RE: New workplace security measures. Are they usual?

["Boyd, Chad" <CBoyd () madden com>]

As an admin myself, I'd like to chime in one  a few things:


"I'm two levels below the CEO..."
It sounds like you're either in a position of power, or very close to one. If you suspect that the IT staff are doing 
something unethical, I'd suggest that you contact the manager of their department, or higher if need be. There's no 
point speculating if you can just go ask someone. I'm certain that they will have a somewhat reasonable explanation as 
to why things are the way they are.

"It's probably safest to assume that any communication on an employer-owned pc is NOT private."
Absolutely! While I can understand to a point how a user of our systems may feel like they have some "ownership" of the 
data on their machine, the fact is that the company bought the servers, software, systems and connectivity. They are 
paying you to "produce" while on the clock. In essence, they own the little 1's and 0's on their disks because they 
paid you to put them there. If they wouldn't let you take that computer home with you if you quit or were fired, then 
it's not your data. (and even if they did let you take the system, they should back it up for their records DBAN the 
heck out of the drive first)

"...but what if I discuss the recruitment or dismissal of some personal, the purchase of expensive equipment or other 
sensitive matters?"
If you really believe that your IT staff has the time to screw around on the network and dig into the files of the 
employees, then they must have a LOT of time on their hands. I work in a rather small shop (4 IT folks for about 400 
people) and I think that we're tasked with enough daily work and projects to keep us very busy. Again, if you have a 
problem with the IT department, take this concern to the manager, CIO or higher. Maybe if you're worried, others are 
too, but no one is speaking up.

"In my new workplace, they recently implemented severe security measures..."
How long have you been working there? Perhaps this plan was in the works for a long time and the project just happened 
to kick-off shortly after you started working there. In addition to what others have said about a recent audit or a new 
CISO, maybe the company just got a new client that requires stricter security.

"Maybe I should reformulate the question to address how can we trust the informatics personal"
No offence, but that isn't your job. If you have concerns, take that to the manager or CIO, because they are 
responsible for hiring people that they can trust. If the CEO is yelling at someone, it's not going to be some peon 
that replaces toner cartridges, it's going to be the guy/gal that hired him/her.

"changed all the BIOS and administrator passwords, protected the computers from case-opening, limited all the Windows 
accounts."
I see nothing here that is out of the ordinary. Short of protecting computers from case opening, we do all of the above 
and it has been standard practice at the last 3 places I have worked.

"and I'm concerned because I believe they can fake any file, document or even email as if I had wrote them."
I won't lie. Any halfway decent Admin can do all of this. I also have the ability to go out into the parking lot, put a 
brick through my bosses window and pee in his car.
Just because someone CAN do something, doesn't mean that they will.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------