Déjà vu

Source of image blog.lib.umn.edu

Source of image blog.lib.umn.edu

With the recent release of reports on Government IT security and Novapay some of us that have worked in the Public Sector will be experiencing déjà vu.

Hindsight is wonderful you may say… but we could have written the Novapay report from prior “lesson learned” with regards to  INSIS  and former Teachers Pay system implementation. For goodness sake, INSIS is a case study(one of many) in what NOT to do.  

Ditto with IT Security. When I was CIO at what was then Ministry of Fisheries we took IT security extraordinary seriously. The Executive Team at the time approved the employment of a full time Security Officer. When I was at SSC  as Project Owner of the initial Authentication project ( now morphing into Real Me) a great deal of time and money was spent on a Privacy Impact Assessment.

What I think happens is: people turn over, priorities change, budgets dry up, new Executives make changes and before you know it the institutional knowledge of how to do IT Security audits and Privacy Impact assessments is lost.

Some of the wisest words given to me many years ago was ‘don’t rely on security through obscurity”… just because I cannot see how people can infiltrate systems doesn’t mean it cannot happen.

 

Advertisements
This entry was posted in Uncategorized and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s