1) The sales team of Sand Shell Inc. consists of six persons who use the e-mail

Question

1) The sales team of Sand Shell Inc. consists of six persons who use the e-mail service extensively for their communication with clients. One of the salespersons Bob is going on a vacation. His boss Charles asks Bob to give the password of his system and e-mail account to Alfred. This is done in order to address any urgent issues that may come up when Bob is on leave. Is this an ethical practice? Do you feel this action can cause any serious privacy issues? If yes what policy and technical solution do you feel the organization should have in place for such situations?

Explanation / Answer

Security principles to consider: Auditability - you need to keep accurate records of who did what when. If identities are shared then you're never sure who actually did what. Privileges - Access to respond to e-mail is given here but also a lot more. The essential access should really be only to e-mail and only to e-mail that is received while Bob is away. The access granted in this example could include personal e-mail, confidential employee-manager correspondence, as well files which Alfred may have no business accessing. Risk - If something were to happen to Bob's accounts or otherwise while Alfred had the credentials, Alfred would be blamed for it. Alfred is assuming additional risk by accepting Bob's credentials. How can Bob give Alfred only the access that he needs without opening up liability? Perhaps some forwarding of e-mail? Perhaps some specific sharing of only selected objects? Perhaps telling the customer(s) the situation? Perhaps telling them in some automated way? Hope this starts the thinking process.

Related Questions

Navigate

• Browse (All)
• Browse 1
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.