mixma242 wrote on Oct 4, 2017, 14:28:

Beamer wrote on Oct 4, 2017, 13:40:

Bumpy wrote on Oct 4, 2017, 13:07:
Guess what Mr. CEO finger pointer, you are in charge and responsible for that 'one' person.

In fairness, a software update is something no one should expect a CEO to pay any attention to. It's mundane and not worth his time.

(Snip)

If your CEO is paying attention to system upgrades, you hired the wrong CEO. He shouldn't have any understanding of that. Those skills don't make for a good CEO.

Look, no one expects a CEO to be technical. But relying on an individual to perform a mission critical task with no oversight is amateur hour and is a failure of due diligence. There should be an entire process where a change is written, there is peer review, change is performed, and there is post change testing.

Yes, the CEO has a responsibility to make sure that is happening. That is part of his job. He doesn't write the process but he must maintain oversight of those to whom he delegates it to.

This isn't a new or obscure idea. I myself have worked from within that framework for over 15 years, three large multinational corporations, and the Department of Defense. There are entire books written about it, as well as international standards. That a large corporation like Equifax would fail at this is shocking. Their business is literally handling personal identification information.

Don't let them off easy. This is not the failure of just some IT dude. Their system failed to catch this.

I said he deserved to be fired.
But this will never change. I know we have a lot of sys admin types here, but that stuff is liter below the ceo level. He can't know every time there's an update. He just can't. His cio must. And if the cio thinks it was applied, there's no way for the ceo to verify this. Unlike things that definitely hit the balance sheet.

So yes, he needed to be fired. But he wasn't in a good position to check up on this, and no ceo ever will. This was a fairly routine it function, and while a CEO bears responsibility for a major breach, they'll never be even remotely involved in routine it maintenance. Much like if the cafeteria isn't hygienic enough and poisons the staff he gets fired but he won't be involved in that part of the business, either.

You're acting as if I said it was the one dude who bore the responsibility. Read what I said about the cio.