The Lounge is rated Safe For Work. If you're about to post something inappropriate for a shared office environment, then don't post it. No ads, no abuse, and no programming questions. Trolling, (political, climate, religious or whatever) will result in your account being removed.
Didn't know about World Quality Day, but our company quality has been improved significantly recently after meeting compliance with the ISO 9001 standard. Only problem is that due to very tight security measures it is getting hard to get things done
due to very tight security measures it is getting hard to get things done
I had to leave my last company because they "securitized" themselves out of business. Productivity fell to nearly zero, and we lost 2 clients in under a year's time - all of this 100% related to being too secure.
Yes people, there is a thing known as being too secure, especially when everything you do has to be held to a standard or protocol, that inhibits profit and effectiveness.
Yeah - not (yet) so deadly, but we have our CISO (Chief Information Security Officer) who's only made things harder.
For example - the company switched to cloud-based mail - which implies a high degree of accessibility, no? Except, soon after implementation, this clown decided to make it unavailable, except by logging in first through the company portal. We may as well have our own mail server if I can only get to it internally. Once I couldn't access it easily, my after-hours viewing of that mail has dropped off to near nil.
Other stuff, too - but if a problem sits unattended? Well - give me access so I can check. Which interestingly sounds a bit like the attitude of the clients you lost.
...or even worse, security training that so negatively impacts timelines that important deadlines are missed. And, here's the punchline, its training for a methodology that is never actually implemented by the company.
Although any professional should already be familiar with the usual suspects, I suppose companies can direct employees to read one of the countless pages covering the topic. This, in the (likely pointless) hope that they'll finally pay attention. That should require maybe an hour of effort.
Then, more importantly, companies should implement a continuing security review of code and run one of the automated auditing/scanning tools. This prudent expenditure of time/money, on useful quality assurance, usually seems to get de-prioritized.
Instead, companies prefer to spend 10 times as much time/money on training that does little other than provide a certificate they can cite when the inevitable liability case pops up.
Based on the number of folks, here in Q&A, who repeatedly ignore warnings about SQL injection, I maintain that a careful review/audit (not training) is the thing most likely to make an employee pay attention. Or, failing that, at least seek employment at a different company RANT-OFF
I maintain that a careful review/audit (not training) is the thing most likely to make an employee pay attention.
The saying "that's wrong" once, saying "you idiot, that's wrong again" on the 2nd time and the kick in the ass at the third time.
That is what will do not only that employee but all other too to really pay attention
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.