Michael R. Farnum

Hitting the Security Nerve

Does position equal power?

TAGS:CTO, Education, Philadelphia, school district
IT TOPICS:Security

I have often complained about the security figurehead, which is the person who holds a high-level security position within a company but who has no effective power to enact security policies. And this article has me wondering if another one has been created.

The story is that the Downingtown West High School (located in the northwest outskirts of Philidelphia) got hacked by a freshman in May of this year, and he stole a file containing more than 41,000 SSN's. The school district brought in Sungard to do some security assessment work, and after almost $45k worth of work the school district received some recommendations. One of those was to create this CTO position that would allow the person filling the role to "focus completely on technology". Uh huh. Right.

First of all, a "C"-level person is typically not able to concentrate on any one thing for very long at all. The nature of that position is political. That person will be attending all kinds of stupid meetings that have nothing to do with what he or she is supposed to be working on.

Second, when you create a position with a "C"-level title, you are typically either creating a person who is solely management and has power (CEO, CFO, etc.), or you are creating a person who APPEARS to be powerful because of title but really has to go to someone else to get authority before they can make a decision of any importance. Guess which one I think this is...

Third, this ISD just finished spending over $40k for security, and that was just the consulting side of the house. Think about what the products are going to cost to fill the gaps. The administrators are going to have puppies when this CTO comes back with the first estimates. Can you say "school bond issue"? Or it may be as simple as "maybe next year, or the next."

I know I am being cynical here. But I really just can't help but being so when I see this kind of thing happen. I have become so jaded over the years that I start out on the "whatever" side until proven otherwise. I hope it proves otherwise for whoever gets this spot.

What is Tech Briefcase?

TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more

Bookmark content

Speed up your research efforts with content across the web.

Search and Store

Find the white papers you need. Create folders for any topic.

View Anywhere

Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.

Don't have an account yet?

Child porn webcam allegations in PA school district

Wait, was this an ARMED security guard?

Learning from the education community

What could be simpler?

Today's Top Stories

Essential browser tools for Web developers

Hands on: The new iPad

Microsoft cuts the prices of some Office 365 plans

Google works to overhaul its search

Mozilla will start Firefox silent updates in June

Preston Gralla: Big backlash is building against Windows 8. Will Microsoft listen?

Hot Posts

Google wins again vs. Oracle: No patent probs.

Posted by IT Blogwatch |

Apple iPhone 5 -- fresh reports claim 4-inch display

Posted by Jonny Evans |

London's flying cameras spy shoelaces nearly a mile away; Will drones in the USA?

Posted by Darlene Storm |

Free Insider Guide

Excel 2010 Cheat Sheet: Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.

Security White Papers

2011 FFIEC Authentication Guidance: A New Standard For Online Banking Security: This whitepaper provides an overview of the updated Guidance and the threat landscape which helped define it, examines why previous security measures are...
Backup & Recovery for VMware Environments with Avamar 6.0: This paper highlights several new features within EMC Avamar 6.0 that specifically target and advance the capabilities and performance of VMware data protection.
Driving Security in a Hybrid Cloud Environment: This paper examines recent IDG research among IT leaders, who share their concerns and strategies in addressing security in cloud computing environments.

Security Webcasts

Operational Decision Management for Improving Governance, Risk and Compliance: How to rapidly adapt automated decisions to ever changing market and regulatory environments: Date: Monday, September 26, 2011, 11:00 AM EDT

In this webcast you'll learn how your organization can become more responsive to financial market challenges...
Kill the Laptop! Its Corporate Days Are Numbered: "Kill the Laptop" - The evolution of chips, computing power, connection speed, and the cloud is leading to the fall of laptops and...
The Top Ten Secrets to Avoiding SAN Performance Problems: Maintaining peak performance while simultaneously addressing the root cause of SAN errors is challenging. Learn the most common SAN problems and explore new...

IT Newsletters

Get the latest technology news and analysis on critical issues in the enterprise.

Does position equal power?

Related Posts

Today's Top Stories

Hot Posts

Michael R. Farnum's Archive

IT Topics