He'll plead to negligent discharge of a firearm. Shooting into the air in a suburban neighborhood is dangerous. When you miss, the bullet comes back down somewhere, possibly at speed.
This is a loser of a case. If the annotations are official legal guidance of the state of Georgia then it's not copyrightable. If they're a third-party creation owned by a third party then Georgia has no standing to bring suit. That's for the third-party to do.
Sounds like they're playing fast and loose with the rules.
You misunderstand. Security isn't cow sh** it's bullsh**.
Even better, move all applications to the web, so everything runs on central servers which are much easier to manage and secure than a fleet of personal computers. Give users Chromebooks or another thin client configuration and don't let them install software.
This is presumptuous. You're a security guy. You don't know enough about the myriad and varied work the company's employees do to make birght-line rules about how they must do it. Nor will you with any amount of training.
> All of those things are worthless with a user base that does not respect and actively subverts security.
Framing the situation that way is a mindset that guarantees catastrophic security failure.
Hear hear! The user base doesn't actively subvert security unless security is obtrusive and overbearing. Subverting security is too much effort.
Where are your test systems and test cases?
The truth is, if you are a [life form of any kind], and someone threatens to murder you online, it's overwhelmingly likely that no help is coming, and you're on your own.
There, I fixed it for you.
This state is now making a widespread practice of using the businesses it awards contracts to as staffing agencies, knowing full well that the people coming in are 1099s and receive none of the benefits or protections of regular employees. These contractors are expected to be on site full-time, are not allowed to use their own hardware or software, and are managed alongside, and perform substantially the same work as other, regular employees. This is apparently done to cut costs.
The State has no legal risk here — that rests solely on the businesses it awards contracts to. But given that this particular state takes a hard line against misclassifying employees, this strikes me as profoundly hypocritical.
I am not here to ask for legal advice. Indeed, I have already retained counsel in this matter. Considering additional detail that I won't get into here, Federal law is likely being broken. Since this is also one of the states that have the strict "three prong" test for classifying employees, the State's own law is definitely being broken.
I thought, maybe somebody should say something. But my lawyer's reaction surprised me. He said — this isn't a big deal, you could just go find another client. And you know what? He's right. I could totally do that. Maybe since we in the IT industry tend to be well paid, nobody should care, and there's no reason complain.
I'm not asking for legal advice or a recommendation as to what I should do personally; I'm still forming an opinion on the larger issue here, and I'd like you to share yours.
Clearly a job for openvpn. Split tunnel when you don't want to control Internet access. No split tunnel when you do.
Can't use peer to peer tech without something in the middle to mediate it. That's not an assumption, it's a requirement for a reasonably secure system. Without that approach you're vulnerable to arp hijacking and all manner of related badness.
Requires the sysadmin to implement strong situational awareness. That's not an assumption, it's a requirement for a reasonably secure system.
Daily backups with quick restore. If you don't have this, your network is a time bomb no matter what else you do.
For information loss issues, you partition the network. There's no excuse for time cards bound up in monolithic accounting software where every employee needs to be able to trade packets with the server holding all the employees' SSNs. Any system you can build will leak. Better for those leaks to be droplets rather than a flood.
Or you can do things that are ineffective and crush staff productivity. It'll look good on your resume after the company goes under.
Try applying that same example to money within a company...
Many of the folks you describe have company credit cards, often without fixed spending limits. The accountants even write checks on the company's behalf, often for large sums. Misuse of these privileges leads to discipline and even termination.
The firewall is there because some crap on the Internet is more problematic than other crap on the Internet. Done right, it's a speedbump - it makes the user slow down his rush to reach the problematic site and make a judgement call whether he really needs to go there. Done poorly it's a brick wall -- the user trying to do his job hits his head against it uselessly and hates the IT group with a passion.
Accountability belongs with the individual. IT's job is to facilitate and advise. That includes IT security.
There is no loop here. Your switches should be configured so that one workstation can't send packets to another. Your monitoring system should alert you to an unusual quantity of access on the file shares (a tip off that a virus is active) and your backups should be good enough to restore damaged files after you isolate the workstation that did the damage.
And when the user overrides the web filter, the override should apply to just that site and should warn the user that, "This site was blocked for a reason and your access to it will be logged. Please take care to avoid use that could compromise network security."
A reasonable IT strategy leaves the user in command. It advises when the user wants to do something dangerous and it stands ready to recover when things go sideways.
If a user then causes problems, that's a disciplinary issue for management to resolve, not IT.