The news story linked above talks about the UK Government losing 25 million records containing names, addresses, national insurance numbers and bank details.
Apparently the data was password protected but not encrypted, Now depending on the application used there may be some encryption there. I'm hoping that the data is an encrypted database that also has a password on it which is where the confusion is coming from but why do I have a feeling that it's just a CSV file?
The thing is, this is NOT NEWS. It's happened before, there have been reviews and procedures created yet it KEEPS happening. It happens in pretty much all companies and yet no one seems to care.
I, for the life of me, cannot work out why security is second fiddle. With word terrorism, bank fraud, phishing and everything else why am I and other members of the IT security industry still fighting an uphill battle? What is it going to take to get security onto the agenda?
Tuesday, November 20, 2007
Thursday, November 01, 2007
The state of IT
I came across the above article earlier today and I know that examples of the above problems are not just endemic to development process but instead seem to be buried deep into the very psyche of the majority of IT projects today.
I honestly would not been surprised to see Matt Allwright of BBC's Rogue Traders pop up at some of the meetings and accused the attendees of doing a shabby job and, of course, they would be right.
The classic in the above linked article is the very last email complaining that 'I'd love to write a dev env setup guide, but I just don't have the time!'. Hang, Didn't that email exchange basically list most of the steps needed? If there is time for the email exchange and time to waste someones time in scrabbling around for this information then the setup guide could have been written ages ago!!
We, as IT professionals are constantly subjected to these shabby practices and yet we don't accept them from other professionals so why should we in our own industry?
I honestly would not been surprised to see Matt Allwright of BBC's Rogue Traders pop up at some of the meetings and accused the attendees of doing a shabby job and, of course, they would be right.
The classic in the above linked article is the very last email complaining that 'I'd love to write a dev env setup guide, but I just don't have the time!'. Hang, Didn't that email exchange basically list most of the steps needed? If there is time for the email exchange and time to waste someones time in scrabbling around for this information then the setup guide could have been written ages ago!!
We, as IT professionals are constantly subjected to these shabby practices and yet we don't accept them from other professionals so why should we in our own industry?
Subscribe to:
Posts (Atom)