Feeds

BOFH takes a leaf from Captain Kirk's log

New recruit lost on unexplored planet

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Episode 6 It's always the new guy that starts the trouble. OK, that's not entirely true - very occasionally it's the sleeper who's been happily working away in the company for years who suddenly gets his activation signal - but mostly it's the new guys.

"I now know why Kirk always sent the new guy down to visit the unexplored planet," I tell the PFY as I open the latest memo.

"He didn't always send the new guy," the PFY counters, showing some closet trekkie traits.

"But when he did, what happened to the new guy?"

"They usually never came back."

"That's right. Because Kirk could SPOT A TROUBLEMAKER A MILE AWAY!"

"Yes" the PFY says both dryly and doubtfully.

"Ok, pop quiz. There's a new guy in HR with no redundancies to hand out and no pay rises to veto. What's he going to do to make sure that it looks like he's working?"

"Shuffle papers?"

"No, that's a dead giveaway. He's bored and looking for a way to ensure his name's at the top of the list come promotion time...."

"Uh..."

"There are two common ways to distinguish yourself, either a. by having a fantastic innovative idea which makes the company a better place to work in, or b. taking someone down for some petty violation of a policy that's impossible to implement. And if you can combine both by taking down someone who may have massaged a couple of rules regarding personal disclosure, all the better"

"What do you mean?"

I hand the memo over.

"He wants to see our Data Security Policy document, so what?"

"Get it for me will you?"

"Sure, where is it?"

"And THAT is the problem. If you read on, they also want to see our Disclosure to the Media Policy and Personal Privacy Policy Documents."

"So?"

"So we haven't got them. And as contractors we're required to have them available to the company."

"Oh. How come they've never asked before?"

"Because no one cares. Yes, they care about data security and personal privacy, but they don't want to see a policy documents about them - they'd just like to know that we have a code somewhere which we adhere to."

"And the new guy knows we don't have them?"

"Who knows? He might just be good at his job or he could just be a dyed-in-the-hemp privacy loving hippy. We won't know till we go to the meeting."

"Meeting?"

"Yes, meeting. "See," I say, tapping my memo. "You got one of these memos too, as did the contract DBA."

...Later that day...

"Ok, so I've been looking at your policy documents and just have a few questions," the new HR guy says.

"Mmm?"

"For a start, they're all the same."

"Yes, we agreed to combine our efforts to produce the documents."

"Two years ago," the DBA adds - as rehearsed.

"Uh-huh," the HR person comments. "I note that these contracts look a lot like ones available on the internet. In fact, the section on 'Non-disclosure of personal information' happened upon in the course of your work' is word for word the same as found on this website.

"Really? Great minds must just think alike."

"Which would mean that you'd be able to answer questions on a section at random?"

"Uh...not verbatim responses, but the gist of the document, yes."

"So what about >flip< >flip< Section 4 - Non-Disclosure, subsection B: You observe the actions of an employee which may or may not be part of their work during a period of the day which might be personal time. Under what circumstances would it be permissible to communicate these actions to a fellow employee?"

"You mean if someone's probably on work time, probably arsing around - and we see it - could we tell their Boss?" the PFY asks.

"That's one possible interpretation, yes."

"Sure."

"No you can't," the HR geek counters.

"What?"

"You can't communicate it because a. it's potentially their personal time and b. it's potentially unrelated to work. If there's any ambiguity privacy must be maintained."

"It doesn't say that in our document."

"Then I suggest you update your document."

"Ok. >tap< There we go." the PFY says tapping away at his PDA then pointing it at the infrared receiver on the printer in the corner "New revision, coming up."

>Whirr<

. . .

"Yes, that's better" he says. "And one final question - where are the publicly available copies of these documents?"

"Sorry?" I ask, getting a little testy.

"As part of your contract you're required to have copies of these document publicly available for perusal by staff. Not doing so - well, that would be a breach of your contract" he smiles evilly.

...can't...stop...the...voices...

"No problem," I respond. "They're kept in the documents room in the basement."

"Really - how's about I go and check on them now?"

"I...well, it's afternoon tea time - why not?"

...Later, in the basement..

>ring< >ring< >ring< >ring< >ring< >ring<

"Hello?" the HR guy gasps.

"Hi, I just thought I'd see if you'd located those documents?" I ask.

"You're for it! There's no documents down here - just an empty filing cabinet and a phone which won't make outgoing calls."

"Really?" I gasp, going for the shocked reaction.

"And the door handle on this side of the door is broken!"

"Really - I'll pop down and let you out. But wait! You've got the only key!"

"Ring the buildings people."

"Good idea! But wait! You went down there at afternoon tea time."

"So?"

"Well that would potentially be your personal time. I... couldn't tell anyone."

"IT'S NOT MY PERSONAL TIME!!!" the HR geek cries.

"Yeah...but I'm feeling a bit ambiguous about this..."

...

"So how long so we leave him down there before we slip the resignation form under the door?" the PFY asks.

"I'm thinking almost to the drinking-your-own-urine stage..."

"This time tomorrow then?"

"Yeah!" ®

Beginner's guide to SSL certificates

More from The Register

next story
Docker's app containers are coming to Windows Server, says Microsoft
MS chases app deployment speeds already enjoyed by Linux devs
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
'Urika': Cray unveils new 1,500-core big data crunching monster
6TB of DRAM, 38TB of SSD flash and 120TB of disk storage
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
SDI wars: WTF is software defined infrastructure?
This time we play for ALL the marbles
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
Oracle hires former SAP exec for cloudy push
'We know Larry said cloud was gibberish, and insane, and idiotic, but...'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.