My 2 cents on this issue, we do all the cd burning for all the stated reasons - plus - we maintain of database of what is on the various cd's AND an offsite copy.
When we burn a cd to go to a client or for a data archive, we burn 2 (or 3) identical cd's. One for the client, one for storage onsite and one for offsite. They have standardized labels and a naming convention. On a regular basis, we will check out a cd and the user will loose it. Well, we just copy the offsite copy (I do it on my home machine). Also, an end user will say "I need the archive from the so-and-so project, I don't know where it was or when it was done or any filenames or who the project manager was but I have this hardcopy of a cad drawing (etc, etc), can you find it for me". Well, lo and behold - we have a database indexed by folder, client, pm, date and project name and project number - here you go. Also, we have an AUP with the legalese in place. Devin L. Meade, CNE, MCP Network Administrator Frankfurt-Short-Bruza www.fsb-ae.com <http://www.fsb-ae.com> -----Original Message----- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, May 13, 2002 9:40 PM To: NT 2000 Discussions Subject: RE: completely OT If someone burned a whole project to CD and sold it too a company, would I be held responsible? No. Would I feel responsible, yes, and everyone would feel that way too because you were dumb enough to give users whatever they wanted to make them feel good and make less work for you. You're preaching to the choir here. Your job isn't to make everyone feel good about themselves that they are empowered to do whatever they want. Your 1st and foremost job is to the integrity and security of that companies data. Any less is negligence. We don't live in 1976 anymore. Corporate theft is HUGE. Companies are hiring people 100% dedicated to network and data security. These are 6 figure positions because people steal and companies lose billions every year. It happens in your company, and it happens in mine. Our job is to keep it to a minimum. You think those programmers that code at home check every bit of data in and then delete it from their computers? Hell no. They keep it. That way they can reuse it at another job, or put it in their resume. Can you stop that? Not really. But you are making things too easy. I have been burned, TWICE. It isn't going to happen three times. You will be too and the day you have to sit in a meeting while an employee is fired and then watch an attorney make him sign a paper allowing you to go to his home to audit his computer, or he will be arrested, you will feel different. -----Original Message----- From: Adam Smith [mailto:[EMAIL PROTECTED]] Sent: Monday, May 13, 2002 6:57 PM To: NT 2000 Discussions Subject: RE: completely OT > Actually you should assume that everyone is going to steal > data. That's your job. 95% of theft happens from the inside. It's not my job to assume anything. Our employees are entrusted with knowledge of our data. They work with it every day. They know it better than ANYONE else. Some of our programmers even work from home, using the Dialup service that THEY WANTED, taking source code out of version control, and working on it AT HOME. What's to stop them putting it on their laptop and taking it home with them? Why is this any different to the world of 1976, in a financial office where the Profits Forecast manager takes home a bunch of files in a manilla folder? Why is this any different? He's not stealing, but he could if he wanted to. Why do we entrust our financial controller with the backbone finances of our company? He could easily imbezzle a couple of hundred thousand here and there and cover his tracks, and who'd be the one figuring out how to cover his tracks? Him. Who's responsible when he gets caught? Me? Because I gave him access to our financial data? Or is HE responsible, for performing the criminal act? Sorry my friends, I'm not responsible for that. We have never had a major security breach and if we were to have one, the responsibility would not be on my shoulders. It would be on the employees shoulders, who breached their terms of employment, and on the Management's shoulders for having to deal with it. It is a part of our business that our staff be able to PERFORM THEIR JOB FUNCTIONS, and part of that is being able to grab data from our server and put it on to CD. If they break that code of conduct, they are in the wrong, not me for providing them with the means to do it. If you gave someone a shovel to help you work on paving a new driveway, and then had that person ran around beheading people with it, would you feel responsible?? > If you have ever seen it, you would understand why I said > that. Imagine if you worked for a software company and a > developer burned your entire new product to CD and then sold > it. You know who's fault that is? Yours. Theirs. > You gave him that > ability. By your theory, everyone should have access to > everything, since everyone can be trusted. You are not doing > your job. You are just trying to make things easy on you. I do not give everybody access to everything. They already work with the data they are entrusted with. There is NOTHING stopping anyone from printing out the source code to our latest major project, *OR* emailing the source code to one of their friends. > As for letting a contractor have a burner on your network, > sorry dude, but that's just stupid. The use of the word "Contractor" is a little different to how you might think -- they are independent businesses, but they are more or less employees. They ONLY work for our company, full-time, and it's just their employment arrangement. Most of them have been here many many years, and worked only for us. It's just a habit to call them that. > Burning CD's does take up my time, but its part of my job. I > want it that way. What happens when we need to get a software update out for a site breakdown on Saturday? Two options > -----Original Message----- > From: Adam Smith [mailto:[EMAIL PROTECTED]] > Sent: Monday, May 13, 2002 3:12 PM > To: NT 2000 Discussions > Subject: RE: completely OT > > > > > > That is probably your biggest mistake. Users regardless of who they > > are should never have burners. You have completely thrown > ANY security > > you have right out the window. > > > > IT should always handle the burning of any media. > > This is your opinion, and not something that "should be," as > you put it. > > The availability of CD burners depends largely on the nature > of the business of your company. In my industry, we have at > least 30 contractors who use their own personal laptops. I'm > not going to stop them from using a laptop with a CD burner > in it, because in the nature of my business, there are times > when people need to create CDs: > > - Our technical writers need to burn documentation CDs EVERY DAY. > - Our Programmers and Project Managers need to burn files > that don't fit on Floppy Drive to CDs so they can hand them > over to clients. > - We often supply CAD drawings to clients. > > The Compact Disc is the easiest and most flexible media type > to use, because floppy disk drives have been ancient > technology for far too long. > > When you hire someone, you don't hire them on the priviso > that they are going to steal data, and then make every effort > to stop them. You don't breathe down their necks and say > "We're the Nazi's of computer security, so leave your HaXX0r > Sk1LLz at home!" > > What's the difference between your HR Officer burning a CD > full of data from your "R:\Human Resources" folder, in > comparison to the same person going through the filing > cabinets and photocopying all of the personnel files? There > is no difference. S/he's already privvy to this kind of > information, and if we didn't trust him/her with that > information, they wouldn't be doing the job they are doing. > > > Now mind you -- our HR Officer does NOT have a CD-Burner. > Our Technical Writers do, I do, and a number of other people > do. But I am not here to say that taking away data from work > is wrong; that's a decision to be made by Upper Management. > > > > -- > Adam Smith > IT Officer > SAGE Automation Ltd > > [EMAIL PROTECTED] > http://www.sageautomation.com > > Phone: (08) 8276 0703 > Fax: (08) 8276 0799 > Mobile: 0414 895 273 > > "Computers are like air-conditioners; they don't work when > you open Windows." > > > > > > -----Original Message----- > > From: Kim Schotanus [mailto:[EMAIL PROTECTED]] > > Sent: Monday, May 13, 2002 9:06 AM > > To: NT 2000 Discussions > > Subject: RE: completely OT > > > > > > about 40 have burners... PR, heads of unit... > > > > > > -----Original Message----- > > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > > Sent: 13 May, 2002 5:33 PM > > To: NT 2000 Discussions > > Subject: RE: completely OT > > > > > > Your users have burners??? > > That is a HUGE security hole. > > > > -----Original Message----- > > From: Kim Schotanus [mailto:[EMAIL PROTECTED]] > > Sent: Monday, May 13, 2002 8:21 AM > > To: NT 2000 Discussions > > Subject: RE: completely OT > > > > > > I want to adapt my firewalls and attachment blocking to > avoid users on > > the domain downloading these things as our blanc CD's and > online times > > are rising too high, and there are rumours that people are swopping > > DVD's hence my question... > > > > -----Original Message----- > > From: Steve Aldred [mailto:[EMAIL PROTECTED]] > > Sent: 13 May, 2002 5:00 PM > > To: NT 2000 Discussions > > Subject: RE: completely OT > > > > > > I don't think you will find anyone who will publicly admit > that they > > know how to violate copyright laws. > > > > Steve > > > > -----Original Message----- > > From: Kim Schotanus [mailto:[EMAIL PROTECTED]] > > Sent: Monday, May 13, 2002 8:58 AM > > To: NT 2000 Discussions > > Subject: RE: completely OT > > > > > > > > Hi guys, > > > > apparently there is a way to download films off the net and > burn them > > on a CD to be played in a DVD player? Any tips welcome. > > > > K/ > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > > > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > > ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
