John Akerson's Thoughts

Business, technology and life

The "Rogue Admin" Case Will Be Very Expensive

I again commend Paul Venezia on his thorough, accurate, timely and thoughtful coverage of the Terry Childs Case.   Here is Paul’s latest on the case.

Paul points out that the legal precedent used to dismiss 3 of the 4 charges against Terry Childs should have also applied to the 4th charge.  He points out that this could “harm password security” because the 4th charge remains. 

If the remaining charge is convictable, then computer administrators will be much more likely to divulge passwords. Nobody wants to be jailed for denying access. Beyond the ordinary social engineering types of password requests, there might be a new level of social engineering demands. The phrase might be “You don’t want to be jailed so give me the passwords or I will call the police.” comes to mind. That wouldn’t work everywhere, but if in the course of your job erring on the wrong side of security and access could get you jailed, you might be much more likely to err on the side of access.

That adds risk. To manage that risk and ensure security, additional Processes, policies and procedures will be needed. If Childs is convicted, those additional steps, the additional piles of policies, processes and procedures will cost everyone because it will touch every information management facet. Even if you don’t work in networking or security, you probably have online banking access, you may pay bills online, you probably access email, utility bills, magazines, and many other resources. Even if you don’t do those sorts of things online, the companies that you deal with do.

Consider the cost in the same way you might consider weight – Information Technology is ingrained in and flows through business like blood cells in blood vessels in the body. If you add an additional fraction of an ounce to every blood cell, or even every 5th blood cell, you would weigh more. Every step would require moving that additional weight.  Given the parameters of the Terry Childs case, at this point, whether he is convicted or not, ALL information technology resources will likely have additional levels of inefficiency added to protect security while simultaneously protecting the people who provide the security.   Maybe an additional $1 fee here or there won’t add up when you pay it – but across businesses that touch everyone’s live, this is going to be very, very expensive.

Advertisements

September 5, 2009 - Posted by | Uncategorized

No comments yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: