Saturday, January 14, 2006

Lock The Door

Ignore Liability Issues At Your Own RiskIgnore Liability Issues At Your Own Risk

With new regulations surrounding storage and communication, not to mention those on the horizon, data center managers have a number of liability issues to keep in mind.

Beyond Sarbanes-Oxley or HIPAA, there's also the possibility of shareholder lawsuits based on employee negligence or technology failure. This murky brew of litigation mixed with legislation can be difficult for even the most experienced manager to stomach.

Fortunately, drastic steps such as unplugging users and closing down the network don't have to be taken. Rather, IT managers can benefit from just knowing where the vulnerabilities are and what can happen if something goes wrong.

They Are No Angels
One of the largest sources of potential liability could be walking by your office right this second. Although many IT departments try to show respect to employees by respecting their privacy in terms of email and Web surfing, that consideration could be bad for the company in the long run.

"Generally speaking, employers are liable for the acts of their employees," says Sean Garrison, partner with law firm Lewis and Roca and co-chair of the firm's intellectual property group.

He adds, "In today's world, with rapidly advancing technology, the potential corporate loss and liability arising from an employee's theft or mishandling of corporate data files can be substantial and must account for a significant portion of any corporate risk management system."

Negligent, disgruntled, or greedy employees that use company equipment to cause data loss, share trade secrets, or simply cause network downtime can spark a number of liability actions. A type of lawsuit that's seen more frequently is claims made by shareholders, says Jim Brelsford, head of technology law at Jones Day.

"We're going to see a wave of these in the next few years," he says. "They'll center around shareholders suing the company to claim that data loss or some other event changes the stock price."

In some cases, employees might not be to blame for company problems. If an outsider hacks the network, a company could be liable for not implementing proper security measures. But that kind of litigation is minor when compared to what might happen if IT knows there was a breach and failed to act.

"If someone can prove that you knew about a problem and didn't do anything about it, you'll be in trouble," Brelsford says.

Even getting rid of equipment without aggressive electronic data cleaning could be dangerous. Steve Harris, director of data center planning at technology consultancy Forsythe, says that disposal is the responsibility of the company. That includes making sure that a disposal firm is legitimate, as well as that the data really is gone.

He says, "If you're letting a major piece of technology go out the door, it's incumbent on you to make triple sure that it's wiped clean."

Cracking Down
Protecting a company from inside and outside threats can be done in a number of ways. Usually, implementing bulletproof firewalls and network security, as well as doing regular network monitoring demonstrates that an IT department is working to shield the company from harm, and this goes a long way toward minimizing liability concerns.

With employees, the issue can become more complicated, but one solution at least is straightforward. "It's vital to have an acceptable use policy for employees," says Chris Getner, CEO of e-discovery firm Aaxis Technologies. "Most companies have those in place, but they don't do enforcement."

If a regulation is broken or a company is sued, it isn't the policy that will get examined, Getner notes; it's how IT enforced that policy. "We see a lot of cases where employees download what they like or do online gambling, or even run a personal small business from their company's computers."

To minimize threats, IT can consider installing content filters, blocking illegal downloads, putting limits on email attach ments, and writing a policy that is strongly and clearly worded. Also important is creating guidelines for how the company name can be used in external communication. For example, if an employee posts a nasty message about someone's race or sexual orientation to an online bulletin board and uses company equipment to do it, there could be liability. If the employee claims such thoughts are shared by the company, failure to take swift action to prove otherwise could be deadly.

Sometimes, says Getner, simply letting employees know that you can become Big Brother at any time might reduce problems.

"Employees have to know what they can and can't do," he says. "Delivering that information is part of IT's job. If those areas aren't made clear, then the company can be held liable for not informing its employees about acceptable use of technology."

Because IT has numerous responsibilities, data center managers can't become staff babysitters, but they should understand how employee negligence can affect the company. "You can't be held accountable for all the acts of your employees," says Jeremy Mishkin, a partner at law firm Montgomery, McCracken, Walker & Rhoads. "It's similar to if someone used the photocopier to commit fraud. You can't be responsible for everything that happens at the company because you don't know about everything."

He adds, "But, you can make sure that you don't turn the other way instead of trying to He adds, "But, you can make sure that you don't turn the other way instead of trying to see problems."

by Elizabeth Millard

Early History of Locks

Securing ones possessions has long been a concern of people throughout the world. Beyond hiding the objects or constantly guarding them the most frequently used option is to secure them with a device. Early solutions included knots to either detect Thief knot, or hamper like the Gordian knot.
The first known lock with a key was a pin lock where a cylinder of wood with a hole drilled through its axis was the key. The length of the cylinder was the critical factor. It was strung on a rope hanging out of a hole in a door. Then the key was inserted into the hole and the rope pulled to push the cylinder to push the bolt the correct distance. To lock the door just pull on the rope to extract the key cylinder and simultaniously pulling the bolt close. This type of lock is still in use in certain parts of the world. A danger of this lock was a vandal could push the rope into the hole; an ancient equivalent of putting glue into a lock.

Early improvements in pin locks included increasing the number of pins to increase security, and changing the orientation of the pins to allow the key to provide the unlocking force instead of a rope. Thus establishing the principles of the modern Pin tumbler lock.

Next was developed a Warded lock that is still used in modern times when the security required in not high and cost is a significant factor. It is the first lock design to have a key recognizable to a modern western person.

Lock Puzzles were used to obscure the locking mechanism or even provide a nonfunctioning lock for the thief to waste time on.

How Lock Picking Works

Keys are one of the most basic and essential machines we use every day.Most people carry five to 10 keys with them whenever they go out. On your key ring you might have several keys for the house, one or two more for the car and a few for the office or a friend's house. Your key ring is a clear demonstration of just how ubiquitous lock technology is: You probably interact with locks dozens of times every week.

The main reason we use locks everywhere is that they provide us with a sense of security. But in movies and on television, spies, detectives and burglars can open a lock very easily, sometimes using only a couple of paper clips. This is a sobering thought, to say the least: Is it really possible for someone to open a lock so easily?

In this article, we'll look at the very real practice of lock picking, exploring the fascinating technology of locks and keys in the process.