You can see why Bear's Stearns dropped quickly. Checklist's are not the problem with compliance. Implementors of compliance use checklists as a tool. The issue is due diligence, and ensuring as a manager that you are validating requirements using multiple methods. If all they relied on was a checklist - you're toast. Interviewing personel, process review, policy review, Automated scans of systems, individual system reports are how you verify the checklist. Typically, this is time consuming but if mid management and stakeholders don't follow due diligence and just check the box - it results in a greater risk to the business. Overreaching that risk cause situations like Bear Stearns.
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
Agreed
I would have to agree. Checklists should only be used as a guide to ensure all areas are being looked at. Companies are being forced to react to compliance rather than being given solid guidance on how to best secure their environments. This rush to compliance forces companies to cut corners, hire inexperienced staff, and ignore the true risks.
Companies must address their environment using a risk based approach that takes into account business and security requirements and take the time to architect solutions the right way the first time rather than focusing on the compliance flavor of the month.
Business processes failed due to dependance on IT
Basic Accounting principles are being forgotten as business managers depend on IT to do all the checks and balances. The CISO is worried about IT security, but doesn't dive deep enough into the business processes. Checklists are fine, if the right questions are on the lists. Did B-S fail due to lax accounting? Or lack of integrity? I'd say yes to both.
Post new comment