When one of your staff starts spouting stuff like this:

"Mr. Childs had good reason to be protective of the password," Crane said. "His co-workers and supervisors had in the past maliciously damaged the system themselves, hindered his ability to maintain it ... and shown complete indifference to maintaining it themselves.

"He was the only person in that department capable of running that system," Crane said. "There have been no established policies in place to even dictate who would be the appropriate person to hand over the password to."

You know you have a problem. Ultimately, no one should have that level of ownership over a corporate system - never mind the risks of budding megalomania, what if they got sick, or hit by the proverbial bus? Or just went on vacation for 2 weeks?

The Childs case out of San Francisco seems extreme, but I'd guess that there are small scale versions of it everywhere...

Technorati Tags: security