Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Make sure the brakes are working

Calum Macleod | April 6, 2009
Crashing cars and firewall managementa similar chain reaction

With all the doom and gloom of the past few months and billions of whatever currency you like being poured into the economy, I have to report on a ray of hope. I think my son may have hit on the solution completely inadvertently. Hes not a renowned economist, just an honest, hardworking car mechanic.

However, having written off the fifth car in the last three yearsalthough, credit where its due, his fiancé managed it this timenot only is he trying to save the motor industry single-handedly but at the same time, his insurance premiums have reached a level where he may be also saving the financial sector. Not only that, but out of sympathy, Ive had to break open the reserves and help finance number six which of course means that what money I had left is now circulating.

But what may you ask does this have to do with IT. Actually quite a lot because his latest accident triggered a chain reaction that were all too familiar with.

Firstly a lack of risk assessment resulted when according to his fiancée, a woman driver decided to stop on orange with the result that she plowed into the back of the car. Mind you, had the mechanic bothered to fix his brakes, as everyone was telling him to do, it all might have been avoided. And as is so often the case in IT security, improper risk assessment can have disastrous consequences. Not enforcing information security policies or firewall policies can very often result in failed audits, and network breaches, etc.

Secondly, it had major business continuity impact. Having no car meant you had to borrow somebody elses one. Everybody was affected. A very common problem in many organisations is the impact on day-to-day business because of errors made in translating service requests into structured firewall changes, failing to adhere to information security policy, or placing firewall rules were they should not be, bringing everything to a grinding halt.

Thirdly, the failure to deal with the risk created a problem, with the result that the financial impact on the family organisation was significant. Im not saying the accident would not have happened but had the brakes been working, it might have resulted in what became a right-off being no more than a small dent. Bottom-line failure to deal with the risk in order to save money eventually ended up costing a lot more than it should have.

So what should you do?

1.    Use automated risk assessment tools fix the brakes.

 One of the key reasons why risk assessment is not done is simply that it is extremely time-consuming if done manually. When I ask companies the question,  the responses vary from we have never done a risk assessment to so far weve gotten away with it because the auditors have never asked. Additionally, it is surprising even among financial institutions that auditors are not addressing this problem. This is likely to be due to the fact that they do not know what to look for. Relying on specialist consultancy companies to do this job can also be a very hit-and-miss affair because you are at the mercy of a consultant who may or may not have the necessary skills to do this. And in any case, if they havent got the right tools, the chances are, theyre no better than anyone else.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.