January 09, 2007

People and IT Security

Computersecurity I came across some interesting posts on IT security.  The first is 10 Steps to Creating Your Own IT Security Audit. by the folks at ITSecurity.com.  This gives a good overview of some of the things your need to look for.  This is not a comprehensive outline nor is it intended to be.  The sub-title of the posting is "If a security auditor isn't in the budget, these 10 IT security audit tips will go a long way in empowering you to protect your business."  With that qualification it does provide a good starting point.  When you read this article also read the comment posted with the article and on Digg.com.  These also provide some interesting insight.

Door When I read this the one thing I did think was missing was employee awareness.  Getting employees on board with the concepts of your security program is essential.  If they "get it" your program can be a success.  If they don't they will figure out ways around it to make their life easier which also leaves big security holes for anyone to exploit.  Locks on the door don't help if someone props it open so to speak.  For me employee awareness is the number 1 tool in making a security program successful.

I subsequently found a posting by Dan Morrill entitled Information Security as a People Problem.  Dan references a posting on out-law.com by John Colley entitled The information security professional is more than 'a necessary evil'.  I was encouraged to see his statement:

"We need to remind ourselves again and again that information security is not a technology issue – it’s a people issue. We are reliant on people, their awareness, ethics and behaviour, and we must understand what they want to achieve if we are to accomplish the goals of business. This includes the employees that deliver our services and the customers that take advantage of them, as well as the senior executives and board room directors that grant us our budgets."

Like so many other things in our technology environment the lesson remains - Don't forget the people factor.  Security (or technology) won't work if we don't design it in a way that our people will use it properly and effectively.

How have you applied the "people factor" in your security plan?

Jan 9, 2007 5:25:00 AM | Communications, Security

The comments to this entry are closed.

NEXT POST
Five Things . . . A game of "tag" has been going on within the Blogosphere where the tagged person lists five things about themselves that are not generally known and then tags five more people to do the same. As you are no doubt...
PREVIOUS POST
Oh why won't they ever learn? Back in early December I commented on an eWeek.com article by Deborah Rothberg entitled "Why It's Time to Lose the Snide IT Attitude". One of the things that grabbed my attention were the number of comments on Deborah's article "…whining...

Mike

I am an IT leader with Engineering/MBA credentials that provide a unique perspective on integrating business and technology solutions to create cost-efficient and process-driven systems and operations.

The Typepad Team

Search

My Other Accounts

Recent Comments