Welcome to the SecAware blog

I spy with my beady eye ...

4 Jan 2009

Is hacking a governance failure?

The president of a company that develops software for oil and gas exploration was sentenced to 12 months' supervised probation and fined $2,500 for hacking a competitor using an airport's wireless network connection, according to eWeek. The company is also facing charges that it sold restricted software products to Cuba, potentially implying a wider governance failure if proven rather than simply a rogue employee, albeit a very senior one.

Governance concerns are also raised by the alleged hacking of the World Bank's systems by an IT outsourcing supplier although the supplier denies the accusations. The supplier's website proudly announces that it won "the coveted Golden Peacock Global Award for Excellence in Corporate Governance for 2008" [an award that I personally hadn't heard of, but what do I know?], so it is possible that, if true, the hacker was a lone Black Hat that the company's award-winning governance processes failed to identify and/or stop.


  1. Depends, right?

    Governance is only the measurement (and enforcement?) of corporate ethics. You could then have great governance of crappy ethics....

  2. Hi Alex.

    I feel governance is more than just measurement/enforcement of corporate ethics: at a practrical level, it's also about management putting in place the reporting structures, processes, policies etc. in order to (a) better control what the organization's employees are doing, and (b) keep themselves well informed about what's actually going on. But I agree that crappy ethics would undermine or skew the governance activities, especially if the crap goes right to the top.