Sales Guy v. Web Guy

This video is actually quite amusing and worth the 10 minutes out of any one's busy schedule even if you are not much of a computer guys, as I am. One of the first policy violations that I noticed while watching the clip was the users misuse of the computer by downloading and playing video games. Company policies usually state that employees are not to use the computers for anything non-work related, basically referring to surfing the web, but especially not playing halo at work. This poses as a distraction to the employee, as it was in the clip and I am not sure or not, but I think downloaded software such as these games can unleash viruses or malware into the computer posing a potential security threat.

Another policy violation, is when chip asks the user to reboot the server because that's what they did yesterday. And the guy actually reboots it for him without even verifying who hes talking to, what department, or anything that could validate him being a legitimate employee. The user who rebooted the server should have known better and at least asked for some credentials or checked with his boss, who would have told him not to reboot the server because they then need to power off to boot it on. After the web guy reboots the server he then gets yelled at from his boss because he sent an email out clearly explaining not to. So web guy goes into his bosses sent mailbox on his work email and deletes the message so it looks like he never sent it to web guy. This is basically non-repudiation, which is the concept of ensuring that a party in a dispute cannot repudiate, or refute the validity of a statement or contract. Web guy also shows a lack of integrity here and is not a trustworthy employee. Web guy is violating company policies and breaching the security system by accessing other user's emails. This is a major violation and he could potentially be fired for performing something like this if he were to get caught. There must be some way security program to block employees from doing this otherwise this would be a recurring incident and a major problem. And on top of it all, web guy blames the sales guy for the whole mess because he told him to reboot the system in the first place.

I noticed that when web guy sent someone down to the server room to physically reboot the server he was reviewing the security cameras. I am not sure what company policy is or who is suppose to review the cameras, but I know that where I work the only employees allowed access camera footage is the security department and of course the top executives. If I remember correctly, web guy is neither and I don't think he should have access or be reviewing those cameras. He might have access or he might be hacking into the security system to see the cameras, which I am sure is against company policy, a security breach, and maybe even a computer crime.

One last policy/security violation that I noticed was the web guys violation of confidentiality and authorization when he signed onto, chip, the sales guy's computer desktop. First of all the sales guy was stupid enough to give web guy his password and asset key, but web guy should have never asked him for it in the first place. He has no right to observe whats on his desktop and its not up to him to determine what right and wrong considering all of the policy violations that he committed in only 10 minutes. Web guy then access sales guy's desktop from his and proceeds to close out programs, open programs, mess with sales guy's icons and even manages to take a picture of his desktop, which I find to be a huge security violation. He could essentially take pictures of all his data and send them to anywhere, which I didn't even know was possible. Every viewing this clip it's actually pretty cool to see how amazing some people really are with these computers and the extremes that they are capable of. I am sure that this may be baby stuff compared to real computer geniuses, but this is astonishing to me and very interesting. This goes to show you that you can't trust any employee and that a secure computer security system must be priority within any company if that organization wants to keep information confidential and remain successful.