Should IT pros and organizations be held to a higher standard regarding professional and business ethics or is enforcement the issue?

Ha-ha-ha, my consulting unit is trying to sell IT Governance software and are treated like we just landed from the moon. I think you hit the nail on the head again. Good thing we have a decent Data Analytics package or we would be starving right now.

SPC Erich Guenther - Good luck with that. I wish I knew what the answer is. I tried for many years. I preached IT governance in a wilderness among corporate canyons. Sadly, I found a few converts but they were quickly devoured by ignorant executives who were more concerned with protecting their turf than the profitable growth of their organizations.

CPT Jack Durish - I'll be the first to admit that I am a little immature for the Senior Executive meetings for precisely that reason. The politics gets me to snicker or smirk sometimes. I try not to do but sometimes unavoidable so I asked not to be included in pre-sales Executive level meetings. So as not to get the really embarrassing "Whats so funny" question. My last one was years ago I went into a meeting with a large trucking company CEO based somewhere. We sat down and asked about his network topology to start and he responded "We got a lot of stuff"......"It's expensive stuff too". I said OK fine can you give me kind of an idea of what your current backbone and topology is? "There is nothing wrong with my back", who told you that? At that point I was biting my tongue and the guy I was with interrupted "Can we talk with your Information Technology guy?". "Yes of course , he will be here in 10 min.........We got a lot of stuff". Anyways that was the last pre-sales Senior Executive meeting I was in, I couldn't take anymore after that one.

SPC Erich Guenther - IT governance is not about systems. It's about how decisions are made and who makes them

Honestly there are things you can do as an individual. If you see data sets with SSN's in them or street addresses, Credit Cards, etc. that are not encrypted you should go ask a Superior about it and see what the deal is. Because all data at rest in a data set should have personal information protected like that so a hacker can't hack into Linux or Unix and grab it. The standard is that if it was your data.....would you want it accessible? Data Security is just a small part of IT Governance but in my experience a lot of DBA's or OS (Linux/Unix) administrators let it pass without saying anything or raising a concern. Another thing you will find and this is hilarious. IT managers will have all their login IDS and Passwords to sensitive systems written down on one piece of paper somewhere..........sometimes right under their keyboards. That's a major IT Security violation but they do it because they are lazy. If you see that you should mention to them casually thats a security violation. Disappointing thing there is some will look at you with a smirk and say shhhhhh. Which is sad but it happens.

SPC Erich Guenther - I've done that while in the military many times and received that exact answer.