Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security procedure question

From: "Mario A. Spinthiras" <mario () netway com cy>
Date: Tue, 26 Sep 2006 10:51:35 +0300
Henry Troup wrote:

To my opinion, any user not following a company's security policy
should be either 
arrested for possible industrial espionage and/or sabotage of the

company. The minimum

impact should be his/her dismissal from the company as an employee.



Regards,
Mario A. Spinthiras


Mario,

In the real world, "arrested" isn't going to happen for writing down a
password.  And dismissal requires building a solid paper-trail of
published policies and repeated (at least two) warnings and other
disciplinary acts.  Otherwise the company will lose a wrongful-dismissal
lawsuit, at least in North America.

Extreme statements, like that above, undermine your credibility.

Regards,

Henry Troup
Watchfire Corporation
Suite 300, 1 Hines Rd.
Kanata, ON K2K 3C7 Canada
613-599-3888 x4048



Goodmorning Henry,
Thank you for your reply and believe me feedback on solid issues such as integrity and security are most welcome. I would though apreciate tiptoe-ing on my credibility issues as this is something that cannot be determined from an email or my statements in my previous posts. This is usually defined as rude behavious and not professional criticism.
I would however like to share with you the concept on enforcing policies I referred to in my previous posts - taking example medical science which is one of our very important practices today.
In a medical science envirconment you would expect the perfection of it's marvel , or the common result is death , improper treatment , etc.. Therefore you expect a perfection that would bring a patient back to good health. This example was simply to denote that a close to human perfection is possible. Even doctors make mistakes though. 

Down to our real issue...
Users have a concept to remember "dont write down a password or you are in violation of company policies" . Thats as easy as 1+1 . What good would you do with an ignorant employee? Ignorance is grounds for dismissal..
I think ive made my point yet we have escaped the boundaries on which this thread was on which was originally security methodology within computing , yet some users on this post make it a must to go back to the 1+1 childish stuff. Forgive me but I am indeed frustrated with wasting time on security 101.
Ignorant employees get fired. Smart ones get promoted. Following rules is grounds for keeping your job. If DONT WRITE A PASSWORD DOWN is a company policy , North American and beyond , it doesnt matter where you are , you get the boot if you violate policies. 


Many Thanks, Have a great day,
Mario A. Spinthiras


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: