[sclug] sclug Digest, Vol 93, Issue 12

[Neil Haughton]

>
> Hi Jacqui,
>



> ---------- Forwarded message ----------
> From: Jacqui Caren-home <jacqui.caren at ntlworld.com>
> To: sclug at sclug.org.uk
> Date: Tue, 21 Jun 2011 11:19:06 +0100
> Subject: Re: [sclug] Locking down
> On 21/06/2011 08:42, Neil Haughton wrote:
>
>>  A pollicy (we have one anyway) and logging is going to be no use in the
>> scenario my seniors are trying to hedge against: that is, the willful and
>> secretive absconding with the source code. For example, our policy clearly
>> prohibits 'inappropriate' website access, yet a long serving and very
>> trusted member of staff was sacked a year or so ago for downloading some
>> pretty salacious stuff in his lunchbreaks. Okay, there was no harm to the
>> business in that (part from the nasty virus he inadvertently introduced to
>> the intranet) but it shows the paradox that you can't be certain that the
>> people you trust are trustworthy.
>>
>
> I am not sure the above makes a lot of sense. Employees have value to the
> business.
> A "bit of stupidity" by an employee could lead to dismissal but you say the
> damage
> to the business was negligible. If what he did was illegal then the police
> shoud have
> been called in.
>



>
> I dislike the "management by fear" handbook - and "making an example of
> him" is
> self defeating in the long term as the sort of staff you want to attract
> will
> start to avoid you, leading to the hire of less and less reliable/loyal
> staff.
>
> Jacqui
>

It was child pornography, the real thing. And the police were called in. And
my guess is that are very few businesses who would continue to employ
someone engaged in such activities on their premises, if only to avoid
suggestions of complicity. Now I'm as liberal as the next person and firmly
believe that one's private life is not one's employer's business, but if an
employee at the same time explicitly breaks both his conditions of contract
and the law, I don't see that dismissing him/her is 'management by fear'.
Let's get real.



> p.s. If you are that worried about theft of code, you should start with the
> cleaners.
> All it takes is a few 20 minute sessions to get into most networks unless
> you have
> draconian security - monitored full site CCTV, physically secured desktop
> systems,
>

Our cleaners are nice young Polish girls. It is unlikely that they are even
aware of what they could pinch, apart from the fact that they are rarely
there alone.

None of which detracts from the central point that I am well aware that a
sufficiently skilled and determined team could breach any security that we
care to put up (you could nick the Crown Jewels if you set your mind to it,
not to mention the US gold reserves), but what my employers would like to
achieve is to make it so damn difficult that it would take a such
a sufficiently skilled and determined team, considerable planning, and a lot
of luck.

Or as John has mentioned, they could go open source - but I just can't see
that happening.
.

> shielded/caged walls and windows, personal lockers for staff and pat downs
> etc.
>
> I worked for Cray and thier old building had shielded exterior walls and
> "gilded"
> windows, cctv, physical security (no pat downs but marconi used to
> selectively pat
> down staff) but Cray cleaning staff still managed to crash desktop systems
> (by
> accident I may add).
>
> Also I doubt source code is that valuable - I could probably re-code half
> the projects
> I have worked on the past 15 or so years from scratch - probably better
> second time around
> at much lower cost. Algorithms, concepts and hidden "shortcuts" which are
> now in staffs
> noggins are usually the most valuable things to lose.
>
>
> You probably could - but would you? And how long would that take? This is
30 man-years' work. Even doing it at 5 times the speed second time round
(and what makes you think you could do it faster than the original
developers without the spec and current code?) means that it would take you
6 years. Let me know when you're done. :-)

Neil.