Monday, February 14, 2011

Beautiful Security Chapter 12, Here Come the Infosecurity Lawyers!

Compliance Issues

I submit that part of the lack of desire to be totally compliant is the attitude about compliance throughout an organization. In a government contracts based organization lack of compliance can be at minimum a fine, and potentially loss of job.

An example of compliance/non-compliance: There are people who continue to drink and drive after one or more DUIs, and students who refuse to study; cheating on an exam.  Apparently, the consequences have no weight in their decisions.  I agree with other comments made on by my peers’ discussion for EM 835, that a better understanding of the consequences to the person, the organization, and others effected. All begins with personal responsibility.  My examples of DUI suggest a need for better understanding of consequences of actions and in-action.

Perhaps, my favorite comment made in one of Steven Covey books about habits and leadership principles: 'we would not need any laws, if everyone obeyed the laws!'

Laws are for protecting.  Punishment sometimes is too little, too late!  From my psychology classes a punishment tends to minimize a behavior.  Punishment alone does not necessarily eliminate the bad habit.  Perhaps cognitively accepting responsibility for an action and the determination ‘to never perform’ that bad habit again has a stronger chance at elimination.

Unless security is an integral part a system, at least minimizing security intrusions and lack of compliance, breeches may be nearly impossible!  Culture has some influence.  Rewarding and glorifying bad behavior can influence some in the wrong ways.

No comments:

Post a Comment