computerwoche.de

Archiv

Ignoring arrogance hurts corporate security

17.01.2007
At first glance, the Duke University lacrosse scandal might not have much to do with enterprise security. The fact is, though, that it is indicative of the root causes of most organizational security issues.

In summary, a group of Duke lacrosse players with a reputation for alcohol and other university policy violations held a party. A stripper was paid to work at the party and accused three of the players with rape and other crimes. An uproar resulted, and the lacrosse coach resigned and the players involved were suspended. Since that time, a wide variety of exculpatory evidence has been produced that calls the accuser's entire story into question and raises concerns over gross prosecutorial misconduct.

From my perspective, the players' misconduct was long overlooked by university officials and their coach, who essentially reinforced the misconduct. Duke's blind eye to their behavior is a contributory factor to the incident and the reaction. Even if the players are innocent of the crimes, Duke is likewise guilty of allowing the situation to degrade to the point where people even believed that the charges were plausible. The coach deserved to be fired for the long-term misbehavior of the players, even if the rape accusations were never made. But none of this justifies false charges against the players, prosecutorial misconduct or the public outrage over the incident.

Bad behavior and corporate security

In all organizations, the greatest security problems occur when questionable behavior is ignored or when people are allowed to behave arrogantly. At Hewlett-Packard Co., the recent boardroom leaks scandal resulted from management running amok at all levels. First, there was the board member who was leaking information, despite signing confidentiality agreements. Then there were several other HP corporate executives who conducted a wide variety of activities that were egregiously unethical, if not blatantly criminal. Ironically, those involved in these unethical activities included HP's chief ethics officer, who faces charges of fraud, wrongful use of computer data and conspiracy.

Rarely do security-related incidents and criminal behaviors come out of the blue. Even when we discuss national security incidents, you tend to find that even the most damaging espionage cases involved people who were widely known to have questionable characters. According to information available at the time, convicted spies Aldrich Ames, Jonathan Pollard and Robert Hanssen were all known to have questionable personalities and to have committed minor infractions. They all were overlooked until it was discovered that their actions were worse than anyone thought and had caused tremendous damage to national security.