Hacker News new | past | comments | ask | show | jobs | submit login

I don't work there but I imagine when this happens it's because the employee needs access to the resource for some legit reasons, but accessing it for illegitimate reason is what amounts to the violation. So access controls here would amount to reviewing the reasons for the access.



Solution would then be to ask for and log the reason for the access. Possibly with an approval needed by a second person. You can still lie about why you need access, but at least it is logged then.


I'm sure they do this--but the rogue employee still gets access and OP was saying access should be prevented in the first instance.


Meta does this.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: