O'Reilly Network: CYA for System Administrators; Things to keep in mind in our litigious societyApr 21, 2000, 17:58 (0 Talkback[s])
(Other stories by David HM Spector)
[ Thanks to David Spector for this link. ]
"Doing the wrong thing in the cause of making your network "more secure" can land an unlucky administrator in a duel with the legal system. This is more likely when your actions come as a surprise or are viewed in a bad light by others who question your authority or motives to be doing what you're doing. With all the sound and fury in media about evil hackers, it's a good idea to consider how to protect yourself ahead of time."
"The sheer power of the systems administration function intimidates many users and management types when they stumble into the realization of just what can be done with root privileges. The question that shakes out of this is pretty simple: How can I do my job, run a system or network safely and securely without winding up on the wrong end of a subpoena?"
"...it's a good idea to make sure that your role and your responsibilities are fully specified. By "fully specified" I... mean that... your job description should be complete and list not only the hardware and software you support, but what management areas that role includes."