Quote Originally Posted by Wesley Mouch View Post
If you think you can just fire city staff for something like this, you missed that they are protected from that sort of indignity. And while I disagree with much protection for workers in management [[who of course is responsible), there's something to it. Problem at CoD are rarely single-person issues. They are usually systemic.

It may be that the person in charge of IT security has their hands tied by dozens of factors. I can easily imagine the IT department implementing a valid firewall rule, and then being told by others [[administration, political, council, mayor, etc.) that this is unacceptable because it causes them some inconvenience. And that if they don't open it up, they'll be fired. What do you do then? Some stand up to the beast -- and they get sidelined. Others take the risk, and hope that they get through somehow. And knowing they can't -- they just have to build a cover story.

Life in bureaucracies is not simple. Banks or IT companies listen to their IT staff [[at least sometimes). Cities likely less so.
The voice of experience?

I worked at a major university several years ago where they tried to institute better security on our network. However, several of the older professors and administrators balked at having to enter and keep passwords, and they couldn't ever remember and hated the firewall rules. So our IT department was forced to take the protections down. Of course, it didn't take long for a virus to get in and screw everything up for weeks.