This weeks assignment involved reviewing recommendations for issues identified in the Verizon Data Breach Investigations report.
So, I find things like this interesting because when you have an issue that is identified in the company, how do you evaluate when/how to fix it?
For example, in this report, a lot of problems were identified. However, in order to fix most of them would require process changes and financial expenses. So, the system is broke - do we fix it?
Well, that depends... What's at stake? Are lives on the line? Possibly. Are customer accounts vulnerable? Maybe. Will we lose business? Perhaps.
Better question - Can we be a company with integrity if we do not fix known issues to avoid possible breaches? No.
I know ethics is covered later in the book but here's my take - companies will often do detailed analysis on issues and find all kinds of gaps. The problem that follows is their willingness to resolve and correct these deficits because of cost. However, in order to maintain some level of integrity, any reasonable business owner must fix issues, no matter the cost because we have an obligation to do so.
No comments:
Post a Comment