Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Culture of Accountability

from [Andrew Shore] Network Security [Permanent Link]
Subject: RE: Culture of Accountability
Date: Mon, 3 Apr 2006 13:42:10 +0100 
The issue of accountability equates to blame, the problem then is that
when something goes wrong some one is left to carry the can. This leads
to a culture of people covering up to dodge the blame, this in turn
means that when a security failure occurs it is very difficult to find
out what went wrong and how to stop it again.

 

This is the theory used by the aviation industry.

 

It's better to find out what went wrong than it is to point the finger,
that way we all learn from the mistakes.

 

That's not to say that the buck has to stop somewhere but in my
experience the buck will stop at the guy who is so far removed from the
"hands on and dirty" part of the job that he really can't be "blamed" ie
the VP for IT security can't check that every firewall rule is valid.

 

But yes, this should get an interesting thread going :-)

 

Just my 2c

 

Andy  

 

________________________________

From: Brad Bemis [mailto:bradleyb@bradleyb.net] 
Sent: 02 April 2006 21:19
To: security-management@securityfocus.com
Subject: Culture of Accountability

 

Security is a function of a strong control environment - and
accountability is one of its central themes.  I am interested to hear
how some of you have approached the issue of accountability in your own
organizations...  More from a practical implementation-oriented
standpoint and less on theories about how accountability SHOULD work...


 

Should be an interesting topic...

 

Brad Bemis, CISSP, CISA

Information Security Professional
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Reports for Exec Management, Crayola
Next by Date:  RE: Culture of Accountability, kathy . kirk
Previous by Thread:  Culture of Accountability, Brad Bemis
Next by Thread:  RE: Culture of Accountability, kathy . kirk
Indexes:  [Date] [Thread] [Top] [All Lists]