Update from ITPNZ
Here's a quick weekly update from ITP CEO Paul Matthews
The treasury hack that wasn't: how not to react when your corner cutting bites you. Plus, a big welcome to Peter Griffin - tech and science guru joining the ITP TechBlog team from next week.
Treasury "hack" simply bad practice
Two articles on TechBlog this week about the report into the Treasury "hack" that turned out to be a failure of appropriate management, mixed in with a series of decisions that appear to have been taken without professional IT advice.
As Sarah Putt wrote: "The 35-page report makes for the kind jaw-dropping read that you get when an inquiry is led by a competent professional - in this case independent director Jenn Bestwick - who just lays it all out there in its full awfulness. So that you find yourself wondering aloud on almost every page just how the whole shemozzle could have gone so far."
Two key decisions appear to have contributed majorly:
- Dropping core functionality due to time restraints, most likely with the intention to double-back later. Then not.
- Making core decisions about their system without seeking professional advice from the vendor.
In the first case, this isn't an uncommon scenario. Often systems go live in a "MVP" (Minimum Viable Product) scenario, or at least with some functionality coming. That's ok. The fall-down was leaving out something as essential to their core purpose, then not sorting it out in a subsequent release.
The second case was very bad form, frankly, and this was at the core of the failure. According to the report, Treasury made decisions about changes in the core functionality (indexing the main site vs their clone site) without taking advice and this was really their downfall.
And, of course, the worst thing of all was the way it was dealt with - press releases about hackers and police reports etc. It wasn't a hack - the information was publicly accessible. And the handling was anything but good practice.
The report also made it clear that the whole situation could and should have been avoided with more appropriate senior leadership and governance oversight.
Cyber-security and the Board: What is good practice?
Along these lines, later this month we're running an expert panel on cyber-security risks and conversations with Boards of Directors in Wellington - a crucially important topic for both IT professionals and Directors.
The panel features senior leader Mark Corbitt, Buddle Findlay partner Allan Yeoman, and Z Energy CDO Mandy Simpson. I'm facilitating the panel and we'll record and publish to our Video Library later.
The event is free for members - please do [register and] come along. More info
Want to become Chartered or Certified?
We're running a series of live webinars starting later this month on Chartered IT Professional NZ (CITPNZ) and Certified Technologist (CTech) certifications - the what, why and how.
Welcome to Peter Griffin
We're investing in additional high-quality original content on TechBlog and Newsline as we see it as essential that IT Professionals stay up-to-date on the latest developments.
With this in mind, we're really excited to welcome Peter Griffin to the TechBlog team.
Peter is a science and technology journalist with 20 years' experience in the NZ media covering science, technology, media and business. He was a business reporter then technology editor at the New Zealand Herald before becoming the founding director of the New Zealand Science Media Centre, which he ran from 2008 - 2018.
in 2009 he founded Sciblogs.co.nz, the Australasia's largest science blog network which is still going strong nearly a decade and 12,000 posts later. He retired his Griffin's Gadgets on the stable in 2018. He has been the Listener's technology columnist since 2011 and is a contributing writer to Noted Tech and a tech correspondent on RNZ, amongst other things.
Peter will be reporting on the intersection of science and technology from next week and, along with Paul Brislen and Sarah Putt, will help ensure our members are as informed as possible about happenings from our sector.
You must be logged in in order to post comments. Log In