General discussion

Locked

Why are heads NOT rolling?

By fcleroux ·
Am I the only one here that thinks this, but why are heads not rolling?

Many large virus / worm outbreaks in the last several years that have afflicted many large companies have almost ALL been preventable.

The infections have been avoidable either with proper Firewall Protection alone, or proper Anti-Virus Protection alone, or Proper OS Patches and Updates alone. With all three protection systems in place (ALL PROPERLY CONFIGURED AND UPDATED!) these viruses would not have infected most systems.

So, if these infections were all completely preventable, why are IS and IT heads not rolling. Why are these people NOT being fired for incompetence??

If they requested that technologies be in place or implemented but approval from above was refused, then why are the VP or CEO heads not rolling??

Some staff members can make a simple mistake that costs a company a bit of money (like a user not following a policy, infecting their own system with a virus, and they get fired for it). Yet, these preventable virus / worm outbreaks cost some corporations millions of dollars in down time and lost business, yet no one gets fired?

What?s up with that??

This conversation is currently closed to new comments.

193 total posts (Page 1 of 20)   01 | 02 | 03 | 04 | 05   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Good question. I don't have a good answer.

by stress junkie In reply to Why are heads NOT rolling ...

It makes you wonder what the heck is going on in the management of these businesses.

Collapse -

Lack of Support from Upper Management.

by jtrainer In reply to Good question. I don't ha ...

In my organization, we have to keep our version of Windows 2000 Server at SP2 and SQL Server 2000 at SP2 because of version compatibility with our ERP. Change the SP and the app no longer works. Upper Management refuses to pay the maintenance fees so that we can upgrade to the lastest and greatest. We are vulnerable to attacks because MS doesnt support those earlier SP's with security patches. When asked to update subscriptions to our anti-virus software, the response is "tell them not to use the Internet." I think upper management needs a reality check and realize that to prevent these outbreaks you need to free up some capital.

Collapse -

Lack of Support from Upper Management.

by RLoski In reply to Lack of Support from Uppe ...

Management needs to make sure that their IT personnel have the time to keep up to date on threats and their solutions. We can't be working at 100% fixing problems and have time or energy to research potential threats.

And that means money!

Collapse -

Baloney

by activated In reply to Lack of Support from Uppe ...

You need to be fired for blaming others.

Collapse -

Dilbert Manager

by kblack1a In reply to Baloney

Are you the pointy haired manager on Dilbert? Sounds like management might be a little defensive.

Collapse -

Truth hurts

by bndplus2 In reply to Dilbert Manager

Perhaps that's why he's so defensive.

Collapse -

And you're a manager in IT?

by blarman In reply to Baloney

In today's world of outsourcing, downsizing, and doing more with less, you suggest these aren't valid critiques? You must work in management.

Whose responsibility is it to set goals for IT and monitor progress towards those goals? Hint: Management!

If management's goal is to reduce company exploits to zero, they then would have to take responsibility to devise a strategy for obtaining the goal and allocate resources to do that. Most managers aren't either technically savvy enough to do this, or look at the expense coming off the bottom line and say "It's not worth it."

Management issue? You bet it is.

Collapse -

Bingo!

by bndplus2 In reply to And you're a manager in I ...

Wow. What a well written, consise response.

"In today's world of outsourcing, downsizing, and doing more with less, you suggest these aren't valid critiques? You must work in management."

*claps hands*

*waves arms*

TESTIFY!

How many hours a week do most admins put in? Mine, although slower these days, is still a MINIMUM of 50. Standard is around 60. Vacations range from 10-40 (seriously - last year I got wind of some new vulnerabilities and spent time looking into them and firming up the firewall. Remotely, over a SLOOOOW connection, with my laptop. That was probably close to 40 hours (connection issues accounted for a substantial amount of that, honestly)). My efforts were required because there's nobody else here who can do what I do, and I feel a personal sense of responsibility to maintain my network whenever possible. I feel that effort and attitude are not recognized, appreciated or rewarded, and that's one of the hardest things about my job. People like this guy are typical of this type of thinking and attitude, and make our jobs so unrewarding.

"Whose responsibility is it to set goals for IT and monitor progress towards those goals? Hint: Management!"

Yup. But if there's no management committment to enabling you do to the work, then it's pointless. Around here, there's a ton of lip service but no backing it up. If there aren't enough hours to do the task, or we can't be allowed the system downtime, then how can we accomplish our tasks? How do we win? We DON'T.

"If management's goal is to reduce company exploits to zero, they then would have to take responsibility to devise a strategy for obtaining the goal and allocate resources to do that."

I define the strategy. I outline it, and they tell me I can do whatever I need to do. They say they will give me the time/resources/skills, but when it comes time to deliver, they change what they told me I'd have (downtime, resources, whatever). My company, for instance, thinks we're a 24X7 business. We KEEP it that way, for the most part, but that's due to very proactive management of the systems and applying defense in depth wherever possible. But when you need to down a system to apply a patch, you're given relatively no time at all to be fully operational again. They WANT 24X7 operation, but aren't willing to invest in the manpower, training or make other resources available that would facilitate that. If it costs money, they don't want to hear it. Since our time is free, they don't care how much of our time we spend. That's the reality. But we can't make the bits and bytes and processes line up properly without a reboot/downtime. They don't understand the intricacies involved, and for the most part they don't care. They're used to pushing sales numbers and other things that are far more easy to quantify. Computers are not absolutes and are not as easy to work with as they think they are to those of us who are technical. There's part luck, part finesse and part educated planning. And those vary. I can't count the number of times I've thoroughly researched a patch and had it **** me out of the water, anyway (ones that modify TCP/IP, for example, get a lot of my attention). Maintaining these sytems requires a liberal allowance for downtime, and often we just don't get the time we need.

"Most managers aren't either technically savvy enough to do this, or look at the expense coming off the bottom line and say "It's not worth it.""

Yet the admins are the ones who are looked upon poorly when something happens.

Even with as liberal as I am with multiple layers of defense, we still get whanged by a virus now and then (not on the servers but the clients get hit now and then). It's not that the virus scanners were broken or not updated, or that the system wasn't patched: it was because the virus scanner failed to catch it in any of the 3 previous layers (but, for the record, the desktop scanners DID catch them. This is good but also disturbing in that they should have been caught at the first point, not the last). One of the layers I need to add is a scanner from a different vendor, but that also takes money (hardware, software).

Note I did NOT say "time" as my time is worthless to them....

"Management issue? You bet it is."

You're preaching to the choir, my brother...

Collapse -

Ditto plus

by wroach4 In reply to Bingo!

I work for a state agency . mention security to non-IT staff or management and they act like your an overeactive paranoid. Management is no help and I am waiting for the day one of them brings the system down. We have policies in place but now way of enforcing them . Fire management not IT.

Collapse -

YAFIM - Yet Another #$@%ing Idiot Manager

by nighthawk808 In reply to Baloney

It's nice to see that the Department of Labor's "Executive Placement for Morons Program" worked for you. What's next, Hooked on Phonics?

I guess you don't have to worry about being fired, do you? After all, the Americans with Mental Disabilities Act would preclude that for you.

I've said it before and I'll say it again: the most inane, incoherent, or outright useless posts always come from:

A - a person with manager in the title
and/or
B - a person with the Windows logo in their avatar

This isn't to say that all posts from the above groups are stupid, but almost all stupid posts come from them.

Back to Malware Forum
193 total posts (Page 1 of 20)   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums