$BlogRSDUrl$>
linking INTEGRITYIntegrity - use of values or principles to guide action in the situation at hand.Below are links and discussion related to the values of freedom, hope, trust, privacy, responsibility, safety, and well-being, within business and government situations arising in the areas of security, privacy, technology, corporate governance, sustainability, and CSR. The risks of insecure firing practises, 4.12.03
Man sentenced for hacking into Web site Associated Press
PITTSBURGH -- A former employee of American Eagle Outfitters has been sentenced to 1.5 years in U.S. federal prison for posting passwords on-line to the retailer's Web site and orchestrating an Internet attack.
Kenneth Patterson, 38, of Greensburg, must also pay more than $64,000 (U.S.) in restitution as part of his September guilty pleas to password trafficking and computer damage. He could have been sentenced to a maximum 11 years in prison and fined as much as $350,000.
Mr. Patterson's attorney, Martin Dietz, said he was pleased that the judge's sentence was less than prosecutors had been seeking.
'The government tried to blame Ken Patterson for all [American Eagle's] losses,' Mr. Dietz said.
Federal prosecutors said that Mr. Patterson posted user names and passwords for American Eagle users on an Internet hackers' group bulletin board and detailed instructions on how to hack into the company's system after he was fired last year.
Prosecutors said that Mr. Patterson then launched a series of 'denial of service' attacks -- which are intended to hamper or shut down a computer system by flooding it with data -- against American Eagle during the 2002 holiday shopping season.
CLB: Security best-practice includes employee hiring and exit processes. In this case, it appears that the American Eagle employee was not fired in a secure manner. In this case, the insecure process results in financial losses to company, and potentially extensive losses to the company's customers. Best practice for securely firing an employee usually involve several departments within an oganization, working to simultaneously: escort employee out of work environment (physical security), conduct an exit interview (HR), remove all digital and physical access (IT security, physical security), appropriately inform sensitive business relationship owners of employee status change (manager, marcom), file all union, legal, and regulatory required paperwork as soon as possible (HR, accounting, legal). Related policies: HR, IT, Marcom, Legal, Privacy.
CommentsPost a Comment
Archives07.03 08.03 09.03 10.03 11.03 12.03 01.04 02.04 03.04 04.04 05.04 06.04 07.04 08.04 09.04 10.04 11.04 12.04 01.05 02.05 03.05 04.05 05.05 06.05 07.05 08.05 09.05 10.05 11.05 12.05 01.06 02.06 03.06 04.06 05.06 06.06 08.06 09.06 10.06 11.06 01.07 02.07 03.07 04.07 07.07 08.07 09.07 10.07 05.08 06.08 |