Sending a Dunn-ing Reminder

By Peter Coffee  |  Posted 2006-09-13 Print this article Print

Opinion: The ouster of HP's board chair illuminates enterprise infosec issues.

The impending demotion of Hewlett-Packard board chair Patricia Dunn, wholl step down from that post in January (although shell remain on the board), ought to trigger at least three separate conversations about the roles and mechanisms of information security in the enterprise and in any other organization that handles sensitive data. First, Dunn got in trouble because she didnt know (giving benefit of the doubt) about things that were being done on her behalf. Dunn is not the first senior executive whose fate has turned on the question, "What did she know and when did she know it?"
Many enterprises might be dismayed to realize how hard it would be to answer such questions conclusively. Media traffic such as e-mail and phone conversations, and matters such as who attended which meetings on which dates, have become the raw material of governance: subject to rapidly expanding requirements for disclosure to the public or discovery during litigation. Any forward-looking IT plan should include a top-to-bottom examination of internal information systems, with an eye toward the audit-ready documentation of key decision-making processes and information flows.
This autumn of Dunns discontent also stems in part from Hewlett-Packards having too much personal information about directors and other corporate stakeholders. HP is merely typical of this problem: Any company that pays its employees, provides their medical insurance and administers their retirement accounts is going to have a critical mass of personal information thats just waiting for the right trigger to make it blow up in the companys face. Rigorous and granular management of access privileges should be a high-priority goal. Governable enterprise systems cannot afford the luxurious convenience of having a simple hierarchy of administrative powers. Finally, companies should avoid the kind of embarrassment now being suffered by phone companies that were too easily "pretexted" into disclosing customer calling records. The growing sophistication of supply chain partnerships demands a matching growth of knowledge and care about the protection of data held in trust for third parties. Technical management needs a seat at the head table as these issues are addressed. Technology Editor Peter Coffee can be reached at Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.
Peter Coffee is Director of Platform Research at, where he serves as a liaison with the developer community to define the opportunity and clarify developers' technical requirements on the company's evolving Apex Platform. Peter previously spent 18 years with eWEEK (formerly PC Week), the national news magazine of enterprise technology practice, where he reviewed software development tools and methods and wrote regular columns on emerging technologies and professional community issues.Before he began writing full-time in 1989, Peter spent eleven years in technical and management positions at Exxon and The Aerospace Corporation, including management of the latter company's first desktop computing planning team and applied research in applications of artificial intelligence techniques. He holds an engineering degree from MIT and an MBA from Pepperdine University, he has held teaching appointments in computer science, business analytics and information systems management at Pepperdine, UCLA, and Chapman College.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel