« Five Things . . . | Main | Oh why won't they ever learn? »

People and IT Security Tue 09 Jan 07

Computersecurity I came across some interesting posts on IT security.  The first is 10 Steps to Creating Your Own IT Security Audit. by the folks at ITSecurity.com.  This gives a good overview of some of the things your need to look for.  This is not a comprehensive outline nor is it intended to be.  The sub-title of the posting is "If a security auditor isn't in the budget, these 10 IT security audit tips will go a long way in empowering you to protect your business."  With that qualification it does provide a good starting point.  When you read this article also read the comment posted with the article and on Digg.com.  These also provide some interesting insight.

Door When I read this the one thing I did think was missing was employee awareness.  Getting employees on board with the concepts of your security program is essential.  If they "get it" your program can be a success.  If they don't they will figure out ways around it to make their life easier which also leaves big security holes for anyone to exploit.  Locks on the door don't help if someone props it open so to speak.  For me employee awareness is the number 1 tool in making a security program successful.

I subsequently found a posting by Dan Morrill entitled Information Security as a People Problem.  Dan references a posting on out-law.com by John Colley entitled The information security professional is more than 'a necessary evil'.  I was encouraged to see his statement:

"We need to remind ourselves again and again that information security is not a technology issue – it’s a people issue. We are reliant on people, their awareness, ethics and behaviour, and we must understand what they want to achieve if we are to accomplish the goals of business. This includes the employees that deliver our services and the customers that take advantage of them, as well as the senior executives and board room directors that grant us our budgets."

Like so many other things in our technology environment the lesson remains - Don't forget the people factor.  Security (or technology) won't work if we don't design it in a way that our people will use it properly and effectively.

How have you applied the "people factor" in your security plan?

Posted by Mike on January 9, 2007 in Communications , Security | Permalink edit post button

            Tell A Friend Tell a Friend    View blog reactions   Bookmark    rss RSS Feed

Technorati Tags: , , , , , , ,

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341c5de753ef00d83435e35253ef

Listed below are links to weblogs that reference People and IT Security:

» All Tangled Up in the Greynet? from Beyond Blinking Lights and Acronyms
This past November, FaceTime Communications released Employee Use of Greynets: 2nd Annual Survey of Trends, Attitudes Impact (free download but registration required). Greynet is the term given to applications that users download to the PCs without the... [Read More]

Tracked on January 22, 2007 at 05:32 AM

» Security and the Myth of the Superuser from Beyond Blinking Lights and Acronyms
Bruce Schneier runs a great blog, Schneier on Security and I stumbled across a post of his from last May entitled The Myth of the Superuser. In a very understated way Schneier refers to what he describes as a very [Read More]

Tracked on January 28, 2008 at 01:45 AM

» The IT Security Balancing Act from Beyond Blinking Lights and Acronyms
Ultimately, IT is responsible for security breaches even if it's not at fault. Late last year, Plano, Texas-based Hillary Machinery lost $800,000 to cyber theft when attackers stole the money in a series of transfers from Hillary's PlainsCapital bank a... [Read More]

Tracked on February 17, 2010 at 08:35 AM

Comments

michael_schaffner


tell_a_friend Tell a Friend About Mike's Blog

Add Me

articles_on_forbes

Organization Links

  • SIM Houston Chapter

  • Genesys Works Houston

  • Between Jobs Ministry

  • Shield Bearer Counseling Centers

Blogs I Read

Full Archives



Creative Commons License 
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 License.

My photos on
www.flickr.com
Mike Schaffner's items Go to Mike Schaffner's photostream

Free Subscriptions
Free RSS SubscriptionRead My Articles via RSS feed
  Free RSS Subscription

Free RSS Subscription

For An Email Of New Articles
Enter your email address:

Read On Your Mobile Device

mofuse


Join the Conversation
Subscribe to Comments
Free RSS SubscriptionJoin the Conversation (Comments RSS Feed)
  Free RSS Subscription

For New Comments Email
Enter your email address:


A Few of My Favorite Posts

Recommended Books

Recent Posts


This is the personal blog of Michael W. Schaffner. The opinions expressed in this blog are soley mine and those of commenters. You should not infer that these opinions are the opinion of or have been endorsed by any current or former employer.

Please review the Privacy Policy.   I do love comments and trackbacks but I do reserve the right to remove any that don't comply with the Comments and Trackback Policy.  Rather than clutter up the front page with badges and statistics that are of little interest to anyone other than me I thought it would be best to establish a separate page for statistics and rankings.

Copyright © 2006, 2007, 2008, 2009 Michael W. Schaffner       You may copy or quote sections of this blog if you provide an attribution consisting of a reference to the Michael Schaffner and ''Beyond Blinking Lights and Acronyms" along with a hyperlink (if a web reference) to the blog posting.     

Creative Commons License 
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 License.