About Us | Contact Us
View Cart

Would I love to interview Lenovo’s Incident Response Team!

By Dan Hadaway | Friday, March 6, 2015 - Leave a Comment

How much can failure be worth?


Dan gets an idea while filling out a “customer satisfaction survey!”
Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . .


ServIcons_ITAudit_01

So though I tried to comment on Lenovo’s site during the early days of their Superfish incident and they wouldn’t let me log in . . .  in the amazingly inept decision to go silent instead of transparent . . . they must have forgotten to shut off the customer satisfaction survey engine.

Okay, I should be nicer . . . . they probably decided to let that part of it continue so they could measure the damages, if possible.  And I don’t blame them.

Frankly, we really do need to be nicer to companies that are struggling with their IT Governance Processes . . . and help them along the path to risk management.  So I’m glad I was not able to put a comment on their site, because when I was trying in vain to register my comment on their bogus post about Superfish not being a problem, my state of irritation would have led to a regrettable comment.  So again the American Monkey Trap saves Dan from an American Monkey Trap (more on that in a future article called . . . . you guessed it . . .  The American Monkey Trap!)

Lenovo had such a great opportunity to turn a lemon into lemonade, and instead they clammed up, probably taking the advise of lawyers rather than incident response experts, and now they have a lot of work to do to rebuild their reputation.

You see, they did NOT have an incident response plan.  Had they proactively developed a plan, and then tested the plan (with their lawyers present), when the Superfish incident hit they surely would have been more transparent and truthful.

So this is what I said in my survey response:

lenovo

So hey, we’ll see if anybody bites on the bait.  I did try calling them, but that was a waste of time . . . well at least given I have very little time these days . . . . I’m too busy updating the Vendor Management Program to address the risk we now face when engaging with hardware vendors . . . .


Original article by Dan Hadaway CRISC CISA CISM. Founder and Managing Partner, infotex

“Dan’s New Leaf” is a “fun blog to inspire thought in the area of IT Governance.”


same_strip_012513


 

Leave a comment

(required)

(required) [will not be published]

Solve this Captcha * Time limit is exhausted. Please reload CAPTCHA.

Latest News