So many risks, so little time How much risk can your IT department tolerate? There’s always going to be a certain amount of it. The trick is working out where to put it so that it causes the least damage. And to do that, you need to understand how risk fits into the broader world outside the IT department. There are various types of risk facing a company, …
You need lots and lots of clerks making up rulez, with more PHBs making up procedures based on misreading libraries of good practice so nothing ever happens without great effort and extreme persistence. Sometimes it might by the right thing.
Never ask your IT staff anything. Keep them untrained and stymied by processes at all costs. (literally) Create lots of little empires and ensure the tech staff are siloed into them so they can't get an overall view of the business requirements to make informed assessments.
Bonuses all round the executive suite for keeping costs down. The outcome is that whatever bad happens is never managements fault, so all good. Easy to sack some wannabee BOFH. If it is a real stuff up,even better, not PHBs fault. Look at the rules put in place so sack the IT staffer. And no, I do not refer to this mornings little incident. Humans do make mistakes. One has to live with it.
"may in turn trigger a governance and compliance risk." How do you "trigger" something that's an intrinsic attribute of an object or process? "Incident" may be what is meant here. The word "risk" is so widely misused in the IT community I'm surprised it still means anything at all.
Overcomplexity is often at the root of IT security issues. As systems become more complex, a point is reached where it would be very hard to determine IF a security hole exists, or not.
This issue affects the small business sector more than others, where maximally-complex installations are often deployed to meet very simple requirements, and yet the IT resources to manage the security of such installations simply do not exist, or are too costly.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
