Security's Everyman

Security's Everyman

Thursday, August 02, 2007

On Open Letter to the WSJ

This is an email that I sent to the WSJ writer and her editors regarding the article "Ten Things Your IT Department Won't Tell You"

You can also read some more good thoughts on this article here, here, and here.
__________________________________________________________________
Ms. Vara,

Isn't it good to live in a country where you have the freedom to be an irresponsible reporter? You don't have to live with the consequences of your own actions here. You can just speak your mind, reveal your little secrets and move on to your next assignment. Maybe your next article can tell people how they can steal confidential company data. Oh wait, you did that in this article.

As a security professional my days are filled with trying to protect the assets of my company. I strive to educate my users to practice safe security and not do things that will put the network or the company at risk. Your article has just thrown lots of work out the window. I realize that you have a "The Risk" section for each trick, but that doesn't diminish the fact that you are telling people how to break the rules, policies and procedures that are in place for security. This will put the company at risk and the offending persons job at risk. Not to mention the fact that people will use the work-arounds that you suggest even if they know better because now they know how.

Your attempt to justify your position by calling in hacking and security pros does little to nullify the bad advice that you are giving to people. It's NEVER a good idea to encourage people to do things that they are not supposed to do. Just because either you or anyone thinks that Security is being too strict or that it's just easier to do it at work does not justify such actions. Your attempt to say that if you take work home then you should be able to take home to work is also a very weak argument. If you take work home it should only be because you have a legitimate business need and it has been approved by Management and Security. Not to mention that your home network and PC should also be checked and approved before use. Carelessness such as this only leads to problems.

Sincerely,

Andy Willingham
http://andyitguy.blogspot.com
http://www.linkedin.com/in/andyitguy

4 comments:

Kai Roer said...

Hi Andy, we are on the same page here! Thanks!

Andy, ITGuy said...

Whew! I was beginning to think that we were just destined to butt heads on most everything. :)

Michael said...

No big surprise here -- the New York Times and the Washington Post have been releasing secret details on the war on terror and on our troop movements for years. In the early 1940s this would have been called treason; today the wimps call it freedom of the press.

-Michael McCullough

Andy, ITGuy said...

Michael, I agree with you. We have gotten too soft on such things. And they wonder why we continue to have causalities over there and then whine about it.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.