Software Infrastructure: Information Security Policies, Practices and Architecture
Key Issue
How will organizations evolve their security strategies from their current
state of neglect?
Too often, information security is seen as a technical problem requiring a
combined hardware and software solution. This misperception is similar to
1950s-era thinking about quality in manufacturing processes. By refocusing
on the actual nature of information security, executives can invest
successfully, not wastefully.
There is a simple, three-part question senior executives should ponder
before investing in information security products. The question will help
to steer information security efforts into the most profitable channels.
For example, consider a typical employee of the firm. Suppose this
individual observes someone else doing something that might be wrong with
the firm's computer systems. Three questions then arise: 1) Would this
employee know whether the activity was wrong? 2) Would this employee
choose to report the misuse of the system? 3) Would this employee know how
to report the incident?
The first question addresses the issue of awareness. If employees are not
sure what uses are appropriate, it is very likely that they will misuse
the systems - or at least unwittingly tolerate misuse by others. This
issue becomes even more critical when the organization is linked with
other firms, either via the Internet or through an extranet. Without
awareness, the enterprise could suffer contingent liability if unnoticed
acts bring harm to business partners.
[snip... full article at:]
http://advisor.gartner.com/inbox/articles/ihl2_042298.html
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Dimensional Communications (www.dim.com)
Received on Wed Apr 22 20:40:39 1998