http://www.forbes.com/2010/04/20/security-policy-privacy-technology-cio-network-data.html

Commentary
Keeping Data Safe From IT Snoops
Mike Schaffner, 04.21.10, 06:00 AM EDT
How to improve data security and privacy.

*** begin quote ***

If possible, add a formal security role. This job isn’t just about limiting access and changing passwords. It involves looking at all of the processes from the user side as well as within IT. It is important that this role audit compliance and educate users and IT alike about security issues.

*** end quote ***

With all due respect to Forbes and the author, this is indicative of reactive and “after the fact” thinking.

“If possible”?

(Argh!)

Either Information Security, and it’s natural sidekick Business Recovery, are core functions of your infrastructure or they aren’t. If they are, then they are essential components of your Strategic Requirements with resources to accomplish their mission. If not, then this is lipstick on the proverbial pig.

You don’t say: “If possible, we should have a CFO.”!

Customers, Employees, Suppliers, and everyone are quick to pick up the implications of your deeds. Words don’t matter; actions do! Spot one of these “bolt on” “paper over” tactical cover overs and you should be looking for your replacement. Get away before they take you down with them.

What are your requirements? Else your next credit card statement may be delivered to Lagos Nigeria. There’s no substitute for “doing it right”. After the fact can never be right.

# # # # #