Copyright Goodheart-Willcox Co., Inc. 846 Computer Service and Repair members. Remember, the company goal is to repair all the customers’ computers, not just the ones assigned to you that particular day. Dealing with Prohibited Content or Activity When a technician services and repairs a computer or is maintaining a network system, he or she may encounter prohibited content or prohibited activity. It is the technician’s responsibility to report all illegal activity and content to his or her immediate supervisor, and in some cases, directly to law enforcement. Prohibited content and activity can be any one of numerous activities and content. A few examples include anything illegal, malicious, harassing, invasive of personal privacy, libelous, pornographic, off ensive, and infringes on copyright. Keep in mind this is not an exhaustive list. A good rule of thumb is to report anything you think could be prohibited or illegal content. It is not just the data or the network system at risk of being compromised. Organizations can be held responsible for the actions of their employees or members of the organization. For example, if harassing e-mails are discovered and no action is taken, the victim may choose to retain an attorney and fi le a lawsuit claiming he or she has been forced to work in a hostile work environment. If the company has not taken any corrective actions, it can be held legally responsible for the actions of the employee creating and distributing the harassing e-mails. Any person engaged in a prohibited activity or dealing in prohibited content can be issued a written reprimand for the off ense, be fi red by his or her employer, or, in some cases, prosecuted for criminal activity. Th e following is a list of common prohibited activities and content. However, this is not a complete list of all prohibited activities and content. ■ Engaging in illegal activities such as gambling ■ Distributing spam ■ Soliciting or distributing personal information ■ Collecting information from a minor ■ Engaging in harmful, malicious, or harassing activity or discriminating against, bullying, or humiliating other people ■ Accessing a person’s computer or area of a network without authorization ■ Interfering with or interrupting a network service ■ Intentionally uploading viruses or other malicious programs Companies, schools, and governmental agencies often include a long sample list in their company conduct or policy books. Additionally, most organizations have policy and procedure books that detail how a security incident is to be handled and provide examples of forms that must be completed for any incident that occurs. Th e procedure for handling incidents can be broken down into three general steps: 1. Identify precisely what happened when an unauthorized activity or prohibited material was discovered. 2. Write a complete detailed description of the incident and the procedures you followed. 3. Document the chronological order of the handling of evidence from the time it is fi rst discovered until it reaches trial or conclusion. A security event form can be used for the fi rst step and possibly the second step of the procedure. See Figure 24-11. If additional information must be documented and the security event form does not provide enough space, additional written docu- mentation can be added to the form. 1002: 4.6 TECH TIP When you use your employer’s equipment, such as computers and the network system, you no longer have the right to privacy as you do when using your computer at home. Employers have the right to monitor employee activities on the company computer as well as the network system.