When Terry Childs refused to give out the passwords for the systems he managed for the city of San Francisco, I was rather stunned. I think most technology professionals were as well. While I'm sure a few people cheered him on as a principled professional trying to do what was best for his employer, most of the people I talked to couldn't imagine refusing to disclose passwords, or taking a stand here.
It is our job to try and ensure strong security. It's our job to protect data as professionals, but ultimately, it's not our job to decide how the business works. That's what the people in charge are paid to do, and if they do it poorly, they should be fired or prosecuted.
I don't know of the 4 year sentence given makes sense, but I do think that Mr. Childs deserved to be terminated. And given the way that security works, perhaps he did deserve to be prosecuted for not disclosing the passwords to his boss.
I've typically stored passwords with the CFO of small companies I've worked with. I haven't given them the passwords to use, since they are usually not qualified to work on the systems, but I have sealed them in an envelope, informed the CEO, and allowed the CFO to store them. My logic was if something happened to me, the CFO would need to find a replacement and give them the passwords.
We all should take our jobs seriously, but I think we need to remember that it's a job for us. We ultimately ought to be doing our jobs as well as we can, but also do them as we're told to do the job. Or just leave the job. Don't start to assume the system you manage is really "yours."
Steve Jones
The Voice of the DBA Podcasts
- Windows Media Podcast - 21.3MB WMV
- iPod Video Podcast - 15.7MB MP4
- MP3 Audio Podcast - 3.6MB MP3
The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there. Overall RSS Feed:
or now on iTunes!
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
You can also follow Steve Jones on Twitter: