Ethical Situation Question
Comments
-
PCTechLinc Member Posts: 646 ■■■■■■□□□□Who uploaded the original report to the file server and who had access? If it was posted negligently to people who shouldn't have seen it but had access, then it's fair game. It's only when you abuse your power to get access to files you shouldn't. However, if someone was looking for it with say Administrator rights for the sole purpose of trying to find this report, that's where you could get in trouble.Now as far as what you should do, even though there are laws against whisteblowing, if someone wants you gone they'll find a way. Remember, it's not what you know, it's what you can PROVE that matters. Otherwise it's circumstantial. If I were in your position, I wouldn't say anything unless 1) I wasn't worried about losing my job or 2) I already had another opportunity. For me, preservation of self is the most important.Master of Business Administration in Information Technology Management - Western Governors University
Master of Science in Information Security and Assurance - Western Governors University
Bachelor of Science in Network Administration - Western Governors University
Associate of Applied Science x4 - Heald College -
jah8887 Member Posts: 82 ■■■□□□□□□□The financial officer uploaded it of course with just domain admins and themselves to see the report. I kinda know he is looking to outsource the whole IT department because the first day on the job here he said we don't need an IT department and we don't need a server room. I have already currently been applying elsewhere and had several interviews and 1 of them that I am well suited for I will know this week if I got it. I just would hate to see that the chair people only see this twisted report making me and the department look like we don't know what we are doing and are idiots or whatever you want to say. I really don't want to say something for fear of getting in trouble but at the same time I feel like the truth should be told. Thanks for helping me in this situation.
-
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□Dont try to do the "correct thing" just move on. Find a new job. Then "IF" someone higher ask why you left... tell him "unofficialy" the real story.
-
yoba222 Member Posts: 1,237 ■■■■■■■■□□Can't think of how to phrase an analogy for it, but sounds like a risky battle to win a war not worth the fight.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
JDMurray Admin Posts: 13,099 AdminIt sounds as if there is a serious lack of respect now in that environment. Don't try to figure out the new management's secret business strategy. Just move on and don't look back.
-
iBrokeIT Member Posts: 1,318 ■■■■■■■■■□Yikes, I can imagine it is very difficult to watch this slow moving train wreck starting to take shape. However, it is not your position in the company to correct/expose poor strategy decisions by executive leadership and doing so could potentially get you fired despite being correct.
You have to remember, you do not own this company or the IT department. You are only there to be a good steward of the IT systems and if they want to go with another IT support model then that is absolutely their right however shortsighted that may be.2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
shochan Member Posts: 1,014 ■■■■■■■■□□Have you ever seen the movie Glengarry Glen Ross? this reminded me of itCompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
-
UnixGuy Mod Posts: 4,570 ModThis is pure politics, and it's ugly. No point trying to guess why the CEO is doing this, they clearly have an agenda and unfortunately they're more powerful in this situation. They might be planning to get rid of the IT department or through someone under the bus - or who knows. It doesn't matter now.I wouldn't try to change a thing, stay in the company if you see it benefit you, otherwise jump ship asap. It sounds like a sinking ship anyway.
-
Kasor Member Posts: 934 ■■■■□□□□□□A toxic management will do more harm than good to anyone. Maybe this is the indicator for you to find a better IT job somewhere else. Also, I am wondering what type of audit that they are focusing on?Kill All Suffer T "o" ReBorn
-
beads Member Posts: 1,533 ■■■■■■■■■□Likely a SOC 2 type of audit, centered on PPGS (Policy, Proceedure, Guidance and Standards), first otherwise it wouldn't be much of an audit. From there you can look at the efficacy of how a small department is meeting the organizations needs, identifying gaps in everything from strategy and funding to questioning the skill level of the players involved. Maybe a fishing expedition, maybe not. Are there any compliance based needs being assessed? HIPAA, PCI-DSS, etc.Given the fact that management sounds toxic, means this is probably a "shot fired accross the bow", leading to a "reorganization" of the department. Without having more information, its hard to tell.Good luck and continuously update that resume!- b/eads
-
TechGromit Member Posts: 2,156 ■■■■■■■■■□jah8887 said:The financial officer uploaded it of course with just domain admins and themselves to see the report. I kinda know he is looking to outsource the whole IT department because the first day on the job here he said we don't need an IT department and we don't need a server room.
I'm not a fan of outsourcing, but there are times where outsourcing some of IT operations make financial sense. Outsourcing the entire IT department, with the chief financial officer making the outsourcing decisions, what the worse that could happen? A lot. First time a network switch fails, with no onsite IT staff, it could take days for a vendor look at it. The financial officer is probably a penny pincher, he's not going to pay the extra cost of for 24/7 support, so it's next business day. Not to mention if there no spare switches onsite, it's wait for Cisco to ship you a replacement, assuming they even have Cisco equipment, Netgear is way cheaper, think of how much money we can save.
At the absolute minimum, every company should have onsite there own domain controllers so users can log into the network and a share drive file server so users can get to there files. If off site network connectivity goes down, your business is dead in the water. A local network guy comes in handy too.
Still searching for the corner in a round room.