Spaf’s first principle of security administration
referenced in a Slashdot book review:
[I]f you have responsibility for security but have no authority to set
rules or punish violators, your own role in the organization is to take
the blame when something big goes wrong.
This is not just a security principle. It’s equally applicable to other fields. The corollary given in the review?
Any security group or security manager placed in such a situation should likely start working on their resume.
An interesting point.
Technorati Tags: security, authority, responsibility, resume
