How to Cheat at Managing Information Security

The purpose of this chapter is to:
Provide a brief overview of U.K. legislation regarding information security
Provide a brief overview of U.S. legislation regarding information security
A renowned white-hat hacker joined my team to replace the management fop who occupied the position of chief penetration tester. The new team member had previously worked for a small consultancy of no consequence and small reputation. I told him to bring along anyone he thought was good, but either the fop grassed on us or the conversation was overheard.
A few days later, an e-mail accusation of a hacking attempt, allegedly by my new guy trying to gain access to his previous employer s system, arrived at HR through a friend of a friend of a friend of the HR manager s boyfriend. Within seconds, it was possible to dispel the claim because:
The target system was owned by an ISP mate of my new employee. He rallied to the cause with an open-ended invite, in writing, proving no malfeasance.
The evidence demonstrated obvious hacking activity but no breach of law.
Best of all, the law enforcement agency my new guy was working for on his first engagement provided a statement that he was in no position to undertake these activities at the stated time.
In anyone s book, it was a trumped-up charge. But we were dealing with HR _the land minds forgot. My new employee was suspended, pending a hearing, along with a comment from the HR director that evidence from such...