Feeds

BOFH takes a leaf from Captain Kirk's log

New recruit lost on unexplored planet

  • alert
  • submit to reddit

Mobile application security vulnerability report

Episode 6 It's always the new guy that starts the trouble. OK, that's not entirely true - very occasionally it's the sleeper who's been happily working away in the company for years who suddenly gets his activation signal - but mostly it's the new guys.

"I now know why Kirk always sent the new guy down to visit the unexplored planet," I tell the PFY as I open the latest memo.

"He didn't always send the new guy," the PFY counters, showing some closet trekkie traits.

"But when he did, what happened to the new guy?"

"They usually never came back."

"That's right. Because Kirk could SPOT A TROUBLEMAKER A MILE AWAY!"

"Yes" the PFY says both dryly and doubtfully.

"Ok, pop quiz. There's a new guy in HR with no redundancies to hand out and no pay rises to veto. What's he going to do to make sure that it looks like he's working?"

"Shuffle papers?"

"No, that's a dead giveaway. He's bored and looking for a way to ensure his name's at the top of the list come promotion time...."

"Uh..."

"There are two common ways to distinguish yourself, either a. by having a fantastic innovative idea which makes the company a better place to work in, or b. taking someone down for some petty violation of a policy that's impossible to implement. And if you can combine both by taking down someone who may have massaged a couple of rules regarding personal disclosure, all the better"

"What do you mean?"

I hand the memo over.

"He wants to see our Data Security Policy document, so what?"

"Get it for me will you?"

"Sure, where is it?"

"And THAT is the problem. If you read on, they also want to see our Disclosure to the Media Policy and Personal Privacy Policy Documents."

"So?"

"So we haven't got them. And as contractors we're required to have them available to the company."

"Oh. How come they've never asked before?"

"Because no one cares. Yes, they care about data security and personal privacy, but they don't want to see a policy documents about them - they'd just like to know that we have a code somewhere which we adhere to."

"And the new guy knows we don't have them?"

"Who knows? He might just be good at his job or he could just be a dyed-in-the-hemp privacy loving hippy. We won't know till we go to the meeting."

"Meeting?"

"Yes, meeting. "See," I say, tapping my memo. "You got one of these memos too, as did the contract DBA."

...Later that day...

"Ok, so I've been looking at your policy documents and just have a few questions," the new HR guy says.

"Mmm?"

"For a start, they're all the same."

"Yes, we agreed to combine our efforts to produce the documents."

"Two years ago," the DBA adds - as rehearsed.

"Uh-huh," the HR person comments. "I note that these contracts look a lot like ones available on the internet. In fact, the section on 'Non-disclosure of personal information' happened upon in the course of your work' is word for word the same as found on this website.

"Really? Great minds must just think alike."

"Which would mean that you'd be able to answer questions on a section at random?"

"Uh...not verbatim responses, but the gist of the document, yes."

"So what about >flip< >flip< Section 4 - Non-Disclosure, subsection B: You observe the actions of an employee which may or may not be part of their work during a period of the day which might be personal time. Under what circumstances would it be permissible to communicate these actions to a fellow employee?"

"You mean if someone's probably on work time, probably arsing around - and we see it - could we tell their Boss?" the PFY asks.

"That's one possible interpretation, yes."

"Sure."

"No you can't," the HR geek counters.

"What?"

"You can't communicate it because a. it's potentially their personal time and b. it's potentially unrelated to work. If there's any ambiguity privacy must be maintained."

"It doesn't say that in our document."

"Then I suggest you update your document."

"Ok. >tap< There we go." the PFY says tapping away at his PDA then pointing it at the infrared receiver on the printer in the corner "New revision, coming up."

>Whirr<

. . .

"Yes, that's better" he says. "And one final question - where are the publicly available copies of these documents?"

"Sorry?" I ask, getting a little testy.

"As part of your contract you're required to have copies of these document publicly available for perusal by staff. Not doing so - well, that would be a breach of your contract" he smiles evilly.

...can't...stop...the...voices...

"No problem," I respond. "They're kept in the documents room in the basement."

"Really - how's about I go and check on them now?"

"I...well, it's afternoon tea time - why not?"

...Later, in the basement..

>ring< >ring< >ring< >ring< >ring< >ring<

"Hello?" the HR guy gasps.

"Hi, I just thought I'd see if you'd located those documents?" I ask.

"You're for it! There's no documents down here - just an empty filing cabinet and a phone which won't make outgoing calls."

"Really?" I gasp, going for the shocked reaction.

"And the door handle on this side of the door is broken!"

"Really - I'll pop down and let you out. But wait! You've got the only key!"

"Ring the buildings people."

"Good idea! But wait! You went down there at afternoon tea time."

"So?"

"Well that would potentially be your personal time. I... couldn't tell anyone."

"IT'S NOT MY PERSONAL TIME!!!" the HR geek cries.

"Yeah...but I'm feeling a bit ambiguous about this..."

...

"So how long so we leave him down there before we slip the resignation form under the door?" the PFY asks.

"I'm thinking almost to the drinking-your-own-urine stage..."

"This time tomorrow then?"

"Yeah!" ®

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
THUD! WD plonks down SIX TERABYTE 'consumer NAS' fatboy
Now that's a LOT of porn or pirated movies. Or, you know, other consumer stuff
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
FLAPE – the next BIG THING in storage
Find cold data with flash, transmit it from tape
Seagate chances ARM with NAS boxes for the SOHO crowd
There's an Atom-powered offering, too
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.