Henry Troup wrote:
To my opinion, any user not following a company's security policy
should be either
arrested for possible industrial espionage and/or sabotage of the
company. The minimum
impact should be his/her dismissal from the company as an employee.
Regards,
Mario A. Spinthiras
Mario,
In the real world, "arrested" isn't going to happen for writing down a
password. And dismissal requires building a solid paper-trail of
published policies and repeated (at least two) warnings and other
disciplinary acts. Otherwise the company will lose a wrongful-dismissal
lawsuit, at least in North America.
Extreme statements, like that above, undermine your credibility.
Regards,
Henry Troup
Watchfire Corporation
Suite 300, 1 Hines Rd.
Kanata, ON K2K 3C7 Canada
613-599-3888 x4048
Goodmorning Henry,
Thank you for your reply and believe me feedback on solid issues such as
integrity and security are most welcome. I would though apreciate
tiptoe-ing on my credibility issues as this is something that cannot be
determined from an email or my statements in my previous posts. This is
usually defined as rude behavious and not professional criticism.
I would however like to share with you the concept on enforcing policies
I referred to in my previous posts - taking example medical science
which is one of our very important practices today.
In a medical science envirconment you would expect the perfection of
it's marvel , or the common result is death , improper treatment , etc..
Therefore you expect a perfection that would bring a patient back to
good health. This example was simply to denote that a close to human
perfection is possible. Even doctors make mistakes though.
Down to our real issue...
Users have a concept to remember "dont write down a password or you are
in violation of company policies" . Thats as easy as 1+1 . What good
would you do with an ignorant employee? Ignorance is grounds for dismissal..
I think ive made my point yet we have escaped the boundaries on which
this thread was on which was originally security methodology within
computing , yet some users on this post make it a must to go back to the
1+1 childish stuff. Forgive me but I am indeed frustrated with wasting
time on security 101.
Ignorant employees get fired. Smart ones get promoted. Following rules
is grounds for keeping your job. If DONT WRITE A PASSWORD DOWN is a
company policy , North American and beyond , it doesnt matter where you
are , you get the boot if you violate policies.
Many Thanks, Have a great day,
Mario A. Spinthiras
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
