× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2008

RE: How do you manage your QSECOFR profile and other Q profiles?

And your company is willing to live with this? Amazing.


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Al Mac Wheel
Sent: Tuesday, August 12, 2008 9:54 AM
To: Midrange Systems Technical Discussion
Subject: Re: How do you manage your QSECOFR profile and other Q
profiles?

In summary, we have a mess.
Top management not get involved unless there is a crisis of some kind,
so
consequently we do not have a security policy, just some rules passed
down
from current and former managers.

The guy who fixes stuff outside the 400 ... he would be happy if no one
ever changed any passwords.

Me, I think passwords should be changed
(a) in association with turn-over of key employees
(b) more often, because sometimes before key people are known to be
leaving, they could be plotting

and I believe there should be systems in place where people passwords
stored in such a way that in an emergency authorize company personnel
can
get into co-worker stuff ... I am now moving towards the notion that
this
should be managed by HR, because historically, that dept personnel has
been
the most serious about managing confidential data.

A recent mess:
A key employee SUDDENLY left due to medical emergency.
One day at work, next day in hospital.
She handled all contact with customers & vendors in association with
accounting for cash payments, checks, invoices, etc. and she did our
payroll.

No one wants to bother her with work questions, just send her get well
cards & like that.
She now recovering, very slowly, on medical leave, return unknown.

In the early days:
We can't get into her voice mail from customers vendors government, God
knows all
We can't get into her e-mail.
We can't get into bank lock box.
There was also a problem with payroll, but HR lady had alternate way in
to
resolve that.

From one perspective, I am happy her security is better than I thought
it was.
The fact that there was all this stuff we could not get into said that
some
outsider probably also could not get in.

We have long lost admin documentation associated with company phone
system.

Ok, we contact the bank & get the password changed to what another
employee
will use.
The company network guy does something with her e-mail backup

After a month, I am given access to her e-mail, to resolve certain types
of
e-mail traffic.
God, for every good e-mail, she gets 10 spam.
I try to have a conversation with the e-mail manager about spam viruses
and
the spyware risk to key employees doing things like bank lockbox, but he

will only say
"Al, everyone gets spam, get over it."
Well at home, thanks to KNUJON, I have eliminated 99% of my spam ... I
now
get maybe 1 spam for every 100 good e-mails. No one believes me at the
office about this. They have all given up on fighting spam, except me.
It
is like before Y2K, sometimes I have to keep my mouth shut to avoid
undermining my credibility, when everyone has a different belief system
than me.

After 2 months, someone gets access to her phone mail.

Hi Al,


snip>
When someone's PC goes bananas, someone has to do tech support on it.
Or someone off sick & we need into their stuff.
That IT repair person has a master directory of the passwords used by
all
co-
workers to get onto company network, 400, e-mail, pin # for phone
messages,
the whole 9 yards, to facilitate that tech support.
I have seen that master list laying around in plain sight on IT
co-worker
desks.
<snip>

How do you get their passwords for their email, and network. Are they
required to send you a message whenever they change their password, and
if
so, how do you enforce this?





Thanx,

Nick



Nick Radich
Sr. Programmer/Analyst
EPC Molding, Inc.
Direct (320) 679-6683
Toll free (800) 388-2155 ext. 6683
Fax (320) 679-4516
nick_radich@xxxxxxxxxxxxxx
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.