> Actually you should assume that everyone is going to steal > data. That's your job. 95% of theft happens from the inside.
It's not my job to assume anything. Our employees are entrusted with knowledge of our data. They work with it every day. They know it better than ANYONE else. Some of our programmers even work from home, using the Dialup service that THEY WANTED, taking source code out of version control, and working on it AT HOME. What's to stop them putting it on their laptop and taking it home with them? Why is this any different to the world of 1976, in a financial office where the Profits Forecast manager takes home a bunch of files in a manilla folder? Why is this any different? He's not stealing, but he could if he wanted to. Why do we entrust our financial controller with the backbone finances of our company? He could easily imbezzle a couple of hundred thousand here and there and cover his tracks, and who'd be the one figuring out how to cover his tracks? Him. Who's responsible when he gets caught? Me? Because I gave him access to our financial data? Or is HE responsible, for performing the criminal act? Sorry my friends, I'm not responsible for that. We have never had a major security breach and if we were to have one, the responsibility would not be on my shoulders. It would be on the employees shoulders, who breached their terms of employment, and on the Management's shoulders for having to deal with it. It is a part of our business that our staff be able to PERFORM THEIR JOB FUNCTIONS, and part of that is being able to grab data from our server and put it on to CD. If they break that code of conduct, they are in the wrong, not me for providing them with the means to do it. If you gave someone a shovel to help you work on paving a new driveway, and then had that person ran around beheading people with it, would you feel responsible?? > If you have ever seen it, you would understand why I said > that. Imagine if you worked for a software company and a > developer burned your entire new product to CD and then sold > it. You know who's fault that is? Yours. Theirs. > You gave him that > ability. By your theory, everyone should have access to > everything, since everyone can be trusted. You are not doing > your job. You are just trying to make things easy on you. I do not give everybody access to everything. They already work with the data they are entrusted with. There is NOTHING stopping anyone from printing out the source code to our latest major project, *OR* emailing the source code to one of their friends. > As for letting a contractor have a burner on your network, > sorry dude, but that's just stupid. The use of the word "Contractor" is a little different to how you might think -- they are independent businesses, but they are more or less employees. They ONLY work for our company, full-time, and it's just their employment arrangement. Most of them have been here many many years, and worked only for us. It's just a habit to call them that. > Burning CD's does take up my time, but its part of my job. I > want it that way. What happens when we need to get a software update out for a site breakdown on Saturday? Two options > -----Original Message----- > From: Adam Smith [mailto:[EMAIL PROTECTED]] > Sent: Monday, May 13, 2002 3:12 PM > To: NT 2000 Discussions > Subject: RE: completely OT > > > > > > That is probably your biggest mistake. Users regardless of who they > > are should never have burners. You have completely thrown > ANY security > > you have right out the window. > > > > IT should always handle the burning of any media. > > This is your opinion, and not something that "should be," as > you put it. > > The availability of CD burners depends largely on the nature > of the business of your company. In my industry, we have at > least 30 contractors who use their own personal laptops. I'm > not going to stop them from using a laptop with a CD burner > in it, because in the nature of my business, there are times > when people need to create CDs: > > - Our technical writers need to burn documentation CDs EVERY DAY. > - Our Programmers and Project Managers need to burn files > that don't fit on Floppy Drive to CDs so they can hand them > over to clients. > - We often supply CAD drawings to clients. > > The Compact Disc is the easiest and most flexible media type > to use, because floppy disk drives have been ancient > technology for far too long. > > When you hire someone, you don't hire them on the priviso > that they are going to steal data, and then make every effort > to stop them. You don't breathe down their necks and say > "We're the Nazi's of computer security, so leave your HaXX0r > Sk1LLz at home!" > > What's the difference between your HR Officer burning a CD > full of data from your "R:\Human Resources" folder, in > comparison to the same person going through the filing > cabinets and photocopying all of the personnel files? There > is no difference. S/he's already privvy to this kind of > information, and if we didn't trust him/her with that > information, they wouldn't be doing the job they are doing. > > > Now mind you -- our HR Officer does NOT have a CD-Burner. > Our Technical Writers do, I do, and a number of other people > do. But I am not here to say that taking away data from work > is wrong; that's a decision to be made by Upper Management. > > > > -- > Adam Smith > IT Officer > SAGE Automation Ltd > > [EMAIL PROTECTED] > http://www.sageautomation.com > > Phone: (08) 8276 0703 > Fax: (08) 8276 0799 > Mobile: 0414 895 273 > > "Computers are like air-conditioners; they don't work when > you open Windows." > > > > > > -----Original Message----- > > From: Kim Schotanus [mailto:[EMAIL PROTECTED]] > > Sent: Monday, May 13, 2002 9:06 AM > > To: NT 2000 Discussions > > Subject: RE: completely OT > > > > > > about 40 have burners... PR, heads of unit... > > > > > > -----Original Message----- > > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > > Sent: 13 May, 2002 5:33 PM > > To: NT 2000 Discussions > > Subject: RE: completely OT > > > > > > Your users have burners??? > > That is a HUGE security hole. > > > > -----Original Message----- > > From: Kim Schotanus [mailto:[EMAIL PROTECTED]] > > Sent: Monday, May 13, 2002 8:21 AM > > To: NT 2000 Discussions > > Subject: RE: completely OT > > > > > > I want to adapt my firewalls and attachment blocking to > avoid users on > > the domain downloading these things as our blanc CD's and > online times > > are rising too high, and there are rumours that people are swopping > > DVD's hence my question... > > > > -----Original Message----- > > From: Steve Aldred [mailto:[EMAIL PROTECTED]] > > Sent: 13 May, 2002 5:00 PM > > To: NT 2000 Discussions > > Subject: RE: completely OT > > > > > > I don't think you will find anyone who will publicly admit > that they > > know how to violate copyright laws. > > > > Steve > > > > -----Original Message----- > > From: Kim Schotanus [mailto:[EMAIL PROTECTED]] > > Sent: Monday, May 13, 2002 8:58 AM > > To: NT 2000 Discussions > > Subject: RE: completely OT > > > > > > > > Hi guys, > > > > apparently there is a way to download films off the net and > burn them > > on a CD to be played in a DVD player? Any tips welcome. > > > > K/ > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > > > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > > ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
