[ISN] Software Infrastructure: Policies, Practices, Architecture

From: mea culpa (jerichot_private)
Date: Wed Apr 22 1998 - 16:43:58 PDT

  • Next message: mea culpa: "[ISN] Who's Watching Your Keyboard? (eavesdropping/bug)"

    Software Infrastructure: Information Security Policies, Practices and Architecture
    Key Issue
    How will organizations evolve their security strategies from their current
    state of neglect? 
    Too often, information security is seen as a technical problem requiring a
    combined hardware and software solution. This misperception is similar to
    1950s-era thinking about quality in manufacturing processes. By refocusing
    on the actual nature of information security, executives can invest
    successfully, not wastefully. 
    There is a simple, three-part question senior executives should ponder
    before investing in information security products. The question will help
    to steer information security efforts into the most profitable channels.
    For example, consider a typical employee of the firm. Suppose this
    individual observes someone else doing something that might be wrong with
    the firm's computer systems. Three questions then arise: 1) Would this
    employee know whether the activity was wrong? 2)  Would this employee
    choose to report the misuse of the system? 3) Would this employee know how
    to report the incident? 
    The first question addresses the issue of awareness. If employees are not
    sure what uses are appropriate, it is very likely that they will misuse
    the systems - or at least unwittingly tolerate misuse by others. This
    issue becomes even more critical when the organization is linked with
    other firms, either via the Internet or through an extranet. Without
    awareness, the enterprise could suffer contingent liability if unnoticed
    acts bring harm to business partners. 
    [snip... full article at:]
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Dimensional Communications (www.dim.com)

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:51:12 PDT