I used to be a Certified Public Accountant (CPA) before I learned that
computers and computer security were a better fit. Still, you would think that
earning a college accounting degree, working at a CPA firm, and passing one of
the hardest professional exams in the world would enable me to do my own taxes.
But I'm too scared. The tax code is full of thousands of ever changing laws.
There are exceptions to every exception. Believe me, when Congress passes a tax
simplification act, CPA firms cheer. That means yet another year when taxes will
be treated differently than all of the prior years.
There are so many tax laws that not even dedicated tax professionals, including
IRS employees, can get it right. Each year around April 15, U.S. newspapers are
loaded with stories of how frontline IRS tax agents could not correctly answer
simple tax questions. Who can blame them? Have you seen the size and complexity
of the tax code? Exactly how many different laws can one person be expected to
know, understand, and enforce with any efficiency?
[ Is your organization moving to Windows 7? Then be prepared: Check out
InfoWorld's essential guide. | Tune in to the InfoWorld Security Central channel
for the latest IT security news and reviews. ]
Many companies have a similar problem with information security. I've consulted
with a number of clients, all with good, intelligent, well-trained security
teams, who are struggling to secure a growing number of security domains, each
with a different set of increasing security requirements.
The challenge was recently epitomized when one of these clients stated, "I've
got 186 different (internal and external) customers with 186 different sets of
security requirements."
I sat back stunned. I could not imagine a more impossible scenario short of
simply increasing the number. Unless you have a dedicated person or team per set
of security requirements, you have no chance of addressing them. It's impossible
to make customized, personalized guarantees on such a scale.