Last night I watched the "Diana: Last Days of a Princess" documentary. I admit that I largely watched it just to moan about how much the British media is still concentrating on Diana but I was pleasantly surprised at how good the documentary was because they largely focused on the two bodyguards assigned to Diana and Dodi.
What really surprised me was the similarity between physical security and computer security. Both have a recommend set of practices or standard operating procedures. During the final days of Diana's life the documentary highlighted that the two bodyguards were physically exhausted and their recommendations for security practices had been ignored with the result of Diana and Dodi paying with their lives.
Now computer security isn't as hands on as computer security but there are startling similarities with the way people in both industries are treated. I still don't understand why we as security and IT professionals are hired and often ignored/overruled by management.
Obviously, there are some occasions when management have to do this to fit in with a company vision or similar which has not been fully cascaded to the business or for reasons of corporate confidentiality have to be kept quiet but this sort of practice happens all to often.