Oct 4, 2017 SOURCE: PR NewsWire

IAITAM Head: Don't Buy "Scapegoating" By Former Equifax Head In Testimony To Congress

CANTON, Ohio, Oct. 4, 2017 /PRNewswire-USNewswire/ -- When the former CEO of Equifax testified before Congress yesterday, he misled lawmakers and the American public by attempting to place the blame for the massive breach at the credit-reporting agency on one person, according to Dr. Barbara Rembiesa, president and CEO of the International Association of IT Asset Managers (IAITAM).

The truth, according to Dr. Rembiesa, is that Equifax failed as a company when it neglected to put standard Information Technology Asset Management (ITAM) systems and controls in place that would have prevented the breach. In an earlier statement on September 8(th), IAITAM said that the Equifax's second major breach in four years was inexcusable and could have been avoided. See: http://iaitam.org/iaitam-news-release-massive-equifax-data-breach-points-ongoing-u-s-corporate-failures-information-technology-asset-management-itam-use/.

In a new statement issued today, Dr. Rembiesa said: "During his testimony before the House Energy and Commerce Committee, former Equifax CEO Richard Smith disclosed that it was a failure to upload a security patch for the Apache Struts systems that Equifax was using. The Department of Homeland Security's Computer Emergency Readiness Team (CERT) sent emails to several companies, including Equifax, which notified them about the vulnerabilities to the Apache Struts systems. This notice was sent on March 8(th). While internal policy was to ensure that all systems were updated within 48 hours, this clearly did not happen. Everyone, from House Committees to innocent people who had their identities stolen, are left wondering why."

"According to Smith, it is a human error issue. A single individual is being scapegoated in this scenario. During the testimony, Smith stated that the employee who is responsible was identified and that it was 'human error' that caused 145 million identities to be stolen. However, this was not as simple as a human error as Smith has tried to make it seem." Dr. Rembiesa continued: "IT Asset Managers have a phrase for these very instances: Version Control."

"It is due diligence on the part of an IT Asset Manager and their ability to utilize discovery tools (the tools which pull software data from the organization's environment) that ensures proper versions of software are installed on organizational assets. This originally became a responsibility of an IT Asset Manager because software publishers began to charge organizations based on the software licenses they were running and which versions of software were supported by the organization. The unintended, but beneficial consequence to this development, was that IT Asset Managers were becoming instrumental in safeguarding and securing an organization and their data. Simply stated, it is people who run organizations through tools, not tools that run organizations through people."

"IT Asset Managers are responsible for an action called 'Reconciling'. This job function ensures that the data being reported by discovery tools match what is required by the organization. It is by this action of reconciliation that an IT Asset Manager would have discovered that the version of software for the Apache Struts systems was not correct with the newest patch necessary to maintain data security. This risk would have been identified, mitigated, and fixed well before this breach occurred."

Dr. Rembiesa concluded: "The excuse Smith has posed about the breach being a 'human error' is another way of saying that the proper people were not in place to ensure the safety and security of the data, or the people now exposed. The human error, was not having an IT Asset Manager."

ABOUT IAITAM

The International Association of Information Technology Asset Managers, Inc., is the professional association for individuals and organizations involved in any aspect of IT Asset Management, Software Asset Management (SAM), Hardware Asset Management, Mobile Asset Management, IT Asset Disposition and the lifecycle processes supporting IT Asset Management in organizations and industry across the globe. IAITAM certifications are the only IT Asset Management certifications that are recognized worldwide. For more information, visit www.iaitam.org, or the IAITAM mobile app on Google Play or the iTunes App Store.

View original content:http://www.prnewswire.com/news-releases/iaitam-head-dont-buy-scapegoating-by-former-equifax-head-in-testimony-to-congress-300531079.html

SOURCE The International Association of Information Technology Asset Managers, Inc. (IAITAM), Canton, OH.

Related News

Utilities Tackle Disruptions With Asset Management Tools

Brookfield Asset Management Completes Strategic Growth Investment into Armis

GE Digital Named an Asset Performance Management Software Leader Again

Stonepeak Joins the Net Zero Asset Managers Initiative

Apptricity Releases New Version 8.0 Asset Management Solution

SunView Software Adds Asset Management to its Innovative ChangeGear 8 Platform

Academy Asset Management Announces Its Initial Cohort of Clients

Asset Panda Awarded Best In Category of IT Asset Management Market Leaders in 2020

View all News

Latest Procurements

Work Health and Safety Management System Software

The National Capital Authority are seeking a work health and safety management system (WHSMS) software package.

Industry Briefing April 2024 - Defence Estate Capital Works Program

On 17 April 2024, the 2024 National Defence Strategy and Integrated Investment Program was launched. Defence invites industry to attend a virtual briefing in relation to the Defence estate and...

Community Perceptions Survey

This Approach to Market (ATM) is for the provision of a supplier to manage the communication of the Community Perception Survey

View all Procurementsp

Agenda

June

FranceParc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024, 17 - 21 June 2024, Parc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024 There can be no sustainable world without peace and security. Founded in 1967, the exhibition...

May

Paris Marriott Rive Gauche & Conference Center

Future Artillery, 21-23 May 2024, Paris Marriott Rive Gauche & Conference Center, France

DELIVERING FIRES IN THE MULTI-DOMAIN BATTLESPACE As artillery reasserts itself as the ‘King of Battlefield’ in the wake...

May

United Arab EmiratesADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR Abu Dhabi 2024, 21-23 May 2024, ADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR ACCELERATING TRANSFORMATION IN THE NATIONAL SECURITY ECOSYSTEM ISNR Abu Dhabi is the region’s most trusted...

View All Events

Companies

Proveedora de Seguridad Industrial S.A. (PROSISA)

Diehl Defence

Clavister

View All Companies