Originally posted by jmo21
View Post
- Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
- Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!
Collapse
You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:
- You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
- You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
- If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.
Logging in...
Previously on "Informing mgt their security is leakier than Luisa Zissman's fanny rag"
Collapse
-
-
Is it an exploit that someone outside the organisation could attack/prove?
If so, pass it to a security company and let them expose it.
The you get the best of both worlds, ethical part done, but safeguarding your contract should any snidey management take a disliking to you.
I've been reading Troy Hunt for a while, he's a security expert who "outs" companies with insecure websites
Leave a comment:
-
You could always just be nice and go ahead and fix the problem for them and tell no one. Of course, you wouldnt get any recognition, extension and most likely be fired for working on an unauthorised project/system but it would solve the problem of "As a professional in my field of work, do I or don't I write an email or should I first grow a pair"
Leave a comment:
-
The answer should be report it up the food chain and carry on billing however there is the usual politics and blame culture to handle in the senior management team. So you need to balance the email so that you don't get your manager/client shot. If is was me I would draft the email warts and all then send it to the manager that owns the responsibility and ask him to help you phrase it for his bosses consumption. then work on the draft together till they are us happy that you have not screwed them that way they get to take the credit for working with you to identify the issues and raise their game rather than becoming a C-levels Lunch for fun.
Most businesses that have these issues, have them because the C-Levels don't see a need to care about it or rather are more interested in other pressures than firewalls and bad coding.
Leave a comment:
-
Originally posted by vetran View Postas DaveB said.
Write a professional email highlighting the issues and their possible impact
Dude, we've like totally got a problem with our data security. It’s like people could find out about the babes n stuff and that would be like most most heinous. If that happens I’d be like, “dude, i totally told you this would happen” and you’d be like “no way!” and I’d be like “way!”
Leave a comment:
-
Luisa Zissman?
Someone gonna tell me of am I going to have to google that?
Leave a comment:
-
Originally posted by Gym beast View PostConundrum....
A) Righteously email management, which creates a electronic chain of evidence that by definition MUST be pursued, whipping up some discontent, risking antagonising HE WHO SIGNS MY TIMESHEETS, or;
B) Drop a quiet word in the meeting room, knowing full well if I tell them verbally, nothing will be done, then walk offsite in a few months with much fatter pockets, but knowing a big brand name who are in the business of safeguarding lives can't even completely safeguard their data?
WWYD ???
Either way unless you know exactly what you are talking about you are heading for hot water, I would do neither, I would have a quite word with InfoSec team and raise it to them, they will assess the actual risk as is their job, and if they raise it to management it will carry more weight than some contractor.
Leave a comment:
-
as DaveB said.
Write a professional email highlighting the issues and their possible impact with rough idea of cost. Suggest if possible a solution and rough idea of cost & benefits.
there are plenty of good studies out there from people like Gartner / Forrester covering most common security issues. pick some nice scary & appropriate graphs.
the key point if their is a legal side is you reported it, saves you being the fall guy if the company gets caught.
Leave a comment:
-
Originally posted by DaveB View PostThe key to getting management on board with security issues is to point how how it will either *save* them money if they fix it, or *cost* them money if they don't.
You have to couch it in business terms they will understand and see as relevant to them. Just telling them that they have a technical vulnerability in an application relating to a buffer over flow leveraging a cross site scripting exploit (or whatever the problem is) will not get them to take notice, even if they are the IT manager or Director. It will just irritate them.
You can also throw in the upcoming changes to legislation coming from Europe that will mean increased accountability for data security, introduce legal requirements to report data loss incidents with 24 hours and introduce new sanctions against those that fail to protect information appropriately.
Full review from a Specialist legal firm here: https://www.slaughterandmay.com/medi...ion-reform.pdf there are lots more if you look for them, all saying the same thing.
Email them the problem, the consequences, and, if you have one, the solution.
Couched professionally it should be rewarded rather than punished: and if it is the latter then walk.
My reputation and conscience would make it the only way to go - especially, as you intimate you don't want to stay there anyway.
Leave a comment:
-
Post the information anonymously on the 'net and see the company sink, serves them right
Leave a comment:
-
Originally posted by Pogle View PostWith your frankly bizzare thread title and use of the word 'dude', i can only assume you're a pillock or a 15 year old boy.
Leave a comment:
- Home
- News & Features
- First Timers
- IR35 / S660 / BN66
- Employee Benefit Trusts
- Agency Workers Regulations
- MSC Legislation
- Limited Companies
- Dividends
- Umbrella Company
- VAT / Flat Rate VAT
- Job News & Guides
- Money News & Guides
- Guide to Contracts
- Successful Contracting
- Contracting Overseas
- Contractor Calculators
- MVL
- Contractor Expenses
Advertisers
Contractor Services
CUK News
- Reports of umbrella companies’ death are greatly exaggerated Yesterday 10:11
- A new hiring fraud hinges on a limited company, a passport and ‘Ade’ Nov 27 09:21
- Is an unpaid umbrella company required to pay contractors? Nov 26 09:28
- The truth of umbrella company regulation is being misconstrued Nov 25 09:23
- Labour’s plan to regulate umbrella companies: a closer look Nov 21 09:24
- When HMRC misses an FTT deadline but still wins another CJRS case Nov 20 09:20
- How 15% employer NICs will sting the umbrella company market Nov 19 09:16
- Contracting Awards 2024 hails 19 firms as best of the best Nov 18 09:13
- How to answer at interview, ‘What’s your greatest weakness?’ Nov 14 09:59
- Business Asset Disposal Relief changes in April 2025: Q&A Nov 13 09:37
Leave a comment: