Join Focus

Share what you know with millions of people

Focus is the best place to turn what you know into remarkable content
×
0

Are You Taking IT Security Seriously Enough?

A recent study of 1,500 small businesses found that while 65 percent said the Internet was critical to their business, only 28 percent have formal Internet security policies, with only 35 percent providing any employee training in Internet safety or security. Even more troubling, while more than 90 percent said that they believe that their security policies protect their companies from malware and viruses, only 53 percent check their chosen protections weekly -- and 11 percent never check them at all. How secure are the IT solutions that handle and store customer information and other sensitive intellectual property at your company -- and how do you know? What are you using and doing to make and keep IT secure, and how are your vendors, resellers and integrators helping, if at all?

Attachments

Topics
Information Technology
Operations
Security
Dortch, Michael
Answer This Question
Michael Dortch
asked on Oct. 28, 2009
  • Recommended by:
1
Michael Bacon
Posted on Oct. 30, 2009
  • Recommended by:

Once again, the results do not surprise yet still trouble me. They do not differ markedly from when I ran the Information Security Surveys in 1996 and 1998 for KPMG and advised the DTI on its 2000 Security Breaches Report.

As I posted elsewhere today, when it comes to the technology element of "IT solutions" it matters little how secure each component is nor too much how well they work together. The big issue is and probably always will be ... people.

The best way of addressing the people element of the "IT solution" is through a combination of preventative and detective controls. The preventative controls should be sculpted to facilitate the business whilst imposing normally unseen restrictions on the improper processing of data. The detective controls are there to report on potential as well as actual breaches of policy.

Having mentioned 'policy', I will point out that this is a primary control, but it must be (a) communciated and (b) understood. This latter aspect provides the first metric. You need to measure people's understanding of the policy on a frequent basis (at least annually).

Thereafter, measure both success and failure and share the results with everyone. Remember to include in your policy that you will monitor, measure and publish activities involving those data you wish to control strictly. It's easier to measure failure in security regimes, so try to move the balance towards success.

Answer This Question

Events

Related Activity

Syed Sabih Uddin Ahmed
Syed Sabih Uddin Ahmed answered
Is Cloud Computing a technology driven wave or a business lead wave of change?
yesterday
anderi Iosua
anderi Iosua answered
What is "the consumerization trend" and why is it a problem?
yesterday
haj kam
haj kam asked
What is the importance of a database in the corporate world?
yesterday
Andrew Baker
Andrew Baker answered
Considering both Apple and Microsoft OS which has the best security?
yesterday
Andrew Baker
Andrew Baker asked
Are there hidden security costs for outsourcing?
yesterday
Rapidsoft Technologies
Rapidsoft Technologies answered
How can companies use mobility to extend the use of their ERP systems?
yesterday
Dheeraj Gopa
Dheeraj Gopa asked
Is there an infographic that can help me to analyse different trends in Enterprise mobility?
yesterday
Nora Stewart
Nora Stewart answered
What are some good practices to prevent spammers from filling out a form on my website?
May 27, 2012
José Ricardo Santos
José Ricardo Santos asked
How can I transform members into buyers?
May 27, 2012
Lucian Cazac
Lucian Cazac answered
What would you do if a direct competitor requests to add you to their Linked In network?
May 27, 2012