Security Basics mailing list archives
Re: Policy Violations
From: aaa.bbb () ccc com
Date: Mon, 4 May 2009 13:49:41 -0600
It depends ... Yah, I know that answer sucks, but it is the only one possible. It depends on the constraints you are under. Legal and contract constraints are the 2 main ones. Some countries have employment legislation that specifically limits what you can do. Or your actions could be limited by terms of a union contract. That being said, typically there is provision for increasing intensity of actions. Verbal reprimand by immediate manager, verbal and recorded in personnel record reprimand, suspension (paid or unpaid) and termination. These graduated sanctions would be applied for "minor" violations, giving the offender the opportunity to reform. However there would also be specific violations that would lead to sanctions higher up on the scale or even immediate termination. The current common example of a "termination" violation is the people who have been fired for unauthorized access to sensitive personal information, ie Health and Passport records. Typically, an overall Information (computer) Security Policy would describe the range of sanctions that could be applied. Then in specific policies you would include a phrase along the lines of ..."Violations of this policy will result in sanctions up to and including termination" or "Violations of this policy will lead to immediate termination" to make the point absolutely clear for specific firing policy violations. Sometimes the sanctions will be specified or strongly suggest, for you by legislation ie HIPA, or by public perception as in the lately revealed cases of snooping in polititian or prominent people's private information. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Policy Violations John D (May 04)
- Message not available
- Re: Policy Violations John D (May 05)
- Message not available
- Re: Policy Violations Stephen Mullins (May 11)
- <Possible follow-ups>
- Re: Policy Violations aaa . bbb (May 05)
- Re: Policy Violations aaa . bbb (May 05)