Back to Basics - Back to Ethics
by Dan Lohrmann, Lohrmann on GovSpace
Mon, 2009-03-16 00:41
Topic(s):

What happened in Washington DC (city) government under Yusuf Acar as CSO over the past few years? Almost everyone involved in government technology in the nation, along with a few others in the FBI, want to find out the answer to that question. What we do know is that Vivek Kundra, President's Obama's brand-new, first ever, federal CIO has taken a leave of absence.

Could this very talented leader be in serious trouble? This blogger hopes not. But one lesson is already clear - Web 2.0, Government 2.0, Cloud Computing, or any other techno-savvy change must be built on a foundation of rock solid professional ethics. 

I have no desire to pile-on in this blog. There are plenty of others who have written detailed accounts of the implications of last week's very serious events. Betanews is one and Wired Magazine is another. While Wired says Kundra will be fine, the Federal Computer Week raises several serious questions about why the CTO wasn't aware of the activiites of his CSO. Both of those articles have plenty of related links as well.

True, everyone deserves the presumption of innocence until proven guilty. It may yet be true that the DC government is cleared of any wrongdoing.     

 Regardless of what happens next in this situation, this incident already provides some great reminders for every security professional out there. The main message is that unethical behavior must be stopped and dealt with or other great achievements will be undermined. Ethical behavior must be a top priority.  

  No matter how good your staff is at technical tasks, are they trustworthy? I have found that some of the best and brightest are also the most tempted to violate policy. As I describe at length in my book, we all face temptations online. There are steps we can take to protect ourselves, our governments, our businesses, our careers and our families. Most of us run background checks on staff, but that is often not enough. Note: my earliest blogs spend significant time discussing cyber ethics in the office.   

 We must trust, but verify. No one is above the law. Listen to complaints from people who claim that security staff or systems administrators flaunt their authority or access. Security professionals need to be above reproach - or all the technical controls in the world will not help. Good security involves people, process and technology.    

What are your thoughts?

 

» read more from Dan Lohrmann | post a comment
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
* Denotes a required field
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast