How to Cheat at Managing Information Security

Chapter 4: Information Security Laws and Regulations

Overview

The purpose of this chapter is to:

  • Provide a brief overview of U.K. legislation regarding information security

  • Provide a brief overview of U.S. legislation regarding information security

Anecdote

A renowned white-hat hacker joined my team to replace the management fop who occupied the position of chief penetration tester. The new team member had previously worked for a small consultancy of no consequence and small reputation. I told him to bring along anyone he thought was good, but either the fop grassed on us or the conversation was overheard.

A few days later, an e-mail accusation of a hacking attempt, allegedly by my new guy trying to gain access to his previous employer s system, arrived at HR through a friend of a friend of a friend of the HR manager s boyfriend. Within seconds, it was possible to dispel the claim because:

  • The target system was owned by an ISP mate of my new employee. He rallied to the cause with an open-ended invite, in writing, proving no malfeasance.

  • The evidence demonstrated obvious hacking activity but no breach of law.

  • Best of all, the law enforcement agency my new guy was working for on his first engagement provided a statement that he was in no position to undertake these activities at the stated time.

In anyone s book, it was a trumped-up charge. But we were dealing with HR _the land minds forgot. My new employee was suspended, pending a hearing, along with a comment from the HR director that evidence from such...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Human Resources Services
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.