Issue link: https://securitytechnologyexecutive.epubxp.com/i/229956
COOL AS McCUMBER By John McCumber It's Time to Check the Box, Know Your Role Next time look before you check U sually, the fall weather in and around Washington, DC is the best time of year. Yesterday's fall weather, however, was that first cold slap of reality announcing winter is on the way. Like many days in my job, this one was starting with a meeting over breakfast in the suburbs. I left my condo and ran face first into a strong, gusty wind, overcast skies, slashing rain, and a raw thirty-eight degrees. I turned right around and went back inside to grab a scarf and a pair of gloves to augment my overcoat. Fortunately for me, my colleague had recommended a popular spot that had a large, free parking lot adjoining the café. As I pulled into the parking area, I heard that always-annoying fall refrain of a gas-powered leaf blower. The operator was wearing a winter coat with a rain-proof slicker pulled over it, and had a mask to protect his mouth and nose from the swirling veil of leaves, dirt, and debris he was kicking up with the infernal noise-maker. As I watched, his clouds of detritus would move away from the building only to be picked up by the gusting winds and deposited directly behind him, with a large quantity of grime attaching to rain drops and making the siding and windows a dirty mess. As I shed my coat and scarf, I pointed the leaf blower out to my breakfast companion. He laughed and said one word, "Checklist." It took me a moment to realize the wisdom and insight in that singular word. That was it. The maintenance company had a requirement to blow leaves and debris, and this guy was completing that checklist item so he would be paid. Check and done. It didn't matter that the result was the opposite of the intended goal of a clean area around the building. The building owner should have paid him to NOT use the blower. For security practitioners, the checklist can become a way of life. Everything from a daily building security check to a complex security review of an industrial control system is usually centered on a checklist. The National Institute of Standards and Technology (NIST) has produced dozens of checklists for information security practitioners and the result of a recent executive order to develop a cyber-security "framework" for critical infrastructure is fast on its way to becoming the next security checklist. The checklist is a valuable tool for all of us, but ultimately, we need to insure we know both when and why we must deviate from it. Leaf blower guy was checking the box – and making a dirty mess in the process. ❚ John McCumber is author of "Assessing and Managing Security Risk in IT Systems: A Structured Methodology," from Auerbach Publications. Email him at CoolasMcCumber@cygnuspubb2b.com. 42 SECURITY TECHNOLOGY EXECUTIVE • November/December 2013 Published by Cygnus Business Media, Inc. www.SecurityInfoWatch.com EDITORIAL Group Publisher ...................................................Nancy Levenson-Brokamp 800.547.7377 ext. 2702 • nancy.brokamp@cygnus.com Editorial Director/Editor-in-Chief ............................................... Steve Lasky 800.547.7377 ext. 2221 • steve.lasky@cygnus.com Contributing Technical Editors David G. Aggleton, CPP Kevin Beaver, CISSP Ray Bernard, PSP, CHS-III Ray Coulombe Robert Lang, CPP John R. McCumber Robert Pearson, CPP Ronald Worman Editorial Advisory Board Christopher B. Berry, CPP, VP Global Security & Safety, Henry Schein Inc. George Campbell, Emeritus Faculty Advisor, Security Executive Council Eric W. Cowperthwaite, CSO, Providence Health & Services Elizabeth Lancaster Carver, Member Svcs. and Projects Mgr., Security Executive Council Richard L. Duncan, CPP, Dir. Security, Hartsfield-Jackson Atlanta Int'l Airport John B. Leavey, Director of Corporate Security, AIG Karl Perman, Director of Security, North American Transmission Forum Art Director.......................................................................Elizabeth C. Barbieri Production Manager ............................................................. Jane Pothlanski 631-963-6296 • jane.pothlanski@cygnus.com Audience Development Manager........................................... Wendy Chady SUBSCRIPTIONS CUSTOMER SERVICE Toll-Free (877) 382-9187; Local (847) 559-7598 Email: Circ.SecTechExec@omeda.com SALES CONTACTS Midwest Sales Ryan Olson 800.547.7377 ext. 2719 ryan.olson@cygnus.com East Coast Sales John Lacasale 800.547.7377 ext. 6288 john.lacasale@cygnus.com West Coast Sales Bobbie Ferraro 310.545.1811 bobbie.ferraro@cygnus.com Display Sales Erica Finger 800.547.7377 ext. 1324 erica.finger@cygnus.com LIST RENTAL Elizabeth Jackson 847-492-1350 x18 • ejackson@meritdirect.com CYGNUS REPRINT SERVICES To purchase article reprints please contact Nick Iademarco at Wright's Media 1-877-652-5295 x102 or e-mail niademarco@wrightsmedia.com SECURITYINFOWATCH.COM Group Publisher ......................................Nancy Levenson-Brokamp 800.547.7377 ext. 2702 • nancy.brokamp@cygnus.com Managing Editor ............................................................... Joel Griffin 800.547.7377 ext. 2228 • joel.griffin@cygnus.com CYGNUS BUSINESS MEDIA CEO, John French CFO, Paul Bonaiuto EVP Public Safety & Security, Scott Bieda VP Events- Public Safety & Security, Ed Nichols VP Production Operations, Curt Pordes VP Audience Development, Julie Nachtigal VP Technology, Eric Kammerzelt VP Human Resources, Ed Wood www.SecurityInfoWatch.com