Upper management pushing for rollout of new technology without fully understanding security risks

Well, the IT/computer security managers should document pitfalls related to hasty decisions and present it to the top management so that these idiots are aware of the risks involved.

About 8 years ago, I interned for a very well known credit rating company, who had subcontracted the creation/development/deployment of some online software tools to an Indian outsourcing company. These guys, singing the tune of the top management was forcing a Microsoft based solution, while the credit rating agency's own IT managers were aware of some serious known bugs in the Microsoft based product were warning the top management to force the outsourcing company to provide a Linux based solution. But as would be expected from typical top management people, the warnings were ignored and the MS based solution was deployed. Within weeks, the entire company's servers started locking up, at the busiest times of the day. The top management, as expected, screamed at the IT managers, who promptly pointed that they had documented and presented to the top management the known bugs in the Microsoft based solution. The problem was traced to a known bug in the Microsoft message Queue that forced the machines it was running on, to go into an infinite loop. Finally, to save face and get future contracts, the outsourcing company was forced to revert to a Linux based solution.

Imagine what a company would be like if it had employees who were highly paid, responsible for other employees in the company, and who each got to review their own work, without having to honestly report what they were doing to the company owners.

Now imagine that those employees are the guys _running_ the company.

Got that firmly in your head?

You are seeing a publicly-traded company at work.

Is it really the "owners" or "stock holders" that push for product releases before there are secure ?

Or is it the CEO and other board members pushing for their rewards, i.e. be done in the next quarter ?

Like engineers making promises of being done before its done, but not getting any rewards.

Management makes promises of being done before its done, and expect rewards for their efforts. ( no matter what the outcome )

Search the financial news for the name "Karl Ichan" (sp?) and you'll see how management reacts to a stockholder who actually wants them to account for what they've done.