Lax Association Security
Associations tend to be much less security
conscious than most business. Lacking the bottom line
orientation of most business, associations are prone to not
recognize the value of the assets they have and by not
recognizing these, don't take the steps necessary to protect
them.
Association's pay scales for technology staff tend to be
near the bottom of the industry and thus the quality of the staff
is often inferior to that found in commercial enterprises.
Frequently, the technology staff has come from other departments
such as membership or finance where they have shown themselves
adept at solving computer related problems. While these may be
talented and dedicated individuals, they generally lack any
formal computer training especially regarding computer security.
Staff with this type of background will tend to focus their energies
solely on association specific problems, unaware that there are
generic issues that should be addressed. Further, associations also lag other
industries in providing continuing training to their staffs. When
training is provided, it's likely to be narrowly focused on immediate
needs. Thus both the technology staff and the management over them
tend to be unaware of security issues until after a security incident
costing the association money and or reputation occurs.
Further, most associations tend to work on relatively limited
budgets and technology staff functions in a highly reactive mode
fixing problems as they arise. As long as systems appear to be
working little effort is placed on anything that does not provide
visible functionality. This is especially true of security and
may even go so far as to neglect proper routine backups which are
an essential part of any security plan.
Real security begins at the top. While the
implementation, at least of computer, network and web security
may fall on the technology department staff, without the
support and insistence on security from the organization's
leaders, real security is not likely to be any better than the
sites mentioned previously.
Top of Page -
Site Map
Copyright © 2000 - 2014 by George Shaffer. This material may be
distributed only subject to the terms and conditions set forth in
http://GeodSoft.com/terms.htm
(or http://GeodSoft.com/cgi-bin/terms.pl).
These terms are subject to change. Distribution is subject to
the current terms, or at the choice of the distributor, those
in an earlier, digitally signed electronic copy of
http://GeodSoft.com/terms.htm (or cgi-bin/terms.pl) from the
time of the distribution. Distribution of substantively modified
versions of GeodSoft content is prohibited without the explicit written
permission of George Shaffer. Distribution of the work or derivatives
of the work, in whole or in part, for commercial purposes is prohibited
unless prior written permission is obtained from George Shaffer.
Distribution in accordance with these terms, for unrestricted and
uncompensated public access, non profit, or internal company use is
allowed.
|