[Owasp-leaders] email SOPs when employees are leaving OWASP

Timur 'x' Khrotko (owasp) timur at owasp.org
Wed Jul 2 21:10:29 UTC 2014


Sorry, I forgot to mention, that my latest proposal is not an extension of
the previous "double" account proposal, and not a solution to Samantha's
email address. My last text is to be judged in itself.

To put is simple, for me it seems to be inadequate to treat Foundation and
the staff as part of the community, if rules of the game are very different
in those two domains. I propose to make this division clear on symbolic
level also, thus preventing practical confusions.

And OK, I will reformulate it for the governance list with more emphasis on
the business problem that I sense, but may be wrong in my perception.

Regards:
Timur


On Wed, Jul 2, 2014 at 10:42 PM, Tobias <tobias.gondrom at owasp.org> wrote:

>  Hi Timur,
>
> am not fully convinced, but if you like, we could discuss this in detail,
> e.g. on the governance list?
>
> Just fyi: am kind of sitting on the fence, because at the moment I  don't
> really see us having a problem here giving ex-employees a new email address
> if needed and my hesitation with the different format for staff is that it
> might give our staff the feeling that they would not be separated from our
> community. And second that even though in theory semantically beautiful,
> that it could make life unnecessarily complex with multiple email accounts
> per person.
>
> In theory I can see the concept behind your idea, and my German heart may
> like it, but it does a bit feel like "over-engineering" for a problem we
> don't have.
>
> Possibly an approach would be to discuss a proposal on the governance
> list, depending on how many people have an opinion about this and then put
> it to a community vote.
>
> Just my 2cents.
>
> Tobias
>
>
>
> On 02/07/14 01:33, Timur 'x' Khrotko (owasp) wrote:
>
> Ok, Tobias, I am convinced that distinguishing board members by this
> tagging in the email id was a wrong idea.
>
> Probably distinguishing between owasp community members and the staff this
> way can still make sense. Consider tagging staff members by addresses like
> samantha.groves at staff.owasp.org. It is easy to manage suborganizations
> like 'staff' within our Google Apps domain. If she (anyone) remains
> community member, she can have/keep the @owasp.org email. On her exit
> from the staff the staff account is suspended/deleted, thus blocking access
> to documents is easily manged. In case a member becomes hired worker at the
> Foundation (Samantha returns :), she receives the staff account (again).
>
> Of course if the case of an employee becoming member of the community and
> continue their participation in the community after leaving the staff is
> not a significant case, than the ugly tagging like
> john.malkovich.exemployee at owasp.org is still an option.
>  On Jul 1, 2014 10:12 PM, "Tobias" <tobias.gondrom at owasp.org> wrote:
>
>>  Hm, I don't think a special board member email account is necessary and
>> really like to be clear on one point because it seems to be a common
>> misconception for some people:
>> Board members as individuals have _*no*_ special authority or powers.
>>
>> Only the board as a whole group has authority over our organisation.
>> I think it is very important to really keep that fact in mind. Individual
>> board members need to be seen and treated as any normal active member of
>> our community. And in fact I would not want people to use email addresses
>> with the word "board" in them as that might give others the false
>> impression that an individual board member would have any special authority
>> or be talking on behalf of the board. (Only under rare circumstances would
>> this happen when one board member is effectively communicating the result
>> of a vote taken by the board.)
>>
>> Therefore, I think separate emails for board members are not required and
>> could in fact be misleading, communicating a false sense of authority.
>>
>> Also it is important to remember that the role of board member does not
>> have any operational powers or duties, like our staff have.  So e.g. when
>> people want to launch a project, have chapter questions, etc., our staff is
>> in charge.
>>
>> Board members can help with information about finding the right contact
>> person or help with advise on how OWASP works, or we can propose things to
>> the board for consideration or vote. All these things are more based on
>> knowledge, not on any special powers or authority of the individual. And
>> that is pretty much it.
>>
>> So if you send an email to a board member you should see this as sending
>> an email to any other OWASP leader with deep knowledge of our current
>> community. Compared to when you are sending an email to a staff member, you
>> expect certain operational things to happen.
>>
>> Small note: please note, that the board in our current restructuring may
>> assign responsibilities to members of the community like in the form of the
>> committees and leaders of the community (incl. board members) and also may
>> appoint an temporary ED when Sarah our current ED will be leaving. In this
>> case it is important to recognise that these responsibilities may be
>> assigned to a person (incl. to a board member) by the board, but are only
>> by assignment and not due to the mere aspect that a person is on the board.
>> (With one exception, as following our bylaws, the chairman of the board
>> does have some executive powers due to his role.)
>>
>> Best wishes, Tobias
>>
>>
>>
>>
>>
>> On 01/07/14 18:59, Timur 'x' Khrotko (owasp) wrote:
>>
>> Then probably the privileged accounts are to be signified as such:
>> tobias.gondrom at board.owasp.org
>>
>> Gapps provides so called suborganizations. You will then have two
>> accounts, one as OWASP member and one for your director role. Setting this
>> up as alias in your Gmail client is easy. Sensitive documents will be
>> shared with your director account then.
>>
>> Semantics is important in security, isn't it ,)
>>
>>
>

-- 
Email us to enforce secure link with your mail servers (domain).
This message may contain confidential information - you should handle it 
accordingly.
Ez a levél bizalmas információt tartalmazhat, és ekként kezelendő.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140702/c118c508/attachment-0001.html>


More information about the OWASP-Leaders mailing list