Re: Policy Enforcement

[Valdis Kletnieks <Valdis.Kletnieks () VT EDU>]

On Fri, 26 Mar 2010 13:34:17 EDT, Scott Sweren said:
> - How did you get the authority to impose the sanctions?

Sometimes, the best sanctions are the ones somebody else imposes.

A number of years ago, we had a high-profile incident on campus, where
an ISP's DNS server got hacked and a website redirected to a hacked machine
on campus.  Of course, this meant that within 3 or 4 hours, the hard drive
of the on-campus machine ended up in an evidence bag. The machine had gotten
hacked because a professor had specifically told the grad student admin'ing
the machine not to waste time patching, and the box of course got pwned by
a hack that had a patch available.

So the professor goes to the department chair to get $$ to replace the
hard drive (which at that time was still a pretty sizable chunk of change).
The department chair told the professor "No, this was your screw-up, it's
coming out of your budget".

Randy's office was *swamped* with requests for awareness training for the
next few months.  Nobody else wanted to have that talk with their department
chair. :)

Attachment: _bin
Description: