Firewall Wizards mailing list archives

Re: iso 17799

From: George Capehart <capegeo () opengroup org>
Date: Wed, 21 Jul 2004 19:11:44 -0400

On Wednesday 21 July 2004 17:57, MHawkins () TULLIB COM allegedly wrote:

"It's only the big companies that are so pervasively populated with
stupid middle managers and C-level execs that they can afford to buy
$100,000 doo-dads."

OUCH! Don't hold back!


Well, since Paul let this through, I'm assuming he's willing to 
entertain some replies . . .  :)

I think there are several comments that can be made:

1.  Yes, it's probably fair to say that larger companies have larger 
budgets, and, therefore, are more willing/able to plonk down $100K for 
a doo-dad.

2.  There are companies of all sizes that are pervasively populated with 
stupid middle managers and C-level execs.  We're probably lucky that 
some of them are willing to spend the money on the doo-dads.  Some 
can't/won't/don't even see the necessity of having anything like a 
doo-dad, much less "Doing it Right (TM)."  In my experience, some of 
the smallest companies are the worst ostriches.

3.  Not all companies of a given size demographic are equally "clueful."  
It starts at the top.  If the Board and the CEO care and actively 
manage and enforce discipline, there is a much higher "level of clue" 
throughout the organization.  If the CEO is a cowboy or clueless and 
the Board is a bunch of hand-picked yes-men, guess what . . .  At the 
other end of the spectrum, if the sole proprietor of a small business 
is actively engaged in day-to-day operations and actively manages 
his/her risks, that business has no need of the $100K doo-dad . . .

I've had the great pleasure of working or consulting in what I would 
consider pretty well clued very large businesses and very small 
businesses.  I've also had the incredibly traumatic experience of 
working in very large and very small businesses run by cowboys, and in 
which the general operating modus was "shoot from the hip, clean up the 
mess later."  The one advantage that the larger organizations had was 
that, through the law of large numbers, there were enough individuals 
who truly cared and *were* clued, that some things got done in spite of 
management . . .

So, I guess my conclusion would be, thank goodness for organizations 
that are clueless enough to be willing to spend money on the $100K 
doo-dads . . . They're better than nothing . . .  :)

Cheers,

/g

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: iso 17799, (continued)
- - - Re: iso 17799 Paul D. Robertson (Jul 26)
    - Message not available
    - Re: iso 17799 Frederick M Avolio (Jul 21)
    - Re: iso 17799 Dana Nowell (Jul 21)
    - Message not available
    - Re: iso 17799 Frederick M Avolio (Jul 22)
    - Re: iso 17799 Dana Nowell (Jul 23)
    - Re: iso 17799 ArkanoiD (Jul 26)
    - Re: iso 17799 mlh (Jul 27)
    - Re: iso 17799 Marcus J. Ranum (Jul 27)
    - Re: iso 17799 Dana Nowell (Jul 28)
- RE: iso 17799 MHawkins (Jul 21)
  - Re: iso 17799 George Capehart (Jul 21)
- Re: iso 17799 J. Oquendo (Jul 21)
  - Re: iso 17799 Julian Gomez (Jul 23)
    - Re: iso 17799 Victor Williams (Jul 25)