Who knows? Who cares?
Lieberman, Founder and CEO
In a recent conversation
staff members we discussed the very different mindsets
and responsibilities of CXO executives compared to the IT departments
that they manage.
In some organizations, the CIO/CSO works on a daily basis with the IT
departments to create a well-oiled efficient and secure enterprise that
gives the organization a competitive advantage and inherent business
advantage. In these relationships, there is a constant two-way
communication channel that selects the appropriate processes,
technologies and projects for the benefit of all. Technical issues and
comparisons flow in both directions, and improvement is a constant end
result of the collaboration between executive management and staff.
On the flip side, we see another scenario where the CIO/CSO doesn't
want to get involved in the day-to-day details of IT operations, in the
global technical decisions that affect all users. In this scenario, all
technical decisions, product selections, and security processes are
selected by IT with no real management oversight. Inevitably these
C-level executives receive failing grades from IT auditors and IT
rarely implements significant improvements in security or operational
capabilities. Technology or lack of funds are blamed for poor results
Unfortunately, the latter scenario is most common. We see CXOs who are
responsible from a corporate and fiduciary point of view for the IT
department, yet lack the technical skills or have no interest in having
a hands-on role in managing IT resources. The IT staff do not have the
power nor resources of the CXO, but do have the technical knowledge to
implement proper solutions. In many cases, IT management fails to
implement proper solutions simply because they don’t care, and/or
because of the lack of corporate or fiduciary accountability (i.e. good
security does not put any extra money in their pockets).
I call this: one cares but does not know, and the other knows, but does
not care. All this results in a stalemate where passwords never change,
there is little to no real security, there is little to no introduction
of new technology, and the company suffers from an apparently
incompetent and uncaring IT department.
Perhaps the problems of IT lie in the deficiencies of management's
unwillingness to engage in an intelligent ongoing dialogue with IT; and
the poor showing of IT is the result of poor leadership at the top.
What do you think? Write me at firstname.lastname@example.org.
Avenue of the Stars
Angeles, CA 90067
Launches / Podcasts
/ Press / Events
Today, November 2009
"User Manager Pro helps organization in all major vertical markets
locate and remove rogue users, groups, and group memberships, change
administrator passwords, discover and remove unauthorized shares,
determine who is in the administrator group, find stale user accounts
and, with Cratering, mediate virus infections - including zero-day
infections that bypass conventional antivirus solutions."
- Dark Reading, November 2009
Awarded Patent For Access Control Technology
Cratering identifies and blocks malicious software from executing on
Reading, November 2009
Thwarting SQL Injection Threats.
New Dark Reading report explores what database
developers and database
administrators can do about the pervasive SQL injection attack.
Tip of the Month
Remote password recovery is one of the conveniences of Enterprise
Random Password Manager. But when this process involves a remote user
reading the password over the phone to someone else, or when an
administrator is trying to determine if, for example, a 1, l, I, or |
is being displayed, misunderstandings and mistakes are often
That’s why we've provided the privileged identity management industry’s
first phonetic spelling option - to help users pronounce a password
character by character.
For instance, the password EAYd|0lc would be written as ECHO ALPHA
YANKEE delta Pipe Zero lima charlie. Or, in the case of the
administrator trying to decipher 1, l, I, or |, those characters would
be shown as one, lima, INDIA, pipe.
For more information and to activate this option, please click here.