SlideShare a Scribd company logo

The Rise of Ebusiness and Greater Awareness Transforming Corporate Security

C
Claudia Warwar
1 of 1
Download to read offline
The rise of ebusiness and greater awareness of security issues have transformed what it means to he secure in the 21st century, writes Claudia Warwar. o longer does corporate secority simply mean posting a secority goard in the lobby. Cnsto sharcholders, staff aod in creasingly regolators arc demanding a greater corn mitnient to sccnrity and asso ciated privacy issoes. Three major trends arc becoming apparent to sccnri ry advisers. Thesc inclode the necd for integration of secority and privacy, the convergence of information secnrity and physical secnrity, and the emergence of ness sccnrit technologies snch as biometrics. When C IOs discoss sccnri t they nsnally treat it as a cost to the bottom line. However, every line item shoold add value. An effective security strategy can positively differ cntiate yonr organisation. Take a holistic approach to IT security planning. Corporate security can no longer be considered a piecemeal, iow priority operation applied to discrete areas of the organisation. It should he an integratcdruauagement disci pline. If different business units can set their own stan dards and procedures,hackers are presented with greater opportunities to find gaps in corporate defences. Your security strategy should include everything from establishing standards (what the organisatiou ill be implementing) to processes (how these security standards will he implemented) to edo cation (informing everyone in the organisation about their roles and responsibilities). Close the wlndOv of opportunity.As viruses spread at increasing speeds. IT departmeiitswill find it hard to respond in sufficient tune to an attack. Move your strateg from mere intrusion detection to a multi la) ered intrusion preventionapproach. This will reduce the loss in pro dncnvitv and costs of the subse quent repair to systems caused when a irns hke SQL Slammer swept through Australian net works late in 2003. Provide security for people as well as data. There also a growing convergence between information seenrity and the physical security of people and property. The moral responsibility compa nies have to provide a safe and secure workplace for their employees is supported hy a eouipelluig husiness ease. Technology can play a key role ni establishing physical security, not oniy by establishing physical access systems, hut monitoring thcm as well. An organisation s most critical corporatc information isn t simply storcd in computer tiles it rcsides in thc minds of its workers. Make all employees ehani pions for security Don t let security become a source of frustration for employees and by extension the IT teani. Reduce compliance costs by educating the whole workforee, not just semor management, about the practical importance of good seen rity Put simply, their jobs depend on it. Work with 1 illi,lame managers and internal conimuni catioIis to ensure that all employees kiiow best practices about the use of eonsput er passwords,safety of laptops and use of mobile phones nr PDAs in wireless hotspots. Don t let people ssorking from their Ii oni e Internet connection unintentionally become a soft target for hackers to access the corporate network. To allow people to do the right thing, make sure they know what it is and make it ejsv for them to coin p For example, provide a button for antis irus updates, not five pages of iiistroctioos. Balance the competing needs of security and privacy. Striking the right note between comprehensive security and the legal rights of individuals is crucial to the success of yoor strategy. Rights of privacy tend to be absolote , whereas the level of security must be appropriate to your organisation and its business interests. Educate your stakeholdersabont yoor security strategy and gain consensus on areas that nsav impinge on privacy. Explain your poheies and give people the opportunity to express their concerns. Keep up to date with emerging corporate security technologies. Eor example, biometric identification, sim ply put, is identifyinga person based on physiologicalor behavioural characteristics. These can melude face, eye, finger and palm identifica tion, voiceprints and hand s ritten signatures. The latest thinking is to combine biometrics (what you are) with passvords (something y know) aIid tokens or certificates (some thing you have) to provide the highest lcvels of security J Information Week the new face of security claudia warwar 1 April 2004, Page 47 Image 1 of 1 Image Size 269.28 AAP NewsCentre ABN 88 006 180 801 (02) 9322-8222 Copyright Agency Limited (CAL) licensed copy

Recommended

Secure by design building id based security
Secure by design building id based securitySecure by design building id based security
Secure by design building id based securityArun Gopinath
 
Chief Security Officer
Chief Security OfficerChief Security Officer
Chief Security OfficerPLN9 Security Services Pvt. Ltd.
 
Strategically moving towards a secure hybrid it
Strategically moving towards a secure hybrid itStrategically moving towards a secure hybrid it
Strategically moving towards a secure hybrid itAvancercorp
 
Is the IT security gap a threat to SMBS?
Is the IT security gap a threat to SMBS?Is the IT security gap a threat to SMBS?
Is the IT security gap a threat to SMBS?Globizzcon
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligencethinkASG
 
Major Cloud Security Challenges concerning the Enterprises | Sysfore
Major Cloud Security Challenges concerning the Enterprises | SysforeMajor Cloud Security Challenges concerning the Enterprises | Sysfore
Major Cloud Security Challenges concerning the Enterprises | SysforeSysfore Technologies
 
Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016Janghyuck Choi
 
An information security governance framework
An information security governance frameworkAn information security governance framework
An information security governance frameworkAnne ndolo
 

Recommended

Secure by design building id based security
Secure by design building id based securitySecure by design building id based security
Secure by design building id based securityArun Gopinath
 
Chief Security Officer
Chief Security OfficerChief Security Officer
Chief Security OfficerPLN9 Security Services Pvt. Ltd.
 
Strategically moving towards a secure hybrid it
Strategically moving towards a secure hybrid itStrategically moving towards a secure hybrid it
Strategically moving towards a secure hybrid itAvancercorp
 
Is the IT security gap a threat to SMBS?
Is the IT security gap a threat to SMBS?Is the IT security gap a threat to SMBS?
Is the IT security gap a threat to SMBS?Globizzcon
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligencethinkASG
 
Major Cloud Security Challenges concerning the Enterprises | Sysfore
Major Cloud Security Challenges concerning the Enterprises | SysforeMajor Cloud Security Challenges concerning the Enterprises | Sysfore
Major Cloud Security Challenges concerning the Enterprises | SysforeSysfore Technologies
 
Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016Janghyuck Choi
 
An information security governance framework
An information security governance frameworkAn information security governance framework
An information security governance frameworkAnne ndolo
 
IT Security - Guidelines
IT Security - GuidelinesIT Security - Guidelines
IT Security - GuidelinesPedro Espinosa
 
Cognitive Security Case Study
Cognitive Security Case StudyCognitive Security Case Study
Cognitive Security Case StudyCredo Ventures
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information securityethanBrownusa
 
An Integrated, Intelligent Approach to Security
An Integrated, Intelligent Approach to SecurityAn Integrated, Intelligent Approach to Security
An Integrated, Intelligent Approach to SecurityGerard McNamee
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityEMC
 
Tripwire University: Cyberwar Boot Camp – Introduction and Overview
Tripwire University: Cyberwar Boot Camp – Introduction and OverviewTripwire University: Cyberwar Boot Camp – Introduction and Overview
Tripwire University: Cyberwar Boot Camp – Introduction and OverviewTripwire
 
How Cyber Resilient are we?
How Cyber Resilient are we?How Cyber Resilient are we?
How Cyber Resilient are we?CIO Academy Asia Community
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureLee Dalton
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security PolicyRobot Mode
 
Open Security and Privacy Reference Architecture
Open Security and Privacy Reference Architecture Open Security and Privacy Reference Architecture
Open Security and Privacy Reference Architecture Asim Jahan
 
The 10 most trusted companies in enterprise security for dec 2017
The 10 most trusted companies in enterprise security for dec 2017The 10 most trusted companies in enterprise security for dec 2017
The 10 most trusted companies in enterprise security for dec 2017Merry D'souza
 
Security Transformation
Security TransformationSecurity Transformation
Security TransformationFaisal Yahya
 
Security in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everSecurity in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everEC-Council
 
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...IBM Sverige
 
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdfSania Baker
 
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School FDMagazine
 
Security Compliance and Management - Issues Faced by Organisations Today.
Security Compliance and Management - Issues Faced by Organisations Today.Security Compliance and Management - Issues Faced by Organisations Today.
Security Compliance and Management - Issues Faced by Organisations Today.Gilbert Verdian
 
CISO-Fundamentals
CISO-FundamentalsCISO-Fundamentals
CISO-FundamentalsGary Hayslip CISSP, CISA, CRISC, CCSK
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber securitySAHANAHK
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of securitySouthern Cross Group Services
 

More Related Content

What's hot

IT Security - Guidelines
IT Security - GuidelinesIT Security - Guidelines
IT Security - GuidelinesPedro Espinosa
 
Cognitive Security Case Study
Cognitive Security Case StudyCognitive Security Case Study
Cognitive Security Case StudyCredo Ventures
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information securityethanBrownusa
 
An Integrated, Intelligent Approach to Security
An Integrated, Intelligent Approach to SecurityAn Integrated, Intelligent Approach to Security
An Integrated, Intelligent Approach to SecurityGerard McNamee
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityEMC
 
Tripwire University: Cyberwar Boot Camp – Introduction and Overview
Tripwire University: Cyberwar Boot Camp – Introduction and OverviewTripwire University: Cyberwar Boot Camp – Introduction and Overview
Tripwire University: Cyberwar Boot Camp – Introduction and OverviewTripwire
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureLee Dalton
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security PolicyRobot Mode
 
Open Security and Privacy Reference Architecture
Open Security and Privacy Reference Architecture Open Security and Privacy Reference Architecture
Open Security and Privacy Reference Architecture Asim Jahan
 
The 10 most trusted companies in enterprise security for dec 2017
The 10 most trusted companies in enterprise security for dec 2017The 10 most trusted companies in enterprise security for dec 2017
The 10 most trusted companies in enterprise security for dec 2017Merry D'souza
 
Security Transformation
Security TransformationSecurity Transformation
Security TransformationFaisal Yahya
 
Security in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everSecurity in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everEC-Council
 
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...IBM Sverige
 
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdfSania Baker
 
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School FDMagazine
 
Security Compliance and Management - Issues Faced by Organisations Today.
Security Compliance and Management - Issues Faced by Organisations Today.Security Compliance and Management - Issues Faced by Organisations Today.
Security Compliance and Management - Issues Faced by Organisations Today.Gilbert Verdian
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 

What's hot (20)

IT Security - Guidelines
IT Security - GuidelinesIT Security - Guidelines
IT Security - Guidelines
 
Cognitive Security Case Study
Cognitive Security Case StudyCognitive Security Case Study
Cognitive Security Case Study
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
 
An Integrated, Intelligent Approach to Security
An Integrated, Intelligent Approach to SecurityAn Integrated, Intelligent Approach to Security
An Integrated, Intelligent Approach to Security
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven Security
 
Tripwire University: Cyberwar Boot Camp – Introduction and Overview
Tripwire University: Cyberwar Boot Camp – Introduction and OverviewTripwire University: Cyberwar Boot Camp – Introduction and Overview
Tripwire University: Cyberwar Boot Camp – Introduction and Overview
 
How Cyber Resilient are we?
How Cyber Resilient are we?How Cyber Resilient are we?
How Cyber Resilient are we?
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochure
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security Policy
 
Open Security and Privacy Reference Architecture
Open Security and Privacy Reference Architecture Open Security and Privacy Reference Architecture
Open Security and Privacy Reference Architecture
 
The 10 most trusted companies in enterprise security for dec 2017
The 10 most trusted companies in enterprise security for dec 2017The 10 most trusted companies in enterprise security for dec 2017
The 10 most trusted companies in enterprise security for dec 2017
 
Security Transformation
Security TransformationSecurity Transformation
Security Transformation
 
Security in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everSecurity in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than ever
 
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
 
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
 
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
 
Security Compliance and Management - Issues Faced by Organisations Today.
Security Compliance and Management - Issues Faced by Organisations Today.Security Compliance and Management - Issues Faced by Organisations Today.
Security Compliance and Management - Issues Faced by Organisations Today.
 
CISO-Fundamentals
CISO-FundamentalsCISO-Fundamentals
CISO-Fundamentals
 
Information security governance
Information security governanceInformation security governance
Information security governance
 

Similar to The Rise of Ebusiness and Greater Awareness Transforming Corporate Security

What is cyber security
What is cyber securityWhat is cyber security
What is cyber securitySAHANAHK
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprisesTaranggg11
 
The Role of Technology in Modern Security Services Trends and Innovations.pdf
The Role of Technology in Modern Security Services Trends and Innovations.pdfThe Role of Technology in Modern Security Services Trends and Innovations.pdf
The Role of Technology in Modern Security Services Trends and Innovations.pdfMax Secure Ltd
 
Information Security Analyst Resume. When seeking
Information Security Analyst Resume. When seekingInformation Security Analyst Resume. When seeking
Information Security Analyst Resume. When seekingDanielle Bowers
 
Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Professionamiable_indian
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991Jim Romeo
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Understanding the Insider Threat to your organisation
Understanding the Insider Threat to your organisationUnderstanding the Insider Threat to your organisation
Understanding the Insider Threat to your organisationRowena Fell MA CPP FSyI
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman
 
HUMAN FACTOR AND IT/OT CORRELATION
HUMAN FACTOR AND IT/OT CORRELATION HUMAN FACTOR AND IT/OT CORRELATION
HUMAN FACTOR AND IT/OT CORRELATION Andrea Vallavanti
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
Cultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityCultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityDavid X Martin
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 
Cyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityCyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityRahul Tyagi
 
Awareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdfAwareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdfAbdullahKanash
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 

Similar to The Rise of Ebusiness and Greater Awareness Transforming Corporate Security (20)

What is cyber security
What is cyber securityWhat is cyber security
What is cyber security
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of security
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprises
 
The Role of Technology in Modern Security Services Trends and Innovations.pdf
The Role of Technology in Modern Security Services Trends and Innovations.pdfThe Role of Technology in Modern Security Services Trends and Innovations.pdf
The Role of Technology in Modern Security Services Trends and Innovations.pdf
 
Information Security Analyst Resume. When seeking
Information Security Analyst Resume. When seekingInformation Security Analyst Resume. When seeking
Information Security Analyst Resume. When seeking
 
infosec-it
infosec-itinfosec-it
infosec-it
 
Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Profession
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
Understanding the Insider Threat to your organisation
Understanding the Insider Threat to your organisationUnderstanding the Insider Threat to your organisation
Understanding the Insider Threat to your organisation
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015
 
Secure by design
Secure by designSecure by design
Secure by design
 
HUMAN FACTOR AND IT/OT CORRELATION
HUMAN FACTOR AND IT/OT CORRELATION HUMAN FACTOR AND IT/OT CORRELATION
HUMAN FACTOR AND IT/OT CORRELATION
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
 
Cultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityCultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurity
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
 
Cyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityCyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe Security
 
Awareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdfAwareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdf
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
 

The Rise of Ebusiness and Greater Awareness Transforming Corporate Security

  • 1. The rise of ebusiness and greater awareness of security issues have transformed what it means to he secure in the 21st century, writes Claudia Warwar. o longer does corporate secority simply mean posting a secority goard in the lobby. Cnsto sharcholders, staff aod in creasingly regolators arc demanding a greater corn mitnient to sccnrity and asso ciated privacy issoes. Three major trends arc becoming apparent to sccnri ry advisers. Thesc inclode the necd for integration of secority and privacy, the convergence of information secnrity and physical secnrity, and the emergence of ness sccnrit technologies snch as biometrics. When C IOs discoss sccnri t they nsnally treat it as a cost to the bottom line. However, every line item shoold add value. An effective security strategy can positively differ cntiate yonr organisation. Take a holistic approach to IT security planning. Corporate security can no longer be considered a piecemeal, iow priority operation applied to discrete areas of the organisation. It should he an integratcdruauagement disci pline. If different business units can set their own stan dards and procedures,hackers are presented with greater opportunities to find gaps in corporate defences. Your security strategy should include everything from establishing standards (what the organisatiou ill be implementing) to processes (how these security standards will he implemented) to edo cation (informing everyone in the organisation about their roles and responsibilities). Close the wlndOv of opportunity.As viruses spread at increasing speeds. IT departmeiitswill find it hard to respond in sufficient tune to an attack. Move your strateg from mere intrusion detection to a multi la) ered intrusion preventionapproach. This will reduce the loss in pro dncnvitv and costs of the subse quent repair to systems caused when a irns hke SQL Slammer swept through Australian net works late in 2003. Provide security for people as well as data. There also a growing convergence between information seenrity and the physical security of people and property. The moral responsibility compa nies have to provide a safe and secure workplace for their employees is supported hy a eouipelluig husiness ease. Technology can play a key role ni establishing physical security, not oniy by establishing physical access systems, hut monitoring thcm as well. An organisation s most critical corporatc information isn t simply storcd in computer tiles it rcsides in thc minds of its workers. Make all employees ehani pions for security Don t let security become a source of frustration for employees and by extension the IT teani. Reduce compliance costs by educating the whole workforee, not just semor management, about the practical importance of good seen rity Put simply, their jobs depend on it. Work with 1 illi,lame managers and internal conimuni catioIis to ensure that all employees kiiow best practices about the use of eonsput er passwords,safety of laptops and use of mobile phones nr PDAs in wireless hotspots. Don t let people ssorking from their Ii oni e Internet connection unintentionally become a soft target for hackers to access the corporate network. To allow people to do the right thing, make sure they know what it is and make it ejsv for them to coin p For example, provide a button for antis irus updates, not five pages of iiistroctioos. Balance the competing needs of security and privacy. Striking the right note between comprehensive security and the legal rights of individuals is crucial to the success of yoor strategy. Rights of privacy tend to be absolote , whereas the level of security must be appropriate to your organisation and its business interests. Educate your stakeholdersabont yoor security strategy and gain consensus on areas that nsav impinge on privacy. Explain your poheies and give people the opportunity to express their concerns. Keep up to date with emerging corporate security technologies. Eor example, biometric identification, sim ply put, is identifyinga person based on physiologicalor behavioural characteristics. These can melude face, eye, finger and palm identifica tion, voiceprints and hand s ritten signatures. The latest thinking is to combine biometrics (what you are) with passvords (something y know) aIid tokens or certificates (some thing you have) to provide the highest lcvels of security J Information Week the new face of security claudia warwar 1 April 2004, Page 47 Image 1 of 1 Image Size 269.28 AAP NewsCentre ABN 88 006 180 801 (02) 9322-8222 Copyright Agency Limited (CAL) licensed copy