There was another crane collapse in NYC today, killing one person and critically injuring two others, according to CNN. This brings the death toll to 8 people in the last two months just in New York City due to crane collapses. These events are tragic, and they make the issues that we as Information Security and Privacy professionals seem minor by comparison. However, there is a connection between the people in New York that strive to reduce these types of incidents and us. Somewhere in the various departments and agencies in NYC that regulate and inspect these cranes, there are probably several people who have made the argument time and time again that they are understaffed or under budgeted, or that there are not enough controls in place to prevent these types of incidents. Unfortunately, it takes one of these incidents to obtain increased funding and controls that should have been in place in the first place. The same thing happens in InfoSec and Privacy. We all tell management (and anyone else who will listen) things like:
We need to install x to reduce the risk of y
We need to do x to minimize the risk y
We need a review or addition of controls
We need more staff
We need more budget
Unfortunately, it takes an incident like this to produce change and to get enough attention on a topic that something is done. There is one other constant between these subjects. Whether it is a crane collapse, or a DNS takeover for a giant cable provider - there will be a fall guy to blame for both of these.
Rock On
No comments:
Post a Comment