The Rise of Ebusiness and Greater Awareness Transforming Corporate Security
1. The rise of ebusiness and greater
awareness of security issues have
transformed what it means to he
secure in the 21st century, writes
Claudia Warwar.
o longer does corporate
secority simply mean
posting a secority goard
in the lobby. Cnsto
sharcholders, staff aod
in creasingly regolators arc
demanding a greater corn
mitnient to sccnrity and asso
ciated privacy issoes.
Three major trends arc
becoming apparent to sccnri
ry advisers. Thesc inclode the
necd for integration of
secority and privacy, the convergence
of information
secnrity and physical secnrity,
and the emergence of ness
sccnrit technologies snch as
biometrics.
When C IOs discoss sccnri
t they nsnally treat it as a cost
to the bottom line. However,
every line item shoold add
value. An effective security
strategy can positively differ
cntiate yonr organisation.
Take a holistic approach to
IT security planning.
Corporate security can no
longer be considered a piecemeal,
iow priority operation
applied to discrete areas of the
organisation. It should he an
integratcdruauagement disci
pline. If different business
units can set their own stan
dards and procedures,hackers
are presented with greater
opportunities to find gaps in
corporate defences.
Your security strategy
should include everything
from establishing standards
(what the organisatiou ill be
implementing) to processes
(how these security standards
will he implemented) to edo
cation (informing everyone in
the organisation about their
roles and responsibilities).
Close the wlndOv of
opportunity.As viruses spread
at increasing speeds. IT
departmeiitswill find it hard
to respond in sufficient
tune to an attack. Move your
strateg from mere intrusion
detection to a multi la) ered
intrusion preventionapproach.
This will reduce the loss in pro
dncnvitv and costs of the subse
quent repair to systems caused
when a irns hke SQL Slammer
swept through Australian net
works late in 2003.
Provide security for people
as well as data. There also a
growing convergence
between information seenrity
and the physical security of
people and property. The
moral responsibility compa
nies have to provide a safe and
secure workplace for their
employees is supported hy a
eouipelluig husiness ease.
Technology can play a key
role ni establishing physical
security, not oniy by establishing
physical access systems,
hut monitoring thcm as well.
An organisation s most critical
corporatc information isn t
simply storcd in computer
tiles it rcsides in thc minds
of its workers.
Make all employees ehani
pions for security Don t let
security become a source of
frustration for employees
and by extension the IT
teani. Reduce compliance
costs by educating the whole
workforee, not just semor
management, about the practical
importance of good
seen rity Put simply, their jobs
depend on it.
Work with 1 illi,lame managers
and internal conimuni
catioIis to ensure that all
employees kiiow best practices
about the use of eonsput
er passwords,safety of laptops
and use of mobile phones nr
PDAs in wireless hotspots.
Don t let people ssorking
from their Ii oni e Internet
connection unintentionally
become a soft target for hackers
to access the corporate
network. To allow people to
do the right thing, make sure
they know what it is and
make it ejsv for them to coin
p For example, provide a
button for antis irus updates,
not five pages of iiistroctioos.
Balance the competing needs
of security and privacy.
Striking the right note
between comprehensive security
and the legal rights of
individuals is crucial to the
success of yoor strategy.
Rights of privacy tend to be
absolote , whereas the level of
security must be appropriate
to your organisation and its
business interests. Educate
your stakeholdersabont yoor
security strategy and gain
consensus on areas that nsav
impinge on privacy.
Explain your poheies and
give people the opportunity
to express their concerns.
Keep up to date with
emerging corporate security
technologies. Eor example,
biometric identification, sim
ply put, is identifyinga person
based on physiologicalor
behavioural characteristics.
These can melude face, eye,
finger and palm identifica
tion, voiceprints and hand
s ritten signatures.
The latest thinking is to
combine biometrics (what
you are) with passvords
(something y know) aIid
tokens or certificates (some
thing you have) to provide the
highest lcvels of security J
Information Week
the new face of security
claudia warwar
1 April 2004, Page 47
Image 1 of 1
Image Size 269.28
AAP NewsCentre
ABN 88 006 180 801
(02) 9322-8222
Copyright Agency Limited (CAL) licensed copy