From the article: "The problem is that most management teams don't give IT the resources it needs to do its job, or the power to set and enforce policy when it comes to securing the services your business units dictate must be available."

Yeah, YOU tell the CEO or the President of your company, or the CIO that he can't have his new fangled smart-phone/pda hooked up because it wirelessly communicates circumventing the firewall. That'll real far. And you'll be looking for a job.

There is a mentality amongst higher management that I call "Corner Office Syndrome," wherein the higher the authority, the lower the respect for anyone else and the more they feel that rules, no matter how valuable, good, and needed (let alone based on legal requirements) do not apply to them. Add to this the salary that allows these people to buy whatever crap they want, and the rank to force down the pipe "install this on my computer" and you get trouble.

HIPAA makes this even more fun. "No sir, you can't because it's a federal law," although correct, doesn't fly. They look at you and say things like "I don't give a rat's bum about that! I want my Mindspring Treo 330 to connect, get my emails, and let me surf the web!"

And once you get that running, next month they have a new toy and the process starts over again... *sigh*

The problem is lazyness on the sysadmin's part ("patch, darn you!"); management being silly; not enough funding ("you can make it work on $20K less, right?"); and management technophiles bringing in "stuff" to make "work" with the systems in place.

God forbid you ever say "no." Couple that all with the average user not having a clue ("What do you mean, I can't email this 600MB PowerPoint doucument?"--only to learn later they printed it out (in full color, no less) and tried to fax it instead.)

Makes you want to kill for the love of killing, doesn't it?

Welcome to my world. Enjoy your stay.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/139/18035#18035