Ethics and passwords

Laurent Gharda lgharda at linmin.com
Fri Aug 29 15:55:33 PDT 2008


Hi all,

I'm no sysadmin, but in my years as CEO of software companies, among the
persons I trusted most in my companies, were my sysadmins.

I'm shocked at this number and don't believe it. They're blowing smoke to
get attention...

I've had to make tough decisions, including letting people go, and the
sysadmins and HR worked hand in glove to coordinate giving the bad news to
the individuals, and revoking their credentials.

On rare occasions, I've had to let a sysadmin go (once) for performance
reasons (changing and not testing the changes, repeatedly, causing
disruption to my business; not validating backups, etc.), and even then,
there were no issues (all formal and "institutional" knowledge was
communicated), and there were no hard feelings.

I've always thought of sysadmins as attorneys (I mean this in a positive
way!), and feel an implicit "attorney-client" privilege. They are granted
the keys to the kingdom because they can be trusted.  Sysadmins I've known
have the highest code of ethics.

LKG


Laurent Gharda
CEO, www.LinMin.com

-----Original Message-----
From: owner-baylisa at baylisa.org [mailto:owner-baylisa at baylisa.org] On Behalf
Of Jennifer Davis
Sent: Friday, August 29, 2008 2:50 PM
To: baylisa at baylisa.org
Subject: Re: Ethics and passwords


 I think we should call out this company for an accounting of what their
survey really consisted of statistically:
http://www.cyber-ark.com/news-events/pr_20080827.asp  They note that
"Note: This survey was conducted at Infosecurity 2008- Europe's largest IT
security event".

Looking at the events information
(http://www.infosec.co.uk/page.cfm/link=13/GoSection=4):
    * 12,176 visitors in 2008
    * UK Visitors - 11,124
    * Overseas Visitors - 1,052
    * Cross over Visitors* - 1,713
    * Press - 283
    * 1212 visitors returned on Day 2 from Day 1, and 976 returned on Day 3
from Day 2 (total visitors really is 10463) 16% Director Level and Above
(1674) 18% IS/IT Management (1883) 11% General Management (1150) 18%
Technical Specialists (1883)
2%   Industry Analysts/Press (209)
13% Consultant (1360)
4%   Other (418)
18% Service Desk and IT Support Show Audience/Unspecified (1883) (my numbers
in () and just a guesstimate from above numbers and percentages)

It seriously puts down the profession as _being_ professional and
makes us sound like we are mostly criminals.   It isn't surprising
that the company is associated with "managing" highly sensitive information.
I wonder what product they are trying to sell to help companies deal with
this.

Friends have told me in the past, "Companies lie, don't get worked up about
it.  It's all part of their strategy."  I think it's crap.  I don't want to
do business with companies that lie.  This kind of lie is against the
_profession_ and the people who practice that profession.

Maybe USENIX/SAGE or LOPSA could put together a statistically significant
survey on this subject.

-- 
Jennifer Davis




More information about the Baylisa mailing list