Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Morning Safety Dance

View
17 Replies. 1 pages. Viewing page 1.
< Newer [ 1 ] Older >

17. Re: Morning Safety Dance Oct 5, 2017, 09:30 RedEye9
 
jdreyer wrote on Oct 5, 2017, 02:02:

Oh, no. That CEO took the blame, and he resigned. He also took the $90M severance package.
That's one helluva golden parachute.
 
Avatar 58135
 
https://www.newyorker.com/humor/borowitz-report
Reply Quote Edit Delete Report
 
16. Re: Morning Safety Dance Oct 5, 2017, 06:39 Beamer
 
jdreyer wrote on Oct 5, 2017, 02:02:
Cutter wrote on Oct 4, 2017, 15:30:
Just think, a scant 60 years ago Truman made popular "the buck stops here" as a motto for personal responsibility. And whilst those at the top continue to espouse such sentiments, 'take responsibility, take ownership, etc.' it's all fine and dandy until the very moment it applies to them, and all of a sudden it's Sgt. Schulz from Hogan's Heros, "I know nothing!"

Oh, no. That CEO took the blame, and he resigned. He also took the $90M severance package.

He retired with the package. He most likely will not keep it.
 
-------------
Music for the discerning:
http://www.deathwishinc.com
http://www.hydrahead.com
http://www.painkillerrecords.com
Reply Quote Edit Delete Report
 
15. Re: Morning Safety Dance Oct 5, 2017, 02:02 jdreyer
 
Cutter wrote on Oct 4, 2017, 15:30:
Just think, a scant 60 years ago Truman made popular "the buck stops here" as a motto for personal responsibility. And whilst those at the top continue to espouse such sentiments, 'take responsibility, take ownership, etc.' it's all fine and dandy until the very moment it applies to them, and all of a sudden it's Sgt. Schulz from Hogan's Heros, "I know nothing!"

Oh, no. That CEO took the blame, and he resigned. He also took the $90M severance package.
 
Avatar 22024
 
Stay a while, and listen.
Reply Quote Edit Delete Report
 
14. Re: Morning Safety Dance Oct 4, 2017, 16:48 Beamer
 
mixma242 wrote on Oct 4, 2017, 14:28:
Beamer wrote on Oct 4, 2017, 13:40:
Bumpy wrote on Oct 4, 2017, 13:07:
Guess what Mr. CEO finger pointer, you are in charge and responsible for that 'one' person.

In fairness, a software update is something no one should expect a CEO to pay any attention to. It's mundane and not worth his time.

(Snip)

If your CEO is paying attention to system upgrades, you hired the wrong CEO. He shouldn't have any understanding of that. Those skills don't make for a good CEO.

Look, no one expects a CEO to be technical. But relying on an individual to perform a mission critical task with no oversight is amateur hour and is a failure of due diligence. There should be an entire process where a change is written, there is peer review, change is performed, and there is post change testing.

Yes, the CEO has a responsibility to make sure that is happening. That is part of his job. He doesn't write the process but he must maintain oversight of those to whom he delegates it to.

This isn't a new or obscure idea. I myself have worked from within that framework for over 15 years, three large multinational corporations, and the Department of Defense. There are entire books written about it, as well as international standards. That a large corporation like Equifax would fail at this is shocking. Their business is literally handling personal identification information.

Don't let them off easy. This is not the failure of just some IT dude. Their system failed to catch this.

I said he deserved to be fired.
But this will never change. I know we have a lot of sys admin types here, but that stuff is liter below the ceo level. He can't know every time there's an update. He just can't. His cio must. And if the cio thinks it was applied, there's no way for the ceo to verify this. Unlike things that definitely hit the balance sheet.

So yes, he needed to be fired. But he wasn't in a good position to check up on this, and no ceo ever will. This was a fairly routine it function, and while a CEO bears responsibility for a major breach, they'll never be even remotely involved in routine it maintenance. Much like if the cafeteria isn't hygienic enough and poisons the staff he gets fired but he won't be involved in that part of the business, either.

You're acting as if I said it was the one dude who bore the responsibility. Read what I said about the cio.
 
-------------
Music for the discerning:
http://www.deathwishinc.com
http://www.hydrahead.com
http://www.painkillerrecords.com
Reply Quote Edit Delete Report
 
13. Re: Morning Safety Dance Oct 4, 2017, 15:30 Cutter
 
Just think, a scant 60 years ago Truman made popular "the buck stops here" as a motto for personal responsibility. And whilst those at the top continue to espouse such sentiments, 'take responsibility, take ownership, etc.' it's all fine and dandy until the very moment it applies to them, and all of a sudden it's Sgt. Schulz from Hogan's Heros, "I know nothing!"
 
Avatar 25394
 
You've got to be cruel to be kind...in the right measure.
Reply Quote Edit Delete Report
 
12. Re: Morning Safety Dance Oct 4, 2017, 15:28 Mordecai Walfish
 
eRe4s3r wrote on Oct 4, 2017, 12:44:
How is this company even still legally allowed to operate.... corruption?

The government recently awarded them a 7 million no-bid contract, within the past couple weeks here, so it would appear so.
 
Avatar 56178
 
         
"No, let me clarify - if you don't watch it, I'll be wearing your ass for a shoe."
Reply Quote Edit Delete Report
 
11. Re: Morning Safety Dance Oct 4, 2017, 14:48 Creston
 
I bet it was the same guy who installed all those cheat devices in every Volkswagen/Audi/Porsche diesels, huh? That bastard! Shakefist

Someone please set the former Equifax CEO (and CIO) on fire. Then post video of it.


 
Avatar 15604
 
Reply Quote Edit Delete Report
 
10. Re: Morning Safety Dance Oct 4, 2017, 14:46 Steelcamp
 
Good luck on the test,
- Steelcamp, CISSP since 2010


mixma242 wrote on Oct 4, 2017, 12:45:
At the moment I am studying for the CISSP (Certified Information Systems Security Professional). The CISSP is a high level security cert, and here is a direct quote:

"Security governance is not and should not be treated as an IT issue only. Instead, security affects every aspect of an organization. It is no longer just something the IT staff can handle on their own. Security is a business operations issue. Security is an organizational process, not just something the IT geeks do behind the scenes."

It goes on to emphasize that senior management must be engaged in business security and that they have the ultimate responsibility, not the IT department.

This dude received compensation in the tens of millions, yet apparently didn't understand how a critical part of his company operated. To me this is a clear failure of due care. This CEO should man up and take responsibility. You get paid crazy money for a reason.
 
-------------------------------------------
Where's my BB gun?
Reply Quote Edit Delete Report
 
9. Re: Morning Safety Dance Oct 4, 2017, 14:30 Creston
 
mixma242 wrote on Oct 4, 2017, 12:45:
At the moment I am studying for the CISSP (Certified Information Systems Security Professional). The CISSP is a high level security cert, and here is a direct quote:

"Security governance is not and should not be treated as an IT issue only. Instead, security affects every aspect of an organization. It is no longer just something the IT staff can handle on their own. Security is a business operations issue. Security is an organizational process, not just something the IT geeks do behind the scenes."

It goes on to emphasize that senior management must be engaged in business security and that they have the ultimate responsibility, not the IT department.

Agree 100%. Sadly, this still seems to utterly baffle 99.99% of all corporate users out there.
 
Avatar 15604
 
Reply Quote Edit Delete Report
 
8. Re: Morning Safety Dance Oct 4, 2017, 14:28 mixma242
 
Beamer wrote on Oct 4, 2017, 13:40:
Bumpy wrote on Oct 4, 2017, 13:07:
Guess what Mr. CEO finger pointer, you are in charge and responsible for that 'one' person.

In fairness, a software update is something no one should expect a CEO to pay any attention to. It's mundane and not worth his time.

(Snip)

If your CEO is paying attention to system upgrades, you hired the wrong CEO. He shouldn't have any understanding of that. Those skills don't make for a good CEO.

Look, no one expects a CEO to be technical. But relying on an individual to perform a mission critical task with no oversight is amateur hour and is a failure of due diligence. There should be an entire process where a change is written, there is peer review, change is performed, and there is post change testing.

Yes, the CEO has a responsibility to make sure that is happening. That is part of his job. He doesn't write the process but he must maintain oversight of those to whom he delegates it to.

This isn't a new or obscure idea. I myself have worked from within that framework for over 15 years, three large multinational corporations, and the Department of Defense. There are entire books written about it, as well as international standards. That a large corporation like Equifax would fail at this is shocking. Their business is literally handling personal identification information.

Don't let them off easy. This is not the failure of just some IT dude. Their system failed to catch this.
 
Reply Quote Edit Delete Report
 
7. Re: Morning Safety Dance Oct 4, 2017, 13:40 Beamer
 
Bumpy wrote on Oct 4, 2017, 13:07:
Guess what Mr. CEO finger pointer, you are in charge and responsible for that 'one' person.

In fairness, a software update is something no one should expect a CEO to pay any attention to. It's mundane and not worth his time. But the CTO/CIO needs to, and the CEO is where the buck stops, so he was rightfully fired.

But other than the CIO saying in an executive meeting "we did it," there's no reason to expect a CEO to know more. If your CEO is paying attention to system upgrades, you hired the wrong CEO. He shouldn't have any understanding of that. Those skills don't make for a good CEO.
 
-------------
Music for the discerning:
http://www.deathwishinc.com
http://www.hydrahead.com
http://www.painkillerrecords.com
Reply Quote Edit Delete Report
 
6. Re: Morning Safety Dance Oct 4, 2017, 13:07 Bumpy
 
Guess what Mr. CEO finger pointer, you are in charge and responsible for that 'one' person.  
Reply Quote Edit Delete Report
 
5. Re: Morning Safety Dance Oct 4, 2017, 12:45 mixma242
 
At the moment I am studying for the CISSP (Certified Information Systems Security Professional). The CISSP is a high level security cert, and here is a direct quote:

"Security governance is not and should not be treated as an IT issue only. Instead, security affects every aspect of an organization. It is no longer just something the IT staff can handle on their own. Security is a business operations issue. Security is an organizational process, not just something the IT geeks do behind the scenes."

It goes on to emphasize that senior management must be engaged in business security and that they have the ultimate responsibility, not the IT department.

This dude received compensation in the tens of millions, yet apparently didn't understand how a critical part of his company operated. To me this is a clear failure of due care. This CEO should man up and take responsibility. You get paid crazy money for a reason.
 
Reply Quote Edit Delete Report
 
4. Re: Morning Safety Dance Oct 4, 2017, 12:44 eRe4s3r
 
How is this company even still legally allowed to operate.... corruption?  
Avatar 54727
 
Reply Quote Edit Delete Report
 
3. Re: Morning Safety Dance Oct 4, 2017, 12:12 RedEye9
 

Fall guy found. crisis averted
 
Avatar 58135
 
https://www.newyorker.com/humor/borowitz-report
Reply Quote Edit Delete Report
 
2. Re: Morning Safety Dance Oct 4, 2017, 12:08 Tipsy McStagger
 
Pigeon wrote on Oct 4, 2017, 09:59:
‘As CEO I am responsible for what happens on my watch; out of my thousands of employees I failed to notice THAT GUY! *points to random schmuck eating a sandwich* didn’t do his job. One idiot screwing everything up, you can’t regulate that, or hold me or the company responsible in anyway, there’s absolutely nothing we could have done, so case closed, no need to dig into the company’s security habits or question why we’re allowed to collect so much personal information, cause it was all THAT GUY’S fault.’

Well the sacrificial goat has been offered let's see if the government eats it.

Government- "Good enough for me"
*begins lynching*
 
Avatar 57660
 
Reply Quote Edit Delete Report
 
1. Re: Morning Safety Dance Oct 4, 2017, 09:59 Pigeon
 
‘As CEO I am responsible for what happens on my watch; out of my thousands of employees I failed to notice THAT GUY! *points to random schmuck eating a sandwich* didn’t do his job. One idiot screwing everything up, you can’t regulate that, or hold me or the company responsible in anyway, there’s absolutely nothing we could have done, so case closed, no need to dig into the company’s security habits or question why we’re allowed to collect so much personal information, cause it was all THAT GUY’S fault.’

Well the sacrificial goat has been offered let's see if the government eats it.
 
Reply Quote Edit Delete Report
 
17 Replies. 1 pages. Viewing page 1.
< Newer [ 1 ] Older >


footer

Blue's News logo