Yes, we CAN be arrested
Earlier this week, the Guardian reported the arrest of Mark Hanna, News International’s head of security. While details are vague, it appears to be the case that the UK justice system is accusing him...
View ArticleIt is against our policy to commit sabotage
A significant number of enterprise IT policies include some sort of prohibition against the use of computer viruses, interference with the network, and other forms of deliberate harm. Is it really the...
View ArticleYou may not write down unmemorizable passwords
I frequently see end user policies that contain the following two elements: Passwords must be so complex that they cannot be guessed Passwords may not be written down This is almost a model case of...
View ArticleSaaS is a Simon Says World
When you buy SaaS, you get what is written on the box. Well, you get what is written on the virtual box. That text may consist of page after page of dense legalese that puts a higher level of emphasis...
View ArticleHas ‘you must obey the law’ ever actually worked?
Its not that I am categorically against the idea of law, but I am convinced that your typical corporate counsel is more motivated by personal convenience than by a sense of organizational proportion. I...
View ArticleDo Your Lawyers Actually Know What the Law Is?
It is only Wednesday, and already I’ve reviewed at least 3 different policies that require employees to obey applicable laws. This is not just self-evident—its a professional cop-out. Somebody doesn’t...
View ArticleWhy today’s stock market is inherently unreliable
If you wanted to sabotage a trading system, you might set out to design suicide mechanisms that look very much like today’s automated trading mechanisms. Blaming Knight Capital’s screwed pooch on...
View ArticleIncluding, but not limited to
Any time your internal policies include the lawyerly language “Includes, but not limited to…”, it should be a sign that somebody needs to reexamine the text. This is often a sort of cop out, an...
View ArticleHack back, jack?
It would be the rare soul indeed, who, after spending hours or even days cleaning up from a hack, didn’t feel the strong red rage of revengeful urges. And how many PC owners or site managers, still...
View ArticleWhy do you classify?
Gartner clients have a lot of questions about the topic of data classification. It is a primary concept that has long been enshrined in the canon of computer security, yet in practice, it remains a...
View Article
