Who should be fired when security fails?
Ira Winkler asks a very pertinent question in his recent article for ComputerWorld: who is more to blame when a network is infected with a well-known virus (in this case, Conficker) for which protection has been available for over a year? Is it the "Patient Zero" who plugged an infected USB drive into one of the computers on the network, or is it those in charge of the network's security, who failed to properly patch and/or deploy updated, effective antivirus protection? What do you think? And is this case an isolated anomaly or indicative of a failure in IT security to address the real roots of our security problems? Read the article at