Comments by "Stephen Villano" (@spvillano) on "12 News"
channel.
-
5
-
4
-
1
-
1
-
For a few hours or even a shift, it could be understandable, someone might be working on an important project.
Days on end, there are two critical concepts that are mandatory in the financial sector, due care and due diligence, both are entirely absent from the highest level of corporate to that section of that office.
I live in a rather inexpensive apartment building, we have better security. Access tags that log entry, which is audited. Cameras that recordings are checked very regularly, evictions for violations of security have occurred here. Locks work and are checked and replaced when defective. And that's with a management staff of one.
I'd reported someone messing with the payment drop box, the manager mentioned that she'd noticed that I was speaking with the individual and I related that I'd explained to him that he was trying to open a secure payment box in full view of multiple security cameras. He now lives in another abode, prohibited from access to the building.
That's due care and due diligence. Something utterly absent, despite being required by federal law in that financial office.
1
-
OK, so we know that the building plumbing is, well, dodgy if workers attribute a rotting stench in the office to the plumbing.
We know that multiple layers of security are entirely absent, ranging from access control on the data systems to physical security of the facility, no alerts were raised when an employee checked in and disappeared from the planet without existing the facility. That's even more alarming than cholera and typhoid passing plumbing!
With security this lax, anyone could be doing anything on their network and systems, not a soul would notice. Start with a full Sarbanes Oxley audit, it's literally that big a deal business wise, not to mention employee safety wise. The management has no clue who is and is not inside of their building and systems, didn't even notice a decomposing employee until someone literally blundered into someone likely beginning to liquefy.
I suspect after such an audit, there will be multiple senior management position vacancies.
Meanwhile, the DA can examine from other angles what other laws have been utterly ignored. Even with remote work, someone checking into the building and their ID doesn't check out of the building, that should've triggered some form of alert to the management to check and correct the discrepancy to ensure both employee safety and facility and data security.
And someone needs to examine what other audits aren't being conducted, as I'm certain anything this lax proves that nebulous leadership has permitted other areas to have entirely absent security. In a financial sector business.
When I was working information assurance for the DoD, had this happened on my base, I'd have been looking for a new job with a spectacularly poor reference and I'd not have been alone!
1
-
1
-
@jb6712 it's a major Sarbanes Oxley Act violation, as they've literally zero access control security on their access control systems. They now should, by federal law, have to have a full Sarbanes Oxley audit, which can quite literally put a CEO in prison, should certain irregularities be present and I'm damned sure that there are.
Did information security for a living, this is beyond a big deal legally.
Someone dying at their desk can and does happen, should be noticed when that person doesn't leave work that day after their hours have been put in, as access to facility and resources is supposed to be logged. That's both for employee welfare and information systems security reasons.
With this level of non-security, I'd not trust a dog in their building that I don't like, let alone finances and family.
1