× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-NONTECH
  3. April 2008

RE:

The application in question is not on the AS/400. Otherwise I could have gone in with master security officer, changed password known to someone else, then after person back from hospital, change again. After whoever is on, they can change password to something known only to them.

We have a small staff. Some departments are only one person.

Management had decided in distant past that
* some highly confidential data, related to social security #s, bank routing #s, money we pay various government agencies
* be accessible only by the accounting lady & certain high level managers

Further, the high level managers not learn how to access the data, they passed the buck to the accounting lady. When the doctor said, you have to go to the hospital NOW, not put this off until next week, her boss had been told a month in advance that tests were being done, and that surgery was a possibility.

This is like when I got called for jury duty. I knew a month in advance. I tried to arrange for other people to learn key tasks that I do, in case I got sequestered. The universal refrain was "Al, we too are swamped, can't do this also." The boss said most people who get called for jury duty are only there a day, and even if on the jury, you will not be too tired to put in a few hours each nite, and sequestering is extremely rare, so let's just hope for the best.

He was also hoping the surgery would go well, and the accounting lady would be back soon. Dream on. After a week of tests, the surgery has been postponed 2 weeks. She is now telling the boss that the doctors estimate that it will be 4 to 6 weeks after surgery before she can return to work.

After she was gone to hospital, the boss had me hunt high and low in her office for her written how to instructions how to do certain tasks. She had laid them on his desk. He did not know they were there. I now have a photocopy, which I have suppliemented by trying out various tasks. Ultimately I may have to teach someone else how to do some of these tasks.

Bottom line, even though the corporate owners have a list of people who are allowed to have access to certain data, and the IT guys are not on that list, allowances have to be made in circumstances like this. There is a flaw in the security planning. They are well aware of it. It is not getting fixed. However, we are getting an increase in network capacity, so after that installation completed, I will bring up the issue again.

There's other depts I am less involved with. New QC person comes & shows me a report the prior QC person had ... how do I get this? Turns out the ne new QC person got a new state of art PC, the prior one was demolished for spare parts. It had included software the old QC person had aquired to do the job, that was no place except on the QC person PC.

I think the core problems are that EVERYONE, including management, is swamped with work, and with turnover of top managers, who do not have time for education in the tools we use to do the job, the top managers do not know what THEY are missing, and thus also do not know what their people are missing, so continuing education budget gutted, and over time, the work force knows less and less about what is prudent practices.

In this day and time, why would anyone be allowed to store anything on
their personal hard drive that is business critical? Everyone is our
organization is required to store their work on shared network drives
that are departmentally segregated. No one should ever need another
person's password if data management is handled correctly.


John Arnold
(301) 354-2939


-----Original Message-----
From: Al Mac Wheel
Sent: Monday, April 07, 2008 10:18 PM
To: Non-Technical Discussion about the AS400 / iSeries
Subject: Re:

There's also the burden of proof which person actually made the
programming updates.

We had an employee off sick & needed to get into her PC password.
I think there's a real serious flaw in audit trails when some other
person is in there using the name of the person the PC is normally used
by.
An IT collegue said THIS IS WHY he needs to know everyone's passwords,
and hates my practice of changing master security passwords every few
months.

There's also the issue of code that might be legal at one time in
history.
We write programs based on today reality, then reality changes, and we
nmay be oblivious to what software is affected.
Are the tax rates correctly computed & updated when the tax rates
change?

>I suspect there would be a burden of proof to prove that the programmer

>knew it was a crime, and that he intended to commit a crime. The paper

>trail could become very important in that regard.
>
>
>
>Gary Monnier wrote:
> > I would hope you are correct but, I do not know for certain. If a
> > programmer is directed to write code that violates the law and the
> > code is discovered is the programmer culpable? I suspect the courts

> > would say yes but again, I do not know for certain.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.