Watching the Supreme Court confirmation hearings made me think about:
ACCOUNTABILITY. One of the problems faced by security directors in both IT and corporate security is that they are alone on the island. No one else wants to worry or think about security.
This may be a major underlying cause of why security problems are not easily solved, just by adding new technology. People still find ways to either ignore controls, or use them incorrectly.
One of the main benefits of a Distributed Risk Assessment is that it touches different people in the organization and increases their awareness – AND Accountability. The accountability element comes in because the risk assessment analyst can track each individuals answers so you can see a simple profile for each one, and see that they are either:
Complying MORE than others in the organization
Complying SIGNIFANTLY LESS than others in the organization
Are so clueless that they don’t know whether they are compliant or not.
Don’t think the security questions apply to them.
With this kind of detail, you can also COMPARE individuals, compare business units, compare departments and this kind of detail also encourages accountability in the business unit manager.
Accountability could be the basis for fixing everything that is wrong in society, as well as in the security program.
Think about the impact if everyone took responsibility for their OWN health. It would change the world. What about if everyone took responsibility for their neighborhood’s safety and security? What if parents took responsibility for how their children performed in school?
Obviously – adding the element of Accountability into the security program could be very motivating.
Accountability is the exact opposite of passing the buck to someone else. And while accountability can be a daunting prospect (when you think about applying it in YOUR organization) — it is also empowering. It gives individuals control over their security and takes them from a passive to an active state.
And I hope everyone would prefer being in an active state!!