Incident Response, TDR

The other integrity is at risk, as well

Back on July 30, the Wall Street Journal published an article entitled, “Ten Things Your IT Department Won't Tell You.” From getting around web filters to downloading unauthorized software, tips were provided. Thousands of blogs immediately lit up across the country both to support and denounce the article. Some called it nothing new and just a repeat of the lists already available via hacker newsletters and Google searches. Others responded with their defense of the 10 reasons why IT staff don't tell you these things, or with their own lists of dangers involved in disclosing this information.

My major concern is their disregard for “the other integrity.” Coming from one of America's most respected publications, this list legitimizes inappropriate conduct. The WSJ represented corporate best-practice security policies as “10 problems” that require end-users to apply “tricks” to get around. Despite the fact that employees sign acceptable use policies that forbid these actions, the WSJ suggests these tips can be used with minimal risk.

I believe this article has the net effect of encouraging behaviors which could get employees fired, cause a security breach or result in lost reputations and/or dollars. Their “security experts” provide details that could, if followed, compromise the integrity of an individual, a corporation or a government organization. IT professionals already struggle to combat cultural bias against safe computing and good security practices. Are they suggesting that the end justifies the means?

The sad part is that well-intentioned readers are deceived. I have seen these suggested actions lead to numerous personal disasters. Like buying a radar detector to speed on highways, this article demonstrates the opposite of open and transparent surfing while at work. If this advice is followed, corporate protections for sensitive information, legal compliance and ethical training would all be undermined.

This piece should instill fear regarding our future security effectiveness, especially if we lose the hearts and minds of the masses. Is this a one-off or the harbinger of things to come? Will the good guys turn away from us?

My main message in response to readers of this article is simple: your integrity is at risk — the other integrity.
Dan Lohrmann

Dan Lohrmann is an internationally recognized cybersecurity leader, technologist and author. Starting his career at NSA, Lohrmann has served global organizations in the public and private sectors in many leadership capacities. As a top Michigan Government technology executive for seventeen years, Dan was national CSO of the Year, Public Official of the Year and a Computerworld Premier 100 IT Leader. He is currently CSO & Chief Strategist at Security Mentor, where he advises global and local corporations and governments on cybersecurity and technology infrastructure strategies and security culture change. He has been a keynote speaker at security conferences from South Africa to Europe and Washington D.C. to Moscow.

Dan’s award-winning blog:
CSO Magazine articles:

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.