If They Weren’t Disgruntled Before…

| Working | March 13, 2014

(We’ve picked up a new privacy and security employee. He’s very gung-ho, but seems to lack any real understanding of how things work in IT departments and aims for change just to say that he did something.)

P&S Employee: “So what we need to do is restrict the ability of anyone making changes to the production database so that it is secure.”

Me: “We’ve already locked it down as far as we can logically take it. You can’t remove the access any further without making it impossible for the batch programs to run against the database.”

P&S Employee: “But we need to guard against the possibility of a disgruntled employee making changes.”

Me: “And we’ve done that as far as it can go.”

P&S Employee: “But you could still make a change to the database that wasn’t authorized.”

Me: “As could anyone in the system administrators group or any of the database administrators.”

P&S Employee: “What if we developed a process where you had to have approval to do it?”

Me: “We already seek approval for any changes outside of normal business needs. And even if it is a process, that doesn’t prevent anyone from doing it.”

P&S Employee: “We could switch it out of the developers group and into the business administration group.”

Me: “That wouldn’t work at all. The business administration group doesn’t have the technical knowledge on how to do anything like that. Furthermore, you are expanding the number of people who would have the ability to make changes to the production database. And the business administration group is far more of a disgruntled group then we are.”

P&S Employee: “But if you became disgruntled you could still make changes.”

Me: “Why is it that you think that I’m the one who is going to be disgruntled?”

P&S Employee: “It could happen!”

1 Thumbs
735