Security Basics mailing list archives
RE: New workplace security measures. Are they usual?
From: "Boyd, Chad" <CBoyd () madden com>
Date: Tue, 20 Jul 2010 15:44:03 +0000
As an admin myself, I'd like to chime in one a few things: "I'm two levels below the CEO..." It sounds like you're either in a position of power, or very close to one. If you suspect that the IT staff are doing something unethical, I'd suggest that you contact the manager of their department, or higher if need be. There's no point speculating if you can just go ask someone. I'm certain that they will have a somewhat reasonable explanation as to why things are the way they are. "It's probably safest to assume that any communication on an employer-owned pc is NOT private." Absolutely! While I can understand to a point how a user of our systems may feel like they have some "ownership" of the data on their machine, the fact is that the company bought the servers, software, systems and connectivity. They are paying you to "produce" while on the clock. In essence, they own the little 1's and 0's on their disks because they paid you to put them there. If they wouldn't let you take that computer home with you if you quit or were fired, then it's not your data. (and even if they did let you take the system, they should back it up for their records DBAN the heck out of the drive first) "...but what if I discuss the recruitment or dismissal of some personal, the purchase of expensive equipment or other sensitive matters?" If you really believe that your IT staff has the time to screw around on the network and dig into the files of the employees, then they must have a LOT of time on their hands. I work in a rather small shop (4 IT folks for about 400 people) and I think that we're tasked with enough daily work and projects to keep us very busy. Again, if you have a problem with the IT department, take this concern to the manager, CIO or higher. Maybe if you're worried, others are too, but no one is speaking up. "In my new workplace, they recently implemented severe security measures..." How long have you been working there? Perhaps this plan was in the works for a long time and the project just happened to kick-off shortly after you started working there. In addition to what others have said about a recent audit or a new CISO, maybe the company just got a new client that requires stricter security. "Maybe I should reformulate the question to address how can we trust the informatics personal" No offence, but that isn't your job. If you have concerns, take that to the manager or CIO, because they are responsible for hiring people that they can trust. If the CEO is yelling at someone, it's not going to be some peon that replaces toner cartridges, it's going to be the guy/gal that hired him/her. "changed all the BIOS and administrator passwords, protected the computers from case-opening, limited all the Windows accounts." I see nothing here that is out of the ordinary. Short of protecting computers from case opening, we do all of the above and it has been standard practice at the last 3 places I have worked. "and I'm concerned because I believe they can fake any file, document or even email as if I had wrote them." I won't lie. Any halfway decent Admin can do all of this. I also have the ability to go out into the parking lot, put a brick through my bosses window and pee in his car. Just because someone CAN do something, doesn't mean that they will. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- New workplace security measures. Are they usual? securityfocus (Jul 19)
- Re: New workplace security measures. Are they usual? Andy Colson (Jul 19)
- Re: New workplace security measures. Are they usual? Todd Haverkos (Jul 19)
- RE: New workplace security measures. Are they usual? Murda (Jul 20)
- RE: New workplace security measures. Are they usual? Boyd, Chad (Jul 20)
- RE: New workplace security measures. Are they usual? securityfocus (Jul 20)
- RE: New workplace security measures. Are they usual? Erik Soosalu (Jul 20)
- Re: New workplace security measures. Are they usual? Todd Haverkos (Jul 20)
- RE: New workplace security measures. Are they usual? Murda (Jul 20)
- Re: New workplace security measures. Are they usual? Marc-André Laverdière (Jul 21)
- <Possible follow-ups>
- Re: New workplace security measures. Are they usual? tim (Jul 19)
- RE: New workplace security measures. Are they usual? Murda (Jul 20)
- Re: New workplace security measures. Are they usual? Todd Haverkos (Jul 21)
- RE: New workplace security measures. Are they usual? Murda (Jul 21)
- RE: New workplace security measures. Are they usual? Murda (Jul 20)
- Re: New workplace security measures. Are they usual? daniel . diaz (Jul 19)