XXX staff are at it again (as usual)... How come they always like to 'chut pattern'? This time, its about some clowns attaching classified documents when they book meeting rooms.
In case I missed out in my earlier postings, XXX is a very security-inclined organisation. They locked-down on many things. Documents are classified according to its Project Classifications, pretty much military-styled place in terms of security.
I received an email from my boss yesterday asking me "are there any new or better ways?". Reading further down the appended content in the email, it seemed that a well-intentioned staff had alerted the relevant people about a potential security loop-hole he had found. What he pointed out is a valid loop-hole whereby a user can book Rooms for his usage, at the same time attaching relevant documents to the appointment. However, users may not be aware that these Rooms' Calendar which they are actually booking for is shared and viewable by everyone, so too the attachments. Imagine if the attached document is a Top Secret thingy, isn't the content as good as exposed to the whole world?
I also gathered from the email that my department used to inform the users in the past NOT to attach documents along with the Room booking due to security issues. However, seemed like some clowns simply do not understand English. Wondering if we should switch to talking to them in 1s & 0s.... If after reminder, people are still doing it, ain't they simply asking for it?
I sometimes really can't stand the level of stupidity in XXX despite those 'esteemed' researchers being the 'cream of the crop', they are unable to practice some simple information safety.....
In case I missed out in my earlier postings, XXX is a very security-inclined organisation. They locked-down on many things. Documents are classified according to its Project Classifications, pretty much military-styled place in terms of security.
I received an email from my boss yesterday asking me "are there any new or better ways?". Reading further down the appended content in the email, it seemed that a well-intentioned staff had alerted the relevant people about a potential security loop-hole he had found. What he pointed out is a valid loop-hole whereby a user can book Rooms for his usage, at the same time attaching relevant documents to the appointment. However, users may not be aware that these Rooms' Calendar which they are actually booking for is shared and viewable by everyone, so too the attachments. Imagine if the attached document is a Top Secret thingy, isn't the content as good as exposed to the whole world?
I also gathered from the email that my department used to inform the users in the past NOT to attach documents along with the Room booking due to security issues. However, seemed like some clowns simply do not understand English. Wondering if we should switch to talking to them in 1s & 0s.... If after reminder, people are still doing it, ain't they simply asking for it?
I sometimes really can't stand the level of stupidity in XXX despite those 'esteemed' researchers being the 'cream of the crop', they are unable to practice some simple information safety.....
No comments:
Post a Comment