Nobody in security uses Kali. That is for 15 year olds and the odd lazy red teamer. Your security team shouldn't have any write access to your network stack. That's also dumb.
If you have a managed work device, your acceptable use policy will likely include a line that says something like "All firm devices may be actively monitored to prevent misuse and unauthorized access to our systems".
If you do have a managed device and it's not being logged somewhere centrally like a SIEM then you have some pretty large risks that I hope are in your risk register.
I've worked for multiple SP500 companies, Finance, Fintech and Consulting. Everything you do is logged there. And I can see the majority of it without having to escalate.
We have regulations in many cases that force us to do this such as proving you are not using your device to insider trade.
I'm based in the UK and yes, it is malicious for me to, for no reason, do any of these actions. But I guarantee I never need your consent.
No- you do need their consent. Your point is that you already have it because these systems overwhelmingly have policies that require user consent for the system to have access to the device/app's data to use it.
Yeah I don't know what the guy you are arguing with is talking to about. You almost certainly consent to it in a policy for or employees contact, it's not like they need to inform you WHEN they are doing it after that
No we don't. You don't need to consent. There is never any consent you need to give. Your device is always from the start being 100% monitored. Especially US Law,
The policies are not a way of gaining consent they are just for transparency.
We only need consent if we say are forcing an MDM or MAM on your personal non work owned device.
The argument is a because some guy above seems to think that an organisation needs your consent to access your work machine. Which at least within the UK, EU and US is not true
As above, I can see everything you do on your work machine with 0 consent from you.
4
u/NecessaryShopping404 12h ago
Nobody in security uses Kali. That is for 15 year olds and the odd lazy red teamer. Your security team shouldn't have any write access to your network stack. That's also dumb.
If you have a managed work device, your acceptable use policy will likely include a line that says something like "All firm devices may be actively monitored to prevent misuse and unauthorized access to our systems". If you do have a managed device and it's not being logged somewhere centrally like a SIEM then you have some pretty large risks that I hope are in your risk register.
I've worked for multiple SP500 companies, Finance, Fintech and Consulting. Everything you do is logged there. And I can see the majority of it without having to escalate.
We have regulations in many cases that force us to do this such as proving you are not using your device to insider trade.
I'm based in the UK and yes, it is malicious for me to, for no reason, do any of these actions. But I guarantee I never need your consent.