Sunday, April 13, 2003

Pop Quiz Answers

Answers to yesterday's quiz:
  1. Wasn't really a question. Rather, it's more of a suggestion that you familiarize yourself with the people that run your community or place of employment.
  2. Something you are (biometrics), something you have (tokens), something you know (passwords)
  3. Confidentiality, Integrity, Availability
  4. 1) he did not have his ID, was aware of this and did not go get it, 2) he repeatedly attempted to gain entry without it, and 3) he made a public statement when he was refused.

Craig from Compulsive.org basically nailed this on (the question about your Vice Mayor didn't really count).

Historically, security managers have always had problems with those people who feel that rank gives them the privelege to be the exception to the rule. These exceptions should not exist. The "priveleged life" is a self-made/self-perpetuating fantasy (actually it's a petty display of power, as in "I'm senior enough that the rules don't apply to me"), and the source of +50% of a security managers problems (insider abuse).

If an organization is set up correctly, the security manager answers only to the #1 person (the person whose signature is at the bottom of the policy statements) in the organization. Once you start allowing exceptions to any policy, it corrupts the overall impression of that policy, and often leads to large scale contempt of that policy.

Mr. Ibarra stated that City Hall was a public building. That's incorrect. City Hall is the building where elected officials and public employees work and expect a secure environment to perform that work in. It may be a common belief that a building is public property but that does not give anyone the automatic "right" of access. The same rules that apply to the person pushing the mop (who actually needs more access to do their job) should apply to the person weilding the pen or gavel (who usually needs access to only 2-4 rooms in the building).

No comments:

Post a Comment