Thursday, June 26, 2008

Larry, The IT Guy (No... make that, Spy)

Security Directors, CEOs, Chief Legal Counsels:
Immediately after you read this, make sure you have a clear, concise written policy in place detailing allowable IT behavior.

One in three IT administrators say they or one of their colleagues have used top-level admin passwords to pry into confidential or sensitive information at their workplace, according to a survey by a password-management vendor.

Nearly half also confessed that they have poked around systems for information not relevant to their jobs.

"We asked these questions last year, too," said Adam Bosnian, vice president of product strategy and sales for Cyber-Ark, a Newton, Mass.-based maker of password file security management software. "And we got similar results. So on one hand, the results weren't surprising. What was surprising initially -- and this time around, too -- is that people admit to it." (more)