April 15th marked the 100th anniverasary of the sinking of the RMS Titanic
- by any measure a catastrophe of epic proportions. As we think about lessons collectively learned from this event, may I suggest a nugget worth remembering that has little to do with sinking ships, but a lot to do with the enterprise we serve today?
According to a recent ABC article
... the Titanic was fully compliant with all marine laws. The British Board of Trade required all vessels above 10,000 tonnes to carry sixteen lifeboats. The White Star Line ensured that the Titanic exceeded the requirements by four boats.
But we all know that twenty lifeboats were not nearly enough for this ship. The article continues:
But the ship was 46,328 tonnes. The Board of Trade hadn't updated its regulations for nearly 20 years. ... The lifeboat regulations were written for a different era and enforced unthinkingly.
"Enforced unthinkingly." Therein lies our little lesson.
In discipline of information security, we may be tempted to think that "compliant" means secure. But we must not accept that at face value. We must really understand what regulations mean and how they apply to our enterprises. PCI DSS or HIPAA compliance may go part way, but do they really go far enough to protect our vital information that is the lifeblood of our businesses?
Let's make sure we have adequate "lifeboats" and not rely completely on those who write regulations to protect our businesses.