Must not have to deal with any auditors at many levels in that company.
"Wintermute,
Sharon"
<Sharon.Wintermut To
e@xxxxxxxxxxxxxxx "Midrange Systems Technical
m> Discussion"
Sent by: <midrange-l@xxxxxxxxxxxx>
midrange-l-bounce cc
s@xxxxxxxxxxxx
Subject
RE: How do you manage your QSECOFR
08/12/2008 11:38 profile and other Q profiles?
AM
Please respond to
Midrange Systems
Technical
Discussion
<midrange-l@midra
nge.com>
And your company is willing to live with this? Amazing.
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Al Mac Wheel
Sent: Tuesday, August 12, 2008 9:54 AM
To: Midrange Systems Technical Discussion
Subject: Re: How do you manage your QSECOFR profile and other Q
profiles?
In summary, we have a mess.
Top management not get involved unless there is a crisis of some kind,
so
consequently we do not have a security policy, just some rules passed
down
from current and former managers.
The guy who fixes stuff outside the 400 ... he would be happy if no one
ever changed any passwords.
Me, I think passwords should be changed
(a) in association with turn-over of key employees
(b) more often, because sometimes before key people are known to be
leaving, they could be plotting
and I believe there should be systems in place where people passwords
stored in such a way that in an emergency authorize company personnel
can
get into co-worker stuff ... I am now moving towards the notion that
this
should be managed by HR, because historically, that dept personnel has
been
the most serious about managing confidential data.
A recent mess:
A key employee SUDDENLY left due to medical emergency.
One day at work, next day in hospital.
She handled all contact with customers & vendors in association with
accounting for cash payments, checks, invoices, etc. and she did our
payroll.
No one wants to bother her with work questions, just send her get well
cards & like that.
She now recovering, very slowly, on medical leave, return unknown.
In the early days:
We can't get into her voice mail from customers vendors government, God
knows all
We can't get into her e-mail.
We can't get into bank lock box.
There was also a problem with payroll, but HR lady had alternate way in
to
resolve that.
From one perspective, I am happy her security is better than I thought
it was.
The fact that there was all this stuff we could not get into said that
some
outsider probably also could not get in.
We have long lost admin documentation associated with company phone
system.
Ok, we contact the bank & get the password changed to what another
employee
will use.
The company network guy does something with her e-mail backup
After a month, I am given access to her e-mail, to resolve certain types
of
e-mail traffic.
God, for every good e-mail, she gets 10 spam.
I try to have a conversation with the e-mail manager about spam viruses
and
the spyware risk to key employees doing things like bank lockbox, but he
will only say
"Al, everyone gets spam, get over it."
Well at home, thanks to KNUJON, I have eliminated 99% of my spam ... I
now
get maybe 1 spam for every 100 good e-mails. No one believes me at the
office about this. They have all given up on fighting spam, except me.
It
is like before Y2K, sometimes I have to keep my mouth shut to avoid
undermining my credibility, when everyone has a different belief system
than me.
After 2 months, someone gets access to her phone mail.
Hi Al,
snip>
When someone's PC goes bananas, someone has to do tech support on it.
Or someone off sick & we need into their stuff.
That IT repair person has a master directory of the passwords used by
all
co-
workers to get onto company network, 400, e-mail, pin # for phone
messages,
the whole 9 yards, to facilitate that tech support.
I have seen that master list laying around in plain sight on IT
co-worker
desks.
<snip>
How do you get their passwords for their email, and network. Are they
required to send you a message whenever they change their password, and
if
so, how do you enforce this?
Thanx,
Nick
Nick Radich
Sr. Programmer/Analyst
EPC Molding, Inc.
Direct (320) 679-6683
Toll free (800) 388-2155 ext. 6683
Fax (320) 679-4516
nick_radich@xxxxxxxxxxxxxx
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/midrange-l.
_____________________________________________________________________________
Scanned by IBM Email Security Management Services powered by MessageLabs.
For more information please visit
http://www.ers.ibm.com
_____________________________________________________________________________
As an Amazon Associate we earn from qualifying purchases.