Security's Everyman

Security's Everyman

Tuesday, August 14, 2007

Shunned by the WSJ

After my letter to the author of the WSJ article "Ten Things Your IT Department Won't Tell You" I was contacted by the author. She thanked me for my comments and told me that she would do a follow up article and asked for my input. The topic was to be something along the line of what the IT department wants users to know. I decided that since I was quick to criticize I would also give my input on how to be a better user.

After thinking about it I decided that my advice was to basically ignore the advice given in the original article. I was a little more tactful than that but that was the essence of it. I pontificated on the virtues of NOT trying to skirt company policy and why it was a bad idea for security reasons and such. Well today she published her new article and lo and behold my advice was NOT included. Why? Is it because she had better advice from others? Possible. Is it because it didn't fit with the nature of the article? Possibly. Is it because I told everyone to ignore her first article? Hmmmm.

Of course I probably will never really know why and it's very possible that it has nothing to do with that, but I will always wonder.

4 comments:

Alex said...

Andy,

I wouldn't take it personally :)

Rob said...

Hi Andy, you'll see that I was quoted, but what I submitted to her, 3 pages of advice which can be found on my blog, was not included either, just a pretty pathetic piece of advice about shortcuts.
You're right to say she's just used what suits her. I would say it's a waste of time, but I got a few good posts out of it and it's brought us all closer together!
By the way, I also submitted a piece originally saying "do everything the opposite of what you said before" and she came back with "I don't want to rehash an old story". Convenient.
It's almost as if she's been told to write the article to get people off her case, but didn't really want to apologise...

Rob Lewis said...

Andy (and Rob);

I just wanted to point out that what the original article did demonstrate was the need for a kernel level policy enforcer (such as Trustifier of course) to prevent end runs around security policy by IT personnel, or any authorized user.

Allen Baranov, CISSP said...

Hi Andy,

Since I didn't actually post her a mail I'm sure the WSJ writer didn't even know about my WSJ rant but even so I think she would have ignored it.

I started writing a comment but it got a bit long so I made a blog post rather. It is here but it really says that the WSJ got it wrong again.

Security Policies are not made by IT, they are made by Information Security and signed off by Management. Break them and the Boss will be angry.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.