Computer Security - Intranet Security

05-16-2004, 12:22 PM

I have been asked to try to find an instance where personal details appearing on an
Intranet have been used to compromise someone's security or safety.

The background is that someone was dismissed because he refused to provide personal
details (date of birth, etc.) to be published on an Intranet and refused to provide
details for security questions (mother's maiden name, etc.) on the grounds that this might
be misused either by someone with access to the Intranet or by someone hacking in.

His argument was that the information required could be used for identity theft.

I'm struggling to find a specific case. Can anyone help?

Studs Murphy

05-17-2004, 02:21 AM

In article <y3Jpc.50$Fk4.36@newsfe1-win>,
says...
> I have been asked to try to find an instance where personal details appearing on an
> Intranet have been used to compromise someone's security or safety.
>
> The background is that someone was dismissed because he refused to provide personal
> details (date of birth, etc.) to be published on an Intranet and refused to provide
> details for security questions (mother's maiden name, etc.) on the grounds that this might
> be misused either by someone with access to the Intranet or by someone hacking in.
>
> His argument was that the information required could be used for identity theft.
>
> I'm struggling to find a specific case. Can anyone help?
>
>
I'd be interested in knowing the name of the company that fired someone
over their refusal to allow their personal information to be published
on the corporate intranet. That would make a great story about the
cluelessness of some companies and their complete lack of regard for
employee personal information.

As for information about such behavior, google is loaded with it. Most
major security sites and privacy sites will have information about the
potential consequenses of posting employee personal information on an
intranet. There are also numerous governments that have published
information regarding the potential impact of such behaviour.

As for any recent legal cases involving personal information on an
intranet leading to liability, I am not aware of any. I think we're
still waiting on the first one. But I have little doubt that when one
appears the company will end up liable, especially if past actions have
shown a blatent disregard for employee concerns about such.

/steve
--
Check out Cotse's Privacy Watch.
A comprehensive information resource.
http://www.cotse.net/privacy/

Stephen K. Gielda

05-17-2004, 02:21 AM	#2
Stephen K. Gielda Posts: n/a	Re: Intranet Security In article <y3Jpc.50$Fk4.36@newsfe1-win>, says... > I have been asked to try to find an instance where personal details appearing on an > Intranet have been used to compromise someone's security or safety. > > The background is that someone was dismissed because he refused to provide personal > details (date of birth, etc.) to be published on an Intranet and refused to provide > details for security questions (mother's maiden name, etc.) on the grounds that this might > be misused either by someone with access to the Intranet or by someone hacking in. > > His argument was that the information required could be used for identity theft. > > I'm struggling to find a specific case. Can anyone help? > > I'd be interested in knowing the name of the company that fired someone over their refusal to allow their personal information to be published on the corporate intranet. That would make a great story about the cluelessness of some companies and their complete lack of regard for employee personal information. As for information about such behavior, google is loaded with it. Most major security sites and privacy sites will have information about the potential consequenses of posting employee personal information on an intranet. There are also numerous governments that have published information regarding the potential impact of such behaviour. As for any recent legal cases involving personal information on an intranet leading to liability, I am not aware of any. I think we're still waiting on the first one. But I have little doubt that when one appears the company will end up liable, especially if past actions have shown a blatent disregard for employee concerns about such. /steve -- Check out Cotse's Privacy Watch. A comprehensive information resource. http://www.cotse.net/privacy/ Stephen K. Gielda

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Computer Security Information and What You Can Do To Keep Your SystemSafe!	Ann.Anderson.group.com@gmail.com	A+ Certification	0	12-06-2007 01:55 AM
Computer Security	aldrich.chappel.com.use@gmail.com	A+ Certification	0	11-27-2007 02:11 AM
Computer Security Information (Free Articles and eBooks)	aditya.jaiswal.com.use@gmail.com	DVD Video	0	10-10-2007 04:53 AM
Re: Mac Security vs. Windows Security	Tony Sivori	A+ Certification	0	10-28-2003 06:23 AM

05-16-2004, 12:22 PM	#1
	Intranet Security I have been asked to try to find an instance where personal details appearing on an Intranet have been used to compromise someone's security or safety. The background is that someone was dismissed because he refused to provide personal details (date of birth, etc.) to be published on an Intranet and refused to provide details for security questions (mother's maiden name, etc.) on the grounds that this might be misused either by someone with access to the Intranet or by someone hacking in. His argument was that the information required could be used for identity theft. I'm struggling to find a specific case. Can anyone help? Studs Murphy