Dominic (1) [Avatar] Offline
#1
This bit on P182 about logging
"I anticipated an uncomfortable conversation with upper management, when one of my colleague came to the rescue. The storage limitation had always seemed silly to her. Why store only 90 days of logs when a terabyte hard-drive costs less than a hundred dollars? Without telling anyone, she wrote a script that encrypted and transferred logs to her personal server every day. Her archive went back several years, when our million-dollar enterprise storage only had 90 days!"

I know this is just an example and I admire her self-initiative, but I feel that this might be seen as a good practise. There could've been many eventualities, such as her private repository being hacked and decrypted or her company noticing data going to an unknown end-point and calling the authorities. Many employment contracts specifically disallow this kind of behaviour and in some places could be considered as illegal too.

The story could be altered very slightly to read something like:
"With permission of her line manager several years ago, she wrote a script that encrypted and transferred...."
Julien Vehent (12) [Avatar] Offline
#2
I mentioned this story specifically because it is a gray area, and should force the reader to consider the right and wrong of the situation.

On one hand, nobody had the logs that were badly needed for the situation, and she came to the rescue.

On the other, by doing so, she put company data at risk of leaking, and undermined the security efforts of the organization.

So, which is right, which is wrong? It's hard to say, and depends on the organization. I am not trying to answer it, because I like the idea of every reader asking these questions for themselves.