Bad IT People

It's going to happen. Someone, somewhere, is going to deliberately compromise security and abuse their position as an administrator. Hopefully it doesn't happen at your company, but the longer you are in IT, the better chance you have of being around when a "security DR event" occurs.

This article talks about IT people going bad, and it happens more often than we hear about. Many companies don't want to disclose these types of events, and it's possible one happened in your organization already.

This is nothing new. In every industry in which I've worked there have been people that take advantage of loopholes in systems and processes to engage in criminal activity. I have had liquor stolen from bars and lumber from a warehouse. We can't prevent all of these activities, and companies know this. Usually there is a line in your accounting system that marks these losses as some cost of doing business.

As with many external hacking issues, companies are likely to try and prevent anyone from finding out about these activities outside of the company. That's not a great solution for anyone, since often these employees are let go and hired by the next company who has no idea what the person they just hired has done.

You shouldn't participate in these activities, and you ought to turn in those that do. However I know many people find that harder to do when confronted by this situation. At the very least, if you turn a blind eye, don't help prolong a bad IT person's career in this business. Don't give them any sort of recommendation, and don't include them in your personal network in any way.

Steve Jones

The Voice of the DBA Podcasts

Everyday Jones

The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there. Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

You can also follow Steve Jones on Twitter:

Lockdown or Let Them Free

by Steve Jones

SQLServerCentral.com

Editorial

Do we take security too far? Are we creating unnecessary rules for those that need to use the resources we support? Steve Jones talks today about security and how we might want to approach it when handling rights for developers.

★ ★ ★ ★ ★ ★ ★ ★ ★ ★

4.5 (2)

You rated this post out of 5. Change rating

2014-06-27 (first published: 2009-09-21)

217 reads

Discuss

Placing a Value on Data

by Steve Jones

SQLServerCentral.com

Editorial

What's your stolen data worth? It might be worth investigating, as Steve Jones suggests. Then you'll know how much you should be spending to protect it.

★ ★ ★ ★ ★ ★ ★ ★ ★ ★

You rated this post out of 5. Change rating

2009-08-05

66 reads

Discuss

The Danger of Algorithms

by Steve Jones

SQLServerCentral.com

Editorial

What problems occur because of the algorithm chosen to generate data? A new report says that social security numbers in the US can be predicted. Steve Jones has a few warnings about what algoriothms you choose.

★ ★ ★ ★ ★ ★ ★ ★ ★ ★

You rated this post out of 5. Change rating

2014-04-28 (first published: 2009-07-27)

326 reads

Discuss

Administering Securely

by Steve Jones

SQLServerCentral.com

Editorial

A common request is how can you secure SQL Server data and prevent the system administrator from viewing data. Steve Jones talks a little about the issue and how you can handle it.