Newsletters Welcome, Guest Log In | Register
Blogs:

Lora Bentley

Governance and Risk

From regulatory compliance to corporate governance structure, everyone is involved

About this Blogger RSS

< Previous | Next >

Subscribe

Sign up now and get the best business technology insights direct to your inbox.

  • Daily Edge
  • CTO Edge Update
  • Business Tools & Templates
  • Aligning IT & Business Goals
  • Maximizing IT Investments

0

Did NSF Have Holes in Risk Management Strategy?

Posted by Lora Bentley Oct 15, 2009 7:42:16 AM

Yesterday I ended a post about new GRC technology with a reminder that people are part of the GRC equation as well. Sometimes it doesn't matter what kind of technology is in place. Some employees just have a natural bent toward risky behavior.

 

On the other hand, sometimes it seems even the least sophisticated technology could have helped organizations avoid a lot of things. Take, for instance, the mess the National Science Foundation is cleaning up these days. In September, The Washington Times reported that the number of employee misconduct cases investigated at the National Science Foundation in 2008 increased to six times the number of investigations opened in 2007. Many of those investigations involved NSF employees looking at pornography on government-issued computers during work hours.

 

Washington Times writer Jim McElhatton shared the circumstances of one of the misconduct cases this way:

Another employee... was caught with hundreds of pictures, videos and even PowerPoint slide shows containing pornography. Asked by an investigator whether he had completed any government work on a day when a significant amount was downloaded, the employee responded, "Um, I can't remember," according to records.

Investigative records also revealed that one "senior executive" spent an estimated 331 days looking at inappropriate sites, McElhatton said.

 

Are they kidding? This is the kind of stuff that makes my stomach turn. Yes, NSF representatives quoted in the story do say the foundation has taken the necessary steps to correct the problem, both in terms of technology and in employee training on appropriate behavior. That's good. But I don't understand how the problem became so pervasive in the first place. If some employers don't allow their employees access to Facebook or other social sites because it stymies productivity, it should be a given that Internet filters and blocks are also in place to prevent employee access to illegal and inappropriate sites.

 

And even if they weren't already in place, how did they not go up as soon as the first case was discovered? How did it go unnoticed or ignored for two days, let alone 331? There must have been significant holes in the foundation's risk management strategy. It's a prime example of what not to do.

Related Content

Add a comment Leave a comment on this blog post.

There are no comments on this post

Related Content

Browse

Topic: Risk Management

Policies and strategies to reduce or eliminate security risks to your organization's success

Blog: Social Media and Risk: Much More than Marketing for Businesses

Article: What's Your Compliance IQ?

White Paper: Applications, Virtualization, and Devices: Taking Back Control

Related Topics

E-mail and Web Policies, Government Agencies

Featured White Papers

Browse

Software Forum: Information On Demand Virtual Experience

This interactive virtual forum presents leading IT experts providing the insights you need to turn your information into a strategic driver for innovation, business optimization and competitive differentiation.

Performance Under Pressure: The State of Enterprise Web Application Quality and Availability

This research study finds that Web application issues are an all-too-common problem and examines these Web-based enterprise application issues from two perspectives: that of an online customer and that of a site manager.

Resource Centers

Browse

Greening IT with Server Consolidation

Learn how virtualization reduces the TCO of managing your date, while contributing towards your sustainability efforts.

Featured Whitepapers

Faster, Cheaper and Easier to Maintain: Can You Afford Not to Upgrade Your Servers to Today's Advanced, Energy-Efficient Technologies?

Responding to Change

The technology tips and tools to enhance your ability to respond to business change with ease and success.

Featured Whitepapers

Driving Business Agility Through SOA Connectivity and Integration

Data Warehousing for Business Intelligence

Comprehensive storage solutions for better data access and retrieval, leading to better-informed business decisions.

Featured Whitepapers

Maximizing Operational Efficiency with Oracle Business Intelligence (BI) Applications

Network Optimization

Network management tools and tips to increase network speed and efficiency, regardless of office location.

Featured Whitepapers

Extreme Savings: Cutting Costs with WAN Optimization

Premium Tools

Browse

Strategic IT Planning & Governance Best Practices Guide

Use this guide — along with the more than 60 templates included — to ensure the overall success of your entire IT department.

Learn more >

The Complete IT Policy Kit

Download a comprehensive bundle containing over 40 IT policy templates. Each can be modified to align with your specific business requirements. Complete instructions are included.

Learn more >