When your boss goes full retard and asks you to bring 3 PCs from workplace just so you can work at home during pandemic. And to switch from project to project i'll have to unplug the other PC then plug everything back on the other one. Seriously WTF?

  • 7
    Guessing your boss has never heard of git..? Or... The concept of folders? Lol
  • 3
    @ScribeOfGoD he does but since we are working with other people's upwork accounts we can't switch accounts on time tracker which is another bullshit
  • 6
    @Areg What??? He switches computers becuase of time tracking software?

  • 2
    @magicMirror i know, its unbelievably retarded
  • 2
    @ScribeOfGoD I guess you never heard of security, separating projects, encryption of LOCAL stations, and ISO 27001.
    This point was the hardest with switching to remote work for us
  • 0
    @NoToJavaScript better that than this 😂
  • 0
    @NoToJavaScript Oh. oh god 🤦‍♂️
  • 2

    Why ?
    Do you let your dev working on their own PC ? (iso FAIL)
    Do you have multiple projects on the same PC ? (ISO fail)
    Do you have encryption for hard drives (ISO fail)
    Do you data exfiltration policy and monitoring ? (When ANY user of your organisation open a file it logs it) ? (ISO fail)
    Do you have proper security at home as video cameras, digital access etc ? (ISO fail)
    Do you work with anonymized data ? (ISO fail)

    So, yes, it’s very difficult to set up a remote work respecting ISO 27001
  • 0
    First of all, let us clear who is the actual boss here
  • 2
    @NoToJavaScript None of this is a part of ISO 27k standards. ISO 27k standards define how a business should identify and manage risks to data confidentiality, integrity, and availability. Under ISO 27k it's perfectly acceptable

    - for a dev to work on their own PC, as long as they can't access / store confidential data, and business has measures in place to protect from potential viruses they could have on their PC
    - to have unencrypted disks if they don't contain sensitive data
    - to only have exfiltration and monitoring for sensitive data

    Every single thing you listed is something your company determined to be a potential security threat based on the way your company operates. There's plenty of ways those threats could be taken care of under ISO 27k, for example by changing processes and operations. ISO 27k even allows for stakeholders to take no action about a threat and accept the risk as a valid way of handling a threat, as long as they're aware of it.
  • 0
    @hitko Thank you for a good laugh.
  • 2
    Why do any work at all? pretty sure thats an Iso fail right there!
    Operations that actually need this, have some stupid "remote" dev solution - where each dev gets access to a remote VM - the work PC has only a Thin client installed. This setup is total shit to work on.
  • 2
    @magicMirror I Agree, that's why his boss gave him directlly physical PCs.

    The most chllanging point is "residence security", we are fortunate that all devs live in buildings with CCTV and some kind of acess control
  • 0
    As previously mentioned: GTFO Now!
Add Comment