Home
What's new
Latest activity
Authors
Store
Latest reviews
Search products
Forums
New posts
Search forums
What's new
New posts
New listings
New products
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
Cart
Cart
Loading…
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Search titles only
By:
Menu
Log in
Register
Navigation
Install the app
Install
More options
Change style
Contact us
Close Menu
Forums
SVTPerformance's Chain of Restaurants
Road Side Pub
IT Privacy at work help (CEO wants all admin staff user passes) Security issue
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="paynecasey" data-source="post: 14093238" data-attributes="member: 127309"><p>IT Response to admin and CEO</p><p></p><p>"It is in our IT Security Policy that passwords should always be masked, encrypted and never printed. In the event of the loss of an employee, the IT department can access the employees accounts and reset passwords if needed with the administrative log in.</p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p>Regarding passwords, our IT Policy doc states<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite3" alt=":(" title="Frown :(" loading="lazy" data-shortname=":(" />pg. 17)</p><p></p><p></p><p></p><p></p><p>Restrictions on Recording Passwords - Passwords are masked or suppressed on all online screens, and are never printed or included in reports or logs. Passwords are stored in an encrypted formats."</p><p></p><p></p><p>CEO response</p><p></p><p>"IT has a good catch (see below). Think this is a narrowly applied control to accessing our IT system (EHR, e-mail). Still need all other access information, whatever it may be, such as to our bank accounts, electronic files, computer programs, grants, vendor accounts, etc. Some folks may not have any significant access information to report. Try to cover where you, and you alone, gets access to information or to do reporting and the like. Can exclude things like the EHB where multiple people have access."</p><p></p><p>I'm the only guy who touches websites for grant funds and banks. He knows this. Just painted a target on my back for sure.</p></blockquote><p></p>
[QUOTE="paynecasey, post: 14093238, member: 127309"] IT Response to admin and CEO "It is in our IT Security Policy that passwords should always be masked, encrypted and never printed. In the event of the loss of an employee, the IT department can access the employees accounts and reset passwords if needed with the administrative log in. Regarding passwords, our IT Policy doc states:(pg. 17) Restrictions on Recording Passwords - Passwords are masked or suppressed on all online screens, and are never printed or included in reports or logs. Passwords are stored in an encrypted formats." CEO response "IT has a good catch (see below). Think this is a narrowly applied control to accessing our IT system (EHR, e-mail). Still need all other access information, whatever it may be, such as to our bank accounts, electronic files, computer programs, grants, vendor accounts, etc. Some folks may not have any significant access information to report. Try to cover where you, and you alone, gets access to information or to do reporting and the like. Can exclude things like the EHB where multiple people have access." I'm the only guy who touches websites for grant funds and banks. He knows this. Just painted a target on my back for sure. [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
SVTPerformance's Chain of Restaurants
Road Side Pub
IT Privacy at work help (CEO wants all admin staff user passes) Security issue
Top