Feeds

BOFH takes a leaf from Captain Kirk's log

New recruit lost on unexplored planet

  • alert
  • submit to reddit

Application security programs and practises

Episode 6 It's always the new guy that starts the trouble. OK, that's not entirely true - very occasionally it's the sleeper who's been happily working away in the company for years who suddenly gets his activation signal - but mostly it's the new guys.

"I now know why Kirk always sent the new guy down to visit the unexplored planet," I tell the PFY as I open the latest memo.

"He didn't always send the new guy," the PFY counters, showing some closet trekkie traits.

"But when he did, what happened to the new guy?"

"They usually never came back."

"That's right. Because Kirk could SPOT A TROUBLEMAKER A MILE AWAY!"

"Yes" the PFY says both dryly and doubtfully.

"Ok, pop quiz. There's a new guy in HR with no redundancies to hand out and no pay rises to veto. What's he going to do to make sure that it looks like he's working?"

"Shuffle papers?"

"No, that's a dead giveaway. He's bored and looking for a way to ensure his name's at the top of the list come promotion time...."

"Uh..."

"There are two common ways to distinguish yourself, either a. by having a fantastic innovative idea which makes the company a better place to work in, or b. taking someone down for some petty violation of a policy that's impossible to implement. And if you can combine both by taking down someone who may have massaged a couple of rules regarding personal disclosure, all the better"

"What do you mean?"

I hand the memo over.

"He wants to see our Data Security Policy document, so what?"

"Get it for me will you?"

"Sure, where is it?"

"And THAT is the problem. If you read on, they also want to see our Disclosure to the Media Policy and Personal Privacy Policy Documents."

"So?"

"So we haven't got them. And as contractors we're required to have them available to the company."

"Oh. How come they've never asked before?"

"Because no one cares. Yes, they care about data security and personal privacy, but they don't want to see a policy documents about them - they'd just like to know that we have a code somewhere which we adhere to."

"And the new guy knows we don't have them?"

"Who knows? He might just be good at his job or he could just be a dyed-in-the-hemp privacy loving hippy. We won't know till we go to the meeting."

"Meeting?"

"Yes, meeting. "See," I say, tapping my memo. "You got one of these memos too, as did the contract DBA."

...Later that day...

"Ok, so I've been looking at your policy documents and just have a few questions," the new HR guy says.

"Mmm?"

"For a start, they're all the same."

"Yes, we agreed to combine our efforts to produce the documents."

"Two years ago," the DBA adds - as rehearsed.

"Uh-huh," the HR person comments. "I note that these contracts look a lot like ones available on the internet. In fact, the section on 'Non-disclosure of personal information' happened upon in the course of your work' is word for word the same as found on this website.

"Really? Great minds must just think alike."

"Which would mean that you'd be able to answer questions on a section at random?"

"Uh...not verbatim responses, but the gist of the document, yes."

"So what about >flip< >flip< Section 4 - Non-Disclosure, subsection B: You observe the actions of an employee which may or may not be part of their work during a period of the day which might be personal time. Under what circumstances would it be permissible to communicate these actions to a fellow employee?"

"You mean if someone's probably on work time, probably arsing around - and we see it - could we tell their Boss?" the PFY asks.

"That's one possible interpretation, yes."

"Sure."

"No you can't," the HR geek counters.

"What?"

"You can't communicate it because a. it's potentially their personal time and b. it's potentially unrelated to work. If there's any ambiguity privacy must be maintained."

"It doesn't say that in our document."

"Then I suggest you update your document."

"Ok. >tap< There we go." the PFY says tapping away at his PDA then pointing it at the infrared receiver on the printer in the corner "New revision, coming up."

>Whirr<

. . .

"Yes, that's better" he says. "And one final question - where are the publicly available copies of these documents?"

"Sorry?" I ask, getting a little testy.

"As part of your contract you're required to have copies of these document publicly available for perusal by staff. Not doing so - well, that would be a breach of your contract" he smiles evilly.

...can't...stop...the...voices...

"No problem," I respond. "They're kept in the documents room in the basement."

"Really - how's about I go and check on them now?"

"I...well, it's afternoon tea time - why not?"

...Later, in the basement..

>ring< >ring< >ring< >ring< >ring< >ring<

"Hello?" the HR guy gasps.

"Hi, I just thought I'd see if you'd located those documents?" I ask.

"You're for it! There's no documents down here - just an empty filing cabinet and a phone which won't make outgoing calls."

"Really?" I gasp, going for the shocked reaction.

"And the door handle on this side of the door is broken!"

"Really - I'll pop down and let you out. But wait! You've got the only key!"

"Ring the buildings people."

"Good idea! But wait! You went down there at afternoon tea time."

"So?"

"Well that would potentially be your personal time. I... couldn't tell anyone."

"IT'S NOT MY PERSONAL TIME!!!" the HR geek cries.

"Yeah...but I'm feeling a bit ambiguous about this..."

...

"So how long so we leave him down there before we slip the resignation form under the door?" the PFY asks.

"I'm thinking almost to the drinking-your-own-urine stage..."

"This time tomorrow then?"

"Yeah!" ®

Eight steps to building an HP BladeSystem

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
SHOCK and AWS: The fall of Amazon's deflationary cloud
Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.