- Case Number: a20120418.1
- Status: closed
- Claimants: Wytze van der Raay
- Respondents: Martin Simons
Initial Case Manager: AlexRobertson
Case Manager: LambertHofstra
- Date of arbitration start: 2012-10-27
- Date of ruling: 2012-10-31
- Case closed: 2012-10-31
- Complaint: ABC Request over Martin Simons
- Relief: TBD
Before: Arbitrator UlrichSchroeter (A), Respondent: Martin Simons (R), Claimant: Wytze van der Raay (C), Case: a20120418.1
2012-04-18 (issue.c.o) case s20120418.179
- 2012-05-05 (iCM): added to wiki, request for CM / A
2012-10-24 (A): I'll take care about this case as (A), and LambertHofstra as (CM)
2012-10-24 (A): notification with invitation to ABC interview on Sat 2012-10-27 at T-Dose sent to (C), (R), (CM)
- 2012-10-24 (A): init mailing sent to (C), (R), (CM) with request for CCA/DRP acceptance and to (R) with request for CV and reference list
- 2012-10-24 (A): request to (Support): assurances received by (R), assurances given by (R) if he is an assurer
- 2012-10-24 (R): accepts ABC interview schedule
- 2012-10-24 (C): accepts ABC interview schedule
- 2012-10-24 (C): sends copy of CV originaly rcvd from (R) to (CM), (A), (R)
- 2012-10-25 (Support): [s20121024.59] sends requested infos
- 2012-10-26 (A): requesting still missing informations from (R)
- 2012-10-26 (A): answering side notes by (C) of (C)'s reply to initmailing to (C)
- 2012-10-26 (C): clarification to side notes issues
- 2012-10-26 (R): 2 references forwarded - Frits (REF1)
- 2012-10-26 (R): 2 references forwarded - John (REF2)
- 2012-10-26 (REF2): reply
- 2012-10-26 (A): reply to (REF2) answer
- 2012-10-26 (R): reply as requested
- 2012-10-26 (REF2): reply #2 with info of availability
- 2012-10-26 (A): reply to (REF2)
- 2012-10-26 (REF4): I'm contacting you because of arbitration case a20120418.1. (R) contacted me that he needs references of a position as Critical Sysadmin within CACert.org. Open question
- 2012-10-26 (A): reply to (REF4) questions
- 2012-10-26 (REF4): replied
- 2012-10-27 (A): ABC interview at T-Dose, Eindhoven, NL with (C), (R), (CM)
- 2012-10-29 (REF1): replied
- 2012-10-30 (A): asking (R), whats the full name of email given and referenced as (REF3)?
- 2012-10-30 (R): clarification about email address given, identified as (REF3), its a secondary email address of (R), so there is no reference #3
- 2012-10-30 (A): sending protocol transcript of ABC interview to (CM) to add his notes and for review
- 2012-10-30 (A): contacting one reference by email for clarification of relation to (R)
- 2012-10-30 (REF2): sends in the requested info
- 2012-10-31 (A): sending final protocol transcript of ABC interview to (CM)
Original Dispute, Discovery (Private Part) (optional)
Link to Arbitration case a20120418.1 (Private Part)
EOT Private Part
- It is presumed that claimant in role as Critical sysadmin accepts CCA, by role under SP.
- and accepted in reply to initial mailing
- (R) Assurance state
- 8 assurances rcvd, with more then 100 AP
- CCA/DRP acceptance received by
- (R) at the interview meeting
- CV and references rcvd
- ABC interview scheduled for Sat 2012-10-27 16:00 at T-Dose, Eindhoven with (R), (CM), (A), (C). Interview did happen.
- contact infos of (R) received
- Interview about technical skills of (R) did happen in March 2012 by (C)
The ruling consists of two parts.
- The first question is whether the candidate in question should be considered reliable enough to gain access to CAcert systems and data as part of (R)'s work for CAcert. I hereby come to the following ruling:
The background check has not revealed any material issues in conflict with a role under Security Policy (SP).
- During the interview, all relations to problem areas that are subject to the ABC interview was discovered and observed during the interview, and discussed. No relationship has been found that represents a material threat to CAcert.
- Based on (R)'s long time experience in the IT business area at least over a decade with jobs at several companies and projects (CV list goes back to 1999) and the answers given in the interview shows that (R) is considered reliable enough to gain access to CAcert's critical systems. With his knowledge about procedures in big companies in general he has the background knowledge to follow and fulfill CAcert's procedures in the critical area. Potential conflicts of interests have been discussed in the interview, including elements that could turn into CoI's in the future, but currently no CoI's have been identified. Technical skills have been discovered in an interview between (C) and (R) back in March 2012.
- For a recommendation on continued training in the areas of data security, social engineering, and other relevant fields I come to the following ruling:
- Investigation of potential weaknesses in social engineering revealed that (R) had some familiarity with this topic. I recommend further training in this area. A first lesson in this area was given by interviewer.
However (R) has knowledge about Policies and Rules work in major companies, we've discovered lesser knowledge about CAcert's policies and procedures in detail. So therefor my recommendation to the teamleader is, to continue with the advises that we've started in the ABC interview. (R) to study CAcert's Security Policy in the SVN and CAcert's Security Manual in the wiki. Also the System Administration documentation in the wiki, especialy the System Administration - Procedures to become familiar with the CAcert specific rules and procedures framework.
- 2012-10-31 (A): ruling and close notification sent to: (C), (R), (Board), (CM)
- 2012-10-31 (A): case closed