Software Infrastructure: Information Security Policies, Practices and Architecture Key Issue How will organizations evolve their security strategies from their current state of neglect? Too often, information security is seen as a technical problem requiring a combined hardware and software solution. This misperception is similar to 1950s-era thinking about quality in manufacturing processes. By refocusing on the actual nature of information security, executives can invest successfully, not wastefully. There is a simple, three-part question senior executives should ponder before investing in information security products. The question will help to steer information security efforts into the most profitable channels. For example, consider a typical employee of the firm. Suppose this individual observes someone else doing something that might be wrong with the firm's computer systems. Three questions then arise: 1) Would this employee know whether the activity was wrong? 2) Would this employee choose to report the misuse of the system? 3) Would this employee know how to report the incident? The first question addresses the issue of awareness. If employees are not sure what uses are appropriate, it is very likely that they will misuse the systems - or at least unwittingly tolerate misuse by others. This issue becomes even more critical when the organization is linked with other firms, either via the Internet or through an extranet. Without awareness, the enterprise could suffer contingent liability if unnoticed acts bring harm to business partners. [snip... full article at:] http://advisor.gartner.com/inbox/articles/ihl2_042298.html -o- Subscribe: mail majordomot_private with "subscribe isn". Today's ISN Sponsor: Dimensional Communications (www.dim.com)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:51:12 PDT