Separation of Duties is not answer to problem its only corrective part where is preventive?

What Separation of duty does is It pins responsibility to one person in chain of command who can be hold responsible for the failure..But that’s only corrective part of problem. What about preventive part? For preventive part there should be one person in security Team who can work across technology from OS layer to network layer to application layer…and also at data mining level he can do statistical analysis of logs or of huge logs on hadoop clusters of server , create BI report to know the expectation of damage. It does not mean 1 person has to do everything it only means is he can take control of situation.he is director of symphony.

Also analyse most incidents logs to make relevant judgement based on gathered data and make analytic on data a possibility. As technology changes requirement gathering techniques are also at shows faults for not being able to identify gaps.Gaps which exists and come at Each step of SDLC which can be identified using six sigma methodology and tested using techniques like Test of hypothesis. There is integration architect which can integrate any two different system or technology or create road map for it.But there are people who need to understand all the technology could offer to tell and go across the big picture. It is like everyone grappling with elephant tale problem..Where a blind people(specialist in one skill) holding the elephant tail (part of problem from there domain) assuming This tail is whole elephant while other holding Ear say Ear is elephant…While a person who sees whole picture hand experiences from development, networking, storage, data warehousing, Business intelligence ,ERP,EAI, java like languages can say what is really elephant (mean what is problem) and say how to solve it? where to fix what…?Image

a person with higher level overview and not experience can not make judgement as his hands are not dirty with other skill set and other skill set out of his range on which he never worked. he has theoretical knowledge and not have his hand dirty on implementation of technology..hence cannot contribute even in discussions of cross functional team. Usually enterprise architect are are expected to be working right from first phase of project till last phase And provide interface between different technology specialization for developers and between general functional requirements of user, domain requirement of functional specialist and implementation detail as well project management…What should we normally call this? When we should call Business Architect Managers..As this role cut across all three areas of business Analyst, Technical Architect (in some company both roles are combined called as Business Architect. But here when we add domain , user expectations and project management. So business Architect managers can work across these teams funnel the requirements as well go deep into domain.Now  are one will be in huge demand in future….

Securing company requires management by Walk Around and not securing routers

Human side of managing people not a complaint asset or used in some software services companies as asset but as partners and associates..treat you employee as human
Most forgotten mangement skill in india is managment by Walk Around MBWA. MBWA helps company to reduced insider threat by great no. Is there a system to measue how much effective MBWA is there in organisation…

Case Study: How apple treats its employee.Each employee his skill set his life builds up company its not the  technology its human side..technology is also as important never to ignore like weak links in technology there are weak links in management which should be plugged. There should be more analytical tools to measure MBWA. See and check employee health and his may be family issues. Image