what kind of company cant access one of its corporate laptops after an employee/contractor has left and been using it. I wouldnt be giving my password to anyone.
-
-
The password might well be something unmemorable like ApxR5%j4x and held e.g. in some password container app on a phone.Originally posted by Boo View PostDown with racism. Long live miscegenation!Comment
-
How are you expected to give them the password?
Can you validate with 100% certainty the person requesting the credentials is not an imposter or an internal security risk themselves?
Do you have confirmation in writing that this has been signed off at the top of the food chain & by HR? Do you have this on letterhead paper delivered by secure courier and in a sealed document stamped with the company seal?
If so then sure, go for it. If not consider a company that does not have a policy that allows them to access to an asset laptop once you have left, does not have an adequate security policy and you may take the heat at a later date.Comment
-
Bit of common sense is needed here.Originally posted by clearedforlanding View Post
If the agent is asking for it you don't give it to them. However you should have got on well enough with the client so you can phone them up and give them the password. After you have done that you just contact the agent and state you have already given it to the client pointing out it's a breach of the client's security to give it to them."You’re just a bad memory who doesn’t know when to go away" JRComment
-
Surely if Windows AD is in use, they could simply have a sysadmin reset your password to whatever they want? I've seen that done in the past where contractors have departed with a less than adequate handover (e.g. give me your pass then go forth and multiply).The greatest trick the devil ever pulled was convincing the world that he didn't existComment
-
OP didn´t. He ran for the hills after a couple of weeks. OPSEC is OPSEC, common sense doesn´t come in to it. I would only recommend to responding to requests for AAA that comply with best industry practice and have a paper trail.Originally posted by SueEllen View PostComment
-
-
Fine then an email to the agent pointing out he can't give the details as it would be a breach of the client's security policy and goes against standard industry security practice is in order.Originally posted by clearedforlanding View Post"You’re just a bad memory who doesn’t know when to go away" JRComment
-
FTOriginally posted by SueEllen View Post
I would omit the would be a breach of the client's security policy and, unless he has a copy of the client's security policy in hand and has signed it and can quote the specific clause. For all we know recovering password for access to laptops that may contain their IP may be policy.
Less equals more in this scenario. If there is a reply from the client contesting this, then a copy of the policy that he signed can be requested and the appropriate clause highlighted by the client. -I doubt the matter would go any further.Last edited by clearedforlanding; 29 February 2016, 18:29.Comment
-
In my last few contracts I was sent the clients' security policy before getting on site.Originally posted by clearedforlanding View Post"You’re just a bad memory who doesn’t know when to go away" JRComment
Comment