The Stick - sliding backwards
Last week I spoke with a VP of security at one of the world's top 15 largest banks. We were discussing consequences. I happened to have the tape recorder running. Here is what he said.
"You have to make people responsible for getting things done, and accountable if they are not."
"You can have a great change control system, configuration management, control every aspect of the environment -- but if people don't follow the process and you are not going to do anything about it, you are not going to make alot of progress."
"As an example, at another company I worked for, we had an end of year production freeze with no changes. Yet four changes were detected to the production system. What happened to the people who made the changes? Nothing. What happend to their bosses? Nothing."
"Whatever progress you make with those great processes is going to be absored and you are going to end up back where you started."
"If you are not going to do anything about it [people who don't follow the process] you might as well just ignore it."
Wise words indeed!