ABSTRACT
Introduction A business or government agency must confront the risks and opportunities presented by the Internet. Significant security and personnel suitability issues are created when individuals engage in illegal, illicit, and unethical behaviors online. Such behaviors include
◾ Unauthorized release of sensitive, proprietary information, either inadvertently or maliciously
◾ Prohibited acts on work or personal computer systems that have an impact on the enterprise, including criminal and antisocial behavior
◾ Time and attention-intensive personal pursuits that substantially distract individuals from their duties, may expose systems to malicious code, and may usurp information technology (IT) resources, including computer cycles and network bandwidth using the enterprise network
In addition, large quantities of data posted on the Internet may contain references to applicants, employees, contractors, partners, customers, a merger/ acquisition entity, or other individuals who have a relationship with the enterprise. Such references may include information with a material bearing on decision making or that may have a negative impact, such as unauthorized disclosure of proprietary information. The enterprise therefore should create a policy for dealing with Internet investigations by which results must meet all applicable laws and
regulations and withstand possible outside scrutiny.1 These standards do not preclude accessing open-source information, including Internet searching, for authorized purposes other than investigations.
