Security Basics mailing list archives
Re: Policy Violations
From: Stephen Mullins <steve.mullins.work () gmail com>
Date: Sun, 10 May 2009 09:26:14 -0400
As everyone else is saying, this is really a matter for HR and Management. If management doesn't care then there isn't anything for you to do unless the law is being broken in which case it would be unethical to not report it, even if you have to go outside of your management chain. Whether or not it will cost you your job is another question. Is there actually a policy that is being violated? There is a general consensus among most IT/Security folks as to what policy "should be", but in some organizations that policy cannot be found in writing. If there is no written policy, then there is no policy violation. That makes the IT person reporting the supposed violation appear overzealous at best. Steve Mullins On Mon, May 4, 2009 at 10:13 AM, John D <tornado579 () gmail com> wrote:
Hi All, I was just wondering about what are the best practices followed in the organiations when it comes to Policy violations. For E.g. Accessing Adult material from the company resources, engaging in malicious activities etc. Your thoughts are welcome. Thanks in advance. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- Policy Violations John D (May 04)
- Message not available
- Re: Policy Violations John D (May 05)
- Message not available
- Re: Policy Violations Stephen Mullins (May 11)
- <Possible follow-ups>
- Re: Policy Violations aaa . bbb (May 05)
- Re: Policy Violations aaa . bbb (May 05)