provided with explanations pop-ups. Information is available online, in your personal account, from a laptop or mobile. You may receive reports on email, indicating graph.
The main advantages of Yaware:
Timing analysis on the productive / unproductive / neutral principles;
A powerful tool for employee's self-control
Fig. 2. Gantt diagram on the staff's activity of one department.
Using the Yaware system for personal use on your workstation. Information is received from the
home computer, for example, is free. The ability to install the system in educational laboratories is of interest. Such installation requires some additional configuration, but it is not impossible. Limitations arise because of the short time frames (90 minutes of teaching time) and the number of users on a single
developers in personal communications.
The following table provides a comparative analysis of a number of monitoring programs' common features:
Table l.Comparative analysis of a number of monitoring programs' common features
№ Functionality Lan Agent Security Curator Yaware Boss EveryWare Staff Cop Standart GLOSAV
1 Monitoring of storage devices +
2 Blocking of various applications running + +
3 Export of reports to popular data formats + + + + + +
4 Distinction of access rights to collected information + + + + +
5 The determination of working time graphic + + + + +
6 Social networks monitoring + + + +
After doing comparative analysis of the most common software products for monitoring, it can be noted, that none of them fully supports the requested functionality. From the viewpoint of information security for companies, that are not using the Internet in their activities, the best choice may be LanAgent or Security Curator products. And conversely: for those organizations, whose products and services are promoted on the principles of e-commerce, Boss EveryWare and Staff Cop Standart will be useful.
Nonetheless, developers still have enough unreached points of improving software products' functional.
A simple method to protect the company from losses and employees from censures is to completely disable the Internet access. But this method is not possible in those organizations, whose activity is somehow connected to the network. In this case, the use of special monitoring programs will help the entrepreneurs to reduce working time and information losses. But keep in mind that installation of such programs on the employees' computers must be set by
1нформацшне та математичне забезпечення економiчних процеав
Information and mathematical support of economic processes
the employment contract. Otherwise, it can be regarded as a violation of human rights and judicially contested.
As a rule, in most commercial companies in conditions of the employment contract the use of Internet resources at the workplace is regulated, or there is an instruction, which is brought to the knowledge of employees when hiring.
Conclusions
The article discusses the reasons for the introduction of programs for monitoring the employees' activities, various monitoring tools were suggested. The software products, that are optimal for use depending on the type of business activity were determined, recommendations for their use were given
References:
1. Бочкин А.В. Система мониторинга рабочего времени в масштабе предприятия: автореф. дис. на соискание степени канд. тех. наук: спец. 05.13.10 спец.: «Управление в социальных и экономических системах» / Бочкин Александр Викторович; Пенз. гос. ун-т - Саранск, 2009 -Количество страниц: 147 с. ил. Саранск, 2009 147 с, Библиогр.: с. 15-16.
2. 5 причин мониторинга деятельности офисных работников. [Електронний ресурс]:Частное охранное предприятие"Авангард - сб" Осуществление учета рабочего времени сотрудников. Мониторинг деятельности персонала. Защита служебной информации и коммерческой тайны — Режим доступу до журн.: http://www.avangard-sb.ru/securitysystem/worktime.php,
3. Н.Д. Красноступ, Д.В. Кудин. Шпионские программы и новейшие методы защиты от них. [Електронний ресурс]: — Режим доступу до журн.: http://bozza.ru/art-75.html, 12.04.2013
4. А. Жмерик. Boss - EveryWare Описание программного продукта [Електронний ресурс]: — Режим доступу до журн.: http://www.softsoft.ru/security-privacy/covert-surveillance/7922.htm,
5. Описание программного продукта LanAgent. [Електронний ресурс]: http://www.lanagent.ru/lanagent_func.html, 20.04. 2013
6. Система мониторинга персонала ГЛОСАВ. [Електронний ресурс]: — Режим доступу до журн.: http://www.glosav.ru/glosav.html, 6.05.2013
7. Соцсети на рабочем месте - зло или благо? [Електронний ресурс]: — Режим доступу до журн.: http://www.odmu.od.ua/statti/socseti-na-rabochem-meste-zlo-ili-blago/, 15.05.2013
8. В плену социальных сетей. [Електронний ресурс]: — Режим доступу до журн.: http://kiev.rabota.ru/rabotodateljam/upravlenie_personalom/v_plenu_sotsialnyh_setej.html, 20.11.2013
9. Соцсети на работе: пожиратель времени или полезный инструмент: [Електронний ресурс]: — Режим доступу до журн.: http://ubr.ua/labor-market/life-at-work/socseti-na-rabote-pojiratel-vremeni-ili-poleznyi-instrument-249379, 21.11.2013
Надано до редакцшно1 колегп 20.11.2013
Лшгур Любов Микола1вна / Liubov M.Lingur
lingurln@rambler.ru
£сша Ольга Геннадпвна / Olga G. Iesina olesas68@mail. ru
Посилання на статтю / Reference a Journal Article:
The information security software in business [Електронний ресурс] /L.N. Lingur, O.G Iesina // Економжа: реалп часу. Науковий журнал. — 2013. — № 5 (10). — С. 175-180. — Режим доступу до журн.: http://www.economics.opu.ua/files/archive/2013/n5.html