Ex-Employee Busted For Tampering With ERP System 178
ErichTheRed writes "Here's yet another example of why it's very important to make sure IT employees' access is terminated when they are. According to the NYTimes article, a former employee of this company allegedly accessed the ERP system after he was terminated and had a little 'fun.' 'Employees at Spellman began reporting that they were unable to process routine transactions and were receiving error messages. An applicant for his old position received an e-mail from an anonymous address, warning him, “Don’t accept any position.” And the company’s business calendar was changed by a month, throwing production and finance operations into disorder.' As an IT professional myself, I can't ever see a situation that would warrant something like this. Unfortunately for all of us, some people continue to give us a really bad reputation in the executive suite."
Because "IT People" are not "Professionals" (Score:1, Interesting)
I have been mulling over this fact for a while now and some conclusions have been forming that I find to be extremely disturbing.
1. Degrees in "IT" are worthless in that they do not pertain particularly well with technology as it seems to evolve very quickly.
2. Degrees in "IT" are worthless because there is no one standard like there is with law and medicine.
3. As a resort against the first two problems, the industry has favored "certifications" but the problem with that is they become little more than fancy product endorsements which, as many of us know, does not guarantee real knowledge or understanding, but only guarantees that someone has been listed as passing a test in some database somewhere.
I think item 3 really needs to be appreciated. It's all about the cert isn't it? And these certs are in specific brands and ranges of products... often specific products. Imagine (warning-- car analogy) you were pulled over by a cop and you are asked for your license to drive. You are then arrested because your license does not cover you make or model of the car you are driving.
Obviously that doesn't happen because a driver's license covers general knowledge and understanding of the rules of the road and knowledge of standards about driving and signage and the like.
Why can't we have such standards for IT? Well, for starters, companies like Microsoft can't handle standards. They have to make everything proprietary so that they can manipulate and dominate markets. This is a similar problem with Cisco though they do it all to a much lesser degree and at times use different terminology instead of different technology. (Though clearly proprietary Cisco protocols exist.)
For all of those people who have been a bit confused about the issue of standards and especially "open" standards, this may be a key issue which might help you understand why standards are so important. At present, standards are quite literally owned by business entities in part or in whole and the right to live by them come at a price... or several prices.
As a result of all of this, practitioners of IT are not all the same and can't be held to any given standard of any sort whether it is conduct or knowledge or standards of practice.
IT People are not "Professionals" as much as we would like to think we are. We can behave that way. We can dress that way. We can follow "standards" but which ones? There are so many. And so many products to endorse along the way. We are as "professional" as NASCAR drivers with dozens of logos plastered on our resumes.
How did this all happen? We can thank the likes of Microsoft for this. And until real standards are adopted world-wide, we cannot have a way forward out of this mess. Thanks to Microsoft's [successful] efforts to corrupt ISO standards, even "standards compliance" may not be an option. And who does it harm?
It harms YOU if you want to be considered to be "Professional."
It's business as usual... (Score:5, Interesting)
You think that is bad?? (Score:5, Interesting)
At a small company I worked for years ago there was a tendency to fire accountants (who simply didn't agree with the CFO). Turns out the CFO was embezzling funds and a number of folks just didn't want to go along with the program. So one day the CFO fired this one accountant and it was pretty bitter.
As the IT director I had advised the CFO many months earlier that IT needs to oversee all the software and accounts in the company as it is a security matter. He agreed to all but the accounting software and its controls (he didn't want anybody seeing his criminal ways).
So one day after firing the accountant, someone writes a $1,000,000 dollar check to a customer and it gets processed. Suspicious turns to the accountant having access, but there is no proof. The CEO and CFO both stop by my cubicle complaining how could this happen?? I simply told them you advised me several months back not to put the accounting software or user accounts under any IT control, even after I had warned you of the security dangers. We can't firewall a separate system that IT is not in charge of or have credentials to... Frustrated they walked away, annoyed like they couldn't blame someone for their stupidity.
I kind of felt sympathy for that accountant, although he probably should of contacted the authorities. I had not way of knowing, except rumors you hear. Pretty ballsy, but that's what happens when suits have their ego and lack of ethics... Eventually there was an investigation on the books and things flew wide open. I left the company prior to it hitting the fan.