Tuesday, April 20, 2010

From the life of a CISO...

Two things you never want to hear (especially on the same day):



* From an IT director to the CISO: "There is no need to involve your group in the project yet-- we have not even decided on the product!"



* (overheard) Admin: "Do you think we should tell the security officer about this?" Manager: "no, he did not get in."



Now, I could do a full writeup about how important it is to include information security officers from before the planning stage of every project, and how even the slightest sign of unusual behavior should be brought to the attention of a security person, but I will not do that. These two quotes should speak for themselves.



No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.