Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ISN] How To Save The Internet

from [Derek Martin] Network Security [Permanent Link]
Subject: Re: [ISN] How To Save The Internet
Date: Wed, 23 Mar 2005 16:47:14 -0500 
On Wed, Mar 23, 2005 at 11:24:14AM -0500, Arndt.WA@forces.gc.ca wrote:

Nonsense. Absurd, ridiculous nonsense.

There is only one party who has any say over what code gets 
executed by a CPU: the owner of that physical property.

Everyone else can go fly a kite.


Hold on. If you're dealing with a large company or government
department, who "physically owns" the computer in question,
you can't tell me that they're going to micromanage exactly
what goes on with that system. They'll delegate the authority
off to someone who'll actually run the equipment. That sounds
like an "*operator* of the CPU" to me...


But the operator, in his professional capacity, is acting as an agent
of the corporation, and has a legal and professional obligation to
make decisions based on what the company has outlined in its policy.
That is, insomuch as he may decide what can or can't be run, he's
acting with the authority of the company, and on behalf of the
company.  In other words, for purposes of deciding what is being run
on the computer, he IS the company.

Many operators are not in a position to make such decisions.  Their
job is only to see that the company's assets are being used in
accordance with company policy.  Failure to do so CAN result in
termination (even if it usually doesn't)...


-- 
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D

Attachment: pgpV5SCAt0Lw6.pgp
Description: PGP signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] RE: [ISN] How To Save The Internet, Michael Wojcik
Next by Date:  RE: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off, Scrimsher, John P
Previous by Thread:  [Full-disclosure] RE: [ISN] How To Save The Internet, Arndt . WA
Next by Thread:  [Full-disclosure] RE: [ISN] How To Save The Internet, Nuno Costa
Indexes:  [Date] [Thread] [Top] [All Lists]