Security threats Toolkit
Story: NASA hacker is no Neo
Posted by: Arthur B. (Wednesday 22 June 2005, 10:00 PM)
Lack of liability is the cause here.
There are many people involved in the process of making some IT solution a reality. And a whole bunch more to ensure that it keeps doing what it's supposed to do for the rest of its life cycle.
However, in that whole chain of events and people of various companies involved there's no real liability in play.
"The computer did it" is nowedays greatest excuse to get away with practicely anything and the once-in-a-while time that someone needs to get the blame for something (usually loss of face, prolonged loss of availability, structural blundering or gross budget overruns) the finger of blame is pointed to some external event or person. Ofcourse happily agreed with by all those who are at least partly to blame for the mishaps in questions.
Also, most IT related projects start on the wrong foot to begin with. Initiated by reasoning that will not withstand the test of time and reality. By people that in general have no clue as to what impact there little IT project will have on all the aspects (technical, organisational, legal, health, safety, liability, availability, PR, security, etc, etc) of the entire company in the short and long term. So something is bound to go wrong somewhere in a way that can't be easily "reasoned away".
One thing standing out here is lack of maintenance. What's the first thing to get pushed to the back on the schedule or even thrown out of the window in budget or time restrained IT departments? Maintenance. But that's what keeps systems humming and secure. At the same time it's hard to explain, on paper, to the rest of the organization what the benefits are of all those spend costly hours on maintenance. Mind you, the systems that are to be maintained where bought with the tremendously ignorant idea in mind that all those systems would practicly manage themselves and the only extra thing needed is some trained monkey pushing the right buttons every now and then. Yeah, right. There are the benefits of hyped up PR filled with FUD and zero liability for you. Enjoy.
The "if it ain't broke don't fix it" attitude has two versions. One of realism and the more used one: as an excuse.
And as long as excuses and FUD are the driving force behind most IT environments (rather then cold hard facts) there will be a need for people or things taking or getting the blame.
Full Talkback thread
Story: NASA hacker is no Neo
-
very goog job:-) CAGRI -
A system that is required to have the best securit... Tony
-
I keep reading that 'it's not the fault of IT... Doug -
Lack of liability is the cause here.
There are man... Arthur B. -
By the the way what's the planet called?, it's our... Angel X
Back to: NASA hacker is no Neo
