I am in a leadership position within my company, and have a strong IT background (managed an AS-400 when mainframes were still around) but no longer have the role of IT management (I have telecom and telecom integration).
The owners my organization are somewhat naive and trusting with regard to information security and I have some real concerns regarding the security and use of our corporate data.
The IT manager for our organization is an individual with very little formal training in the management of information. He learned networking from reading books, and building a network in his house and his hardware expertise is pretty good. Whenever you ask him a question about applications or networking or honestly anything... this person gets "diahrea of the mouth" and starts slinging around technical jargon emphasized by terms like "my network". Having over 15 years of industry expertise, however, I have learned "technogy as a second language" and speak and converse in it fluently. Much of what he says makes no sense at all and there is little logic to his statements. Quite frankly, I think I scare the crap out of this guy, and he won't let me anywhere near the network. He reports to the CFO of our company, who has absolutely no interest or knowledge of the IT field. Basically, there are no checks and balances, no reports, and no oversite with regard to how he uses the information, or what he does with it.
There have been periods of time when he and I have been at cross-purposes and my Outlook would change viewing methods overnight or my defaults would all be different the morning after I decided to close and lock my door. There was an occasion when I was on vacation last year, in the godforsaken jungle (with a coworker)that I received a read receipt for an e-mail sent to this coworker during the time we were away with nothing but monkeys to grant us access to e-mail. The last time I was away (this past March), he took it upon himself to copy my entire home directory to DVD, and delete it from the server. I do not have a DVD reader on my local PC. When I got in I could not access any of my data and when I asked when it would be made available to me (after several hours of NO response), he said he was eating and he would get to it after lunch (it was a really long lunch that lasted till 4:00PM). I spent four days exclusively trying to recover this data, but there were lots of recording errors and I have only been able to retrieve 30% of my data. In my opinion NO I.T. PERSON IN THE WORLD SHOULD HAVE THAT MUCH CONTROL or AUTONOMY!
He has VNC loaded on the network and it was loaded locally on my PC several months ago, but I removed it the same day it was installed.
His method of data security is to perform back-ups at midnight take that tape and put it into a firesafe (which is only safe up to one hour in a fire). He keeps the most current tapes on-site and after 7 days takes the tapes home to his house and he keeps them there for 6 months.
I AM VERY CONCERNED THAT THIS INDIVIDUAL IS IN CHARGE OF ALL THE DATA FOR MY ORGANIZATION. I NEED TO FIND A WAY TO DELIVER PROOF OF IMPROPIETY TO THE OWNERS OF MY COMPANY SO THEY WILL AGREE TO HIRE A SECURITY CONSULTING FIRM TO ASSESS OUR NETWORK. If I am wrong or severely paranoid, I will be happy to accept that, but I would rather be wrong than imagine the ramifications if I am right. Do you have any suggestions for me? Or are you all asleep from this book I wrote?
The owners my organization are somewhat naive and trusting with regard to information security and I have some real concerns regarding the security and use of our corporate data.
The IT manager for our organization is an individual with very little formal training in the management of information. He learned networking from reading books, and building a network in his house and his hardware expertise is pretty good. Whenever you ask him a question about applications or networking or honestly anything... this person gets "diahrea of the mouth" and starts slinging around technical jargon emphasized by terms like "my network". Having over 15 years of industry expertise, however, I have learned "technogy as a second language" and speak and converse in it fluently. Much of what he says makes no sense at all and there is little logic to his statements. Quite frankly, I think I scare the crap out of this guy, and he won't let me anywhere near the network. He reports to the CFO of our company, who has absolutely no interest or knowledge of the IT field. Basically, there are no checks and balances, no reports, and no oversite with regard to how he uses the information, or what he does with it.
There have been periods of time when he and I have been at cross-purposes and my Outlook would change viewing methods overnight or my defaults would all be different the morning after I decided to close and lock my door. There was an occasion when I was on vacation last year, in the godforsaken jungle (with a coworker)that I received a read receipt for an e-mail sent to this coworker during the time we were away with nothing but monkeys to grant us access to e-mail. The last time I was away (this past March), he took it upon himself to copy my entire home directory to DVD, and delete it from the server. I do not have a DVD reader on my local PC. When I got in I could not access any of my data and when I asked when it would be made available to me (after several hours of NO response), he said he was eating and he would get to it after lunch (it was a really long lunch that lasted till 4:00PM). I spent four days exclusively trying to recover this data, but there were lots of recording errors and I have only been able to retrieve 30% of my data. In my opinion NO I.T. PERSON IN THE WORLD SHOULD HAVE THAT MUCH CONTROL or AUTONOMY!
He has VNC loaded on the network and it was loaded locally on my PC several months ago, but I removed it the same day it was installed.
His method of data security is to perform back-ups at midnight take that tape and put it into a firesafe (which is only safe up to one hour in a fire). He keeps the most current tapes on-site and after 7 days takes the tapes home to his house and he keeps them there for 6 months.
I AM VERY CONCERNED THAT THIS INDIVIDUAL IS IN CHARGE OF ALL THE DATA FOR MY ORGANIZATION. I NEED TO FIND A WAY TO DELIVER PROOF OF IMPROPIETY TO THE OWNERS OF MY COMPANY SO THEY WILL AGREE TO HIRE A SECURITY CONSULTING FIRM TO ASSESS OUR NETWORK. If I am wrong or severely paranoid, I will be happy to accept that, but I would rather be wrong than imagine the ramifications if I am right. Do you have any suggestions for me? Or are you all asleep from this book I wrote?