Infostar (6/21/2011)
SanDroidThanks for your comments. However the way enterprises organize their IT as you described is definitively not my experience. It seems that those enterprises come to a conclusion that its own employees are bigger security risks than employees in other companies. I work in Europe there may be some cultural differences between continents.
I would say these are more Governmental than cultural differances.
There are many regulations that compnaies here have to follow for data security.
If that company is pulicly owned and thier stock is traded, then these regulations apply to them. If the data stored is Health Industry data, it is regulated even more.
The company I work for in America is Japanese owned with global offices. They have to comply to JSOX audits for all business that is done in the US, or that could effect the earnings they report to the SEC.
No matter where you live unauthorized access to sensitive data by employees is still listed in the top ten reasons for corporate litigation. This was true when data was stored on paper. As IT has made data access easier it has become even more true.
If disaster happens and it turns out that the backups are corrupted, who will lose his job? The DBA who never had a chance to verify backups or the company who don't know or don't care how his client's system work?
This all depends on what the Auditors say. In most ITIL and SOX/JSOX shops restoring a server to the state of the last backup cycly would be the systems group. I have never seen an audit failure that was one persons responsibility. Usualy there are several involved in what caused the failure.
PS: You may have heard about ENRON and Author Anderson...
They had a problem with corporate culture and US laws and regulations also.
Most of the current laws and regulations that affect IT came from the lessons learned from that multi billion dollar disaster. As far as I know, everyone at both those companies lost their jobs. For some reason your question made me think of that.