Security Basics mailing list archives
Re: security not a big priority?
From: steve.dake () gmail com
Date: 19 Feb 2007 18:38:05 -0000
Wow. I must have many twins out there. This is too much like my last position. They brought me in to "head the security program" and come to find out, they simply wanted a "security person" to be responsible for all security issues, but with no political clout or backing to do anything about it. I worked hard at developing the policy, and processes needed. Working closely with internal audit and creating a "C level team of security champions" helped allot. The IT area however, depended on two very stubborn junior level admins that wanted to continue to rely on smoke and mirrors as they had since the 90's. Their boss and friend (the IT manager) was also my boss which created a major conflict of interest - they chose to perceive security as something that interfered with the shortcuts they had relied on for years (like 3 character passwords that never changed..) - it required them to do something different. The only concept they had of security was AV and a firewall, and they did not want to hear anything more. It was a totally reactive culture that never planned ahead...That was a nut that I could not crack, and eventually gave up. I hate to say it, but sometimes you have to leave uselessness behind and walk. I am much happier now working as a consultant. Its kind of amazing how you can write up findings and recommendations on the inside and no one takes it seriously, but as soon as an external consultant says the same thing, then bingo- now its a priority... I did learn from the experience:I will now be very mindful of the org and reporting structure, as well as how employees are rewarded and other individuals' job descriptions. With out proper incentive, you can not get people to change their habits - even if they know its wrong.
Current thread:
- Re: security not a big priority?, (continued)
- Re: security not a big priority? Francois Yang (Feb 15)
- Re: security not a big priority? crazy frog crazy frog (Feb 15)
- RE: security not a big priority? Nhon Yeung (Feb 15)
- RE: security not a big priority? Craig Wright (Feb 15)
- Re: security not a big priority? Henry Troup (Feb 15)
- Re: security not a big priority? saltynetguru (Feb 16)
- Re: Re: security not a big priority? Anonymous (Feb 19)
- Re: Re: security not a big priority? Jax Lion (Feb 19)
- Re: Re: security not a big priority? Alexander Bolante (Feb 20)
- Re: Re: security not a big priority? Jax Lion (Feb 19)
- Re: Re: security not a big priority? cwwoods (Feb 19)
- Re: security not a big priority? steve . dake (Feb 20)
- Re: Re: security not a big priority? mehtaharshal (Feb 21)
- Re: Re: security not a big priority? Jason P. Rusch (Feb 23)
- RE: Re: security not a big priority? David Gillett (Feb 26)
- Re: Re: security not a big priority? Jason P. Rusch (Feb 23)
- Re: security not a big priority? Francois Yang (Feb 15)