Security Basics mailing list archives

Re: Policy Violations

From: Stephen Mullins <steve.mullins.work () gmail com>
Date: Sun, 10 May 2009 09:26:14 -0400

As everyone else is saying, this is really a matter for HR and
Management.  If management doesn't care then there isn't anything for
you to do unless the law is being broken in which case it would be
unethical to not report it, even if you have to go outside of your
management chain.  Whether or not it will cost you your job is another
question.

Is there actually a policy that is being violated?  There is a general
consensus among most IT/Security folks as to what policy "should be",
but in some organizations that policy cannot be found in writing.  If
there is no written policy, then there is no policy violation.  That
makes the IT person reporting the supposed violation appear
overzealous at best.

Steve Mullins

On Mon, May 4, 2009 at 10:13 AM, John D <tornado579 () gmail com> wrote:

Hi All,

I was just wondering about what are the best practices followed in the
organiations when it comes to Policy violations. For E.g. Accessing Adult
material from the company resources, engaging in malicious activities etc.

Your thoughts are welcome.

Thanks in advance.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec
Institute's Ethical Hacking class. Totally hands-on course with evening
Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified
Penetration Tester exams, taught by an expert with years of real pen testing
experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

Current thread:

Policy Violations John D (May 04)
- Message not available
  - Re: Policy Violations John D (May 05)
- Re: Policy Violations Stephen Mullins (May 11)
- <Possible follow-ups>
- Re: Policy Violations aaa . bbb (May 05)
- Re: Policy Violations aaa . bbb (May 05)