Accountablity: Have you heard the call from Target yet?

At some point Industry across America will face a tipping point.  A point at which lying to the U.S. Congress, failure to comprehend risk,  pointing the finger to someone else just isn't going to cut it.  Those in the front office will be held accountable at some point.  Enter TARGET.

Leadership Failure:
Have you heard the call from Target yet?  Perhaps you should.  The CEO - gone.  The CISO - gone.  The Board of Directors - now facing election could be gone as well.  As they should be for failing the stockholders and trustees for the lack of interest, utter malfeasance of office.  For bringing incompetenance into the forefront this board and others need to tossed.

http://www.computerworld.com/s/article/9248631/Advisory_firm_urges_ouster_of_majority_of_Target_board_members_over_breach_

IT Certification - a farce and failure?
(ISC)2 code of ethics cannons state:

1. Protect society, the commonwealth, and the infrastructure
- Promote and preserve public trust and confidence in information systems
- Promote the understanding and acceptance of prudent information security measures
- Preserve and strengthen the integrity of the public infrastructure

2. Act honorably, honestly, justly, responsibly and legally
- Tell the truth; make all stakeholders aware of your actions on a timely basis
- Observe all contracts and agreements, express or implied
- Treat all constituents fairly.  In resolving conflicts, consider public safety and duties to principals, individuals, and the profession in that order
- Give prudent advice; avoid raising unnecessary alarm or giving unwarranted comfort.  Take care to be truthful, objective, cautious, and within your competence
- When resolving differing laws in different jurisdictions, give preference to the laws of the jurisdiction in which you rend your service

3. Provide diligent and competent service to principals
- Preserve the value of their systems, applications and information
- Respect their trust and the privileges that they grant you
- Avoid conflicts of interest or the appearance thereof
- Render only those services for which you are fully competent and qualified

4. Advance and protect the profession
- Sponsor for professional advancement those best qualified.  All other things equal, prefer those who are certified and who adhere to these cannons
- Avoid professional association with those whose practices or reputation might diminish the profession
- Take care not to injure the reputation of other professionals through malice or indifference
- Maintain your competence; keep your skills and knowledge current.  Give generously of your time and knowledge in training others

Can we honestly believe that (ISC)2 is holding its certified membership to account for its own ethics cannons?   Is this industry grist mill collecting money and not policing its own people?  After ten years of continually failing grades in breaches from every corner of the world one has to ask, is the (ISC)2 operation real, is it accountable?

As industry raced to bring down costs and adopted many Information Technology practices, sought greater input about its clients, its prospects, it internal operations a CISSP or other similarly disignated security professional has been behind the wheel.  Are these people being held accountable?

Securing systems is for sure both an art and science and not to be taken lightly.  Nor is their a silver bullet or magic wand to wave to make things right.  However, CEO's will have to lead, Security will have to be rounded touted by, adopted by, insisted upon by all top management executives.  Audits will have to be conducted to constructively explore where the problems are and when found aptly addressed. Function can take place, perhaps a little slower to give the security personnel the opportunity to explain the risk, so that management personnel can bring it into full view for the board of directors.  These board of directors then have the full responsibility to guide Chief Executives as well protect shareholders from weak operations.  IT systems are difficult, solutions are not always forthcoming.  But clearly in breaches for the past ten years industry has failed the public over and over again.  With no accountability until maybe now.