can anyone help me on this....

dinu23 · 04-03-2006, 08:35 PM

I have a debate on the foolowing scenario:

A manager in a computer facility quit her job and went into business as a consultant.
She had been frustrated because she thought that her employer ignored her many
suggestions for needed improvements, including better security to protect data and
programs stored in a large multi-access computer system. While employed by the
company she had authorised password access to all parts of the system. At
termination, the company did not tell her that she was no longer authorised to use the
system, and did not invalidate her password.
She later returned to the company, offering her consultancy services to assist with
improving computer security. The offer was refused. She then used her knowledge
of the system and her former password to gain access to the computer from her new
office and downloaded large quantities of data and programs for the only purpose of
presenting them to the company to demonstrate to them that their operation was
insecure.

can anyone help me to identify the points I can use to say that this practice is appropriate and not appropriate?

thanks.

benchmark00 · 04-03-2006, 08:52 PM

The issue is largely internal control and who and who should not have access to a companys systems. Off the top of my head (going back to my business degree days) the principles of internal control are: establishment of responsibility, physical, mechanical and electronic controls, segregation of duties, independent internal verification and document procedures.

You can discuss them then talk about ethical behaviour. I take it this is for a business subject?

age_master · 04-03-2006, 09:11 PM

she certainly has a point about their security if employees dont get access revoked on separation

dinu23 · 04-03-2006, 11:16 PM

Quote:

Originally Posted by benchmark00

The issue is largely internal control and who and who should not have access to a companys systems. Off the top of my head (going back to my business degree days) the principles of internal control are: establishment of responsibility, physical, mechanical and electronic controls, segregation of duties, independent internal verification and document procedures.

You can discuss them then talk about ethical behaviour. I take it this is for a business subject?

actually this is for computer ethics. our lecturer came up with this 'brilliant' idea to test us by holding debates on various scenarios.

anyway, thanks for ur help, mate. I'll look up on principles of internal control.

dinu23 · 04-03-2006, 11:19 PM

Quote:

Originally Posted by age_master

she certainly has a point about their security if employees dont get access revoked on separation

indeed. anyway, why would she want to help them if they rejected her ideas in the first place. she should have stayed home, relax and let some hacker ruin that company.

cpr · 05-03-2006, 09:09 AM

My personal interpretation of it.

Quote:

Originally Posted by dinu23

. At termination, the company did not tell her that she was no longer authorised to use the system, and did not invalidate her password.

I think it should be implied that on termination of contract, all rights and priveledges in the original contract are terminated with it. So the right to use the system is removed as soon as the contract ends. Although the company is acting carelessly, it is still acting in a appropriate manner (the password might be deleted at a date more convenient for the company, explaining why its left on for the time being)

Quote:

Originally Posted by dinu23

She later returned to the company, offering her consultancy services to assist with
improving computer security. The offer was refused. She then used her knowledge
of the system and her former password to gain access to the computer from her new
office

The company has declined her help. They have made a conscious decision not to allow her to improve security. Also when they told her she is not to help, they have declined her access to their computers for the purpose of upgrading security. therefore if any debate about her right to use her password still hung in the balance, it should be solved now. Therefore she has no right to ignore the companies request and use the companies system when they have told her she cannot, and is acting completely inappropriately, and i dare say outside the bounds of the law.

Quote:

Originally Posted by dinu23

and downloaded large quantities of data and programs for the only purpose of
presenting them to the company to demonstrate to them that their operation was
insecure.

Still her actions are inappropriate, despite the attempt to explain them. The appropriate way for her to act would be to list what she could do. Present it clearly to the company without actually doing it, and let them decide the best course of action. She should not force the companies hand or disregard the wish of the system owners

squeakyclean · 05-03-2006, 09:12 AM

The fact that she's a woman is incredibly inappropriate. Females do not belong in the workplace.

sledger · 05-03-2006, 09:16 AM

then where do they belong ?

squeakyclean · 05-03-2006, 09:20 AM

In the kitchen cooking me dinner, or in the hospital birthing my children. Women are objects.

sledger · 05-03-2006, 09:23 AM

what kind of objects?

squeakyclean · 05-03-2006, 09:25 AM

Barely animate objects.

James · 05-03-2006, 12:27 PM

Quote:

Originally Posted by squeakyclean

In the kitchen cooking me dinner, or in the hospital birthing my children. Women are objects.

We've given you countless warnings and you continue to just try and cause trouble...

Bye!

vic_orthdox · 05-03-2006, 09:08 PM

Quote:

Originally Posted by squeakyclean

In the kitchen cooking me dinner, or in the hospital birthing my children...

...or for consoling you after you get banned from an internet forum...

dinu23 · 06-03-2006, 03:28 AM

Quote:

Originally Posted by cpr

My personal interpretation of it.

I think it should be implied that on termination of contract, all rights and priveledges in the original contract are terminated with it. So the right to use the system is removed as soon as the contract ends. Although the company is acting carelessly, it is still acting in a appropriate manner (the password might be deleted at a date more convenient for the company, explaining why its left on for the time being)

The company has declined her help. They have made a conscious decision not to allow her to improve security. Also when they told her she is not to help, they have declined her access to their computers for the purpose of upgrading security. therefore if any debate about her right to use her password still hung in the balance, it should be solved now. Therefore she has no right to ignore the companies request and use the companies system when they have told her she cannot, and is acting completely inappropriately, and i dare say outside the bounds of the law.

Still her actions are inappropriate, despite the attempt to explain them. The appropriate way for her to act would be to list what she could do. Present it clearly to the company without actually doing it, and let them decide the best course of action. She should not force the companies hand or disregard the wish of the system owners

some valuable info. there. Thanks mate.

PY · 06-03-2006, 04:03 AM

Quote:

Originally Posted by vic_orthdox

...or for consoling you after you get banned from an internet forum...

Cool kid.

04-03-2006, 08:35 PM	#1 (permalink)
dinu23 International Debutant Join Date: Nov 2004 Location: Colombo,Sri Lanka Posts: 2,199	can anyone help me on this.... I have a debate on the foolowing scenario: A manager in a computer facility quit her job and went into business as a consultant. She had been frustrated because she thought that her employer ignored her many suggestions for needed improvements, including better security to protect data and programs stored in a large multi-access computer system. While employed by the company she had authorised password access to all parts of the system. At termination, the company did not tell her that she was no longer authorised to use the system, and did not invalidate her password. She later returned to the company, offering her consultancy services to assist with improving computer security. The offer was refused. She then used her knowledge of the system and her former password to gain access to the computer from her new office and downloaded large quantities of data and programs for the only purpose of presenting them to the company to demonstrate to them that their operation was insecure. can anyone help me to identify the points I can use to say that this practice is appropriate and not appropriate? thanks.

04-03-2006, 09:11 PM	#3 (permalink)
age_master Hall of Fame Member Join Date: Nov 2001 Location: Sydney, NSW, Australia Posts: 15,777	she certainly has a point about their security if employees dont get access revoked on separation __________________ Member of CW Green Kerry O'Keefe - Worlds funniest Commentator

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

05-03-2006, 09:12 AM	#7 (permalink)
squeakyclean Banned Join Date: Nov 2005 Location: Camelford, Cornwall Posts: 91	The fact that she's a woman is incredibly inappropriate. Females do not belong in the workplace.

05-03-2006, 09:16 AM	#8 (permalink)
sledger Spanish_Vicente Join Date: Aug 2004 Location: cricsim, lol Posts: 28,129	then where do they belong ?

05-03-2006, 09:20 AM	#9 (permalink)
squeakyclean Banned Join Date: Nov 2005 Location: Camelford, Cornwall Posts: 91	In the kitchen cooking me dinner, or in the hospital birthing my children. Women are objects.

05-03-2006, 09:23 AM	#10 (permalink)
sledger Spanish_Vicente Join Date: Aug 2004 Location: cricsim, lol Posts: 28,129	what kind of objects?

05-03-2006, 09:25 AM	#11 (permalink)
squeakyclean Banned Join Date: Nov 2005 Location: Camelford, Cornwall Posts: 91	Barely animate objects.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)