One Point. If you know its wrong or illegal & do it anyway (even
though your boss tells you otherwise), you most likely can be held
accountable.
Just ask 'Ollie North'. He should have know selling arms was illegal
(in the manner he did it in), but did it anyway because he indicates
the President 'told him to'. He did not get anything in writing and
he was the one who got pinned on that one. He was just lucky not to
get any jail time.
That's just my observation and opinion.
/Tom
PS. Asking for a written statement/authorization is good, especially
if the statement indicates who is responsible. (i.e. your boss/not
you).
______________________________ Reply Separator _________________________________
Subject: Counterpoint
Author: padgett @
tccslr .
dnet .
mmc .
com (A. Padgett Peterson, P.E. Information
Security) at Internet-Mail
Date: 1/4/ 0 9:34 PM
>Without a written signed clearance from your corporate legal eagle, they have
>absolute deniability. You will be the one who goes to jail, not them.
But then I keep reading about incidents where sysops have been arrested
for things that they claimed they did not know were there and must have
been uploaded by someone else. I am also seeing cases in which employers
are being cited for actions of employees that the employer did not know were
happening and in fact had written policy against.
Fact is that you may be able to get into as much or more trouble for doing
nothing as you would if you do something.
My opinion is:
1) State a position publicly
2) Enforce it
Just make sure your boss knows what you are doing (the old military method
works well: "Unless I receive instructions to the contrary...").
If you don't like that then "Lead, follow, or get the h*ll out of the way."
Warmly,
Padgett
|
|
