  |
 |
|
Research and retrieval of news articles by: SPECIAL NOTE TO ALL VISITORS: | ||
 |
|
PEOPLE "WEAKEST LINK" IN SECURITY EFFORTSSource: IDG News ServicePosted on November 5, 2001 Humans may be the weakest link in securing information systems, according to a panel of experts at a conference organized by the Computer Security Institute last week. A panel during the conference's Wednesday morning session was dedicated to examining the role that people play in securing digital information. CSI is a membership organization that provides training and events related to information security. Senator Bob Bennett, a Republican from Utah who is a member of the Republican High Tech Task Force, introduced the session by calling on the audience of security professionals to make contributions to their company's information security that go beyond technology and engineering. "Computers can't protect, only people can protect," he said. Specifically, Bennett urged the audience to convince their company executives that data is as important to a business as capital is. "American business has to start to think of data with the same reverence that it thinks of money," Bennett told the audience, many of whom nodded their heads in agreement. A company's chief financial officer builds layers of control around handling money, such having more than one person sign checks or hiring outside firms to perform audits on accounting books. "There are redundancies to protect the money, we need the same kind of attitude to protect data," he said. The senator asked the audience to make their companies' executives realize this, by coming out of "Nerdville" and demonstrating that their concerns about information security are rational and appropriate. Assessing VulnerabilityFollowing the senator's speech, a recently formed group called the Human Firewall Council announced a downloadable free utility that lets visitors assess their organizations' security awareness by answering survey questions. According to Doug Erwin, council member and chief executive officer of PentaSafe Security Technologies, 350 individuals have already taken the survey, and many of them did not score well. Beyond answering the survey questions, Erwin told the audience to challenge existing security policies that don't make sense to them, and to become company evangelists for protecting data. Securing company information "is not just the security manager's job, it's everyone's job," he said, adding that in the chain of security, people are "the weakest link." Brett Hovington, council member and national coordinator for the FBI's National IfraGard Group, said that understanding the human component, or identifying who is behind the keyboard, is essential to solving information security breaches. The FBI has begun profiling cyberintruders, much as it does serial killers, to help agents understand behavior and motivations behind attacks and hopefully identify attackers. Another council member, independent security consultant Charles Cresson Wood, lauded President Bush for establishing an executive organization to head up security, after the terrorist attacks of September 11. He suggested businesses do the same. "President Bush is doing what every organization should do, creating a new organizational unit to come to terms with new threats," Wood said, referring to the U.S. Office of Homeland Security.
E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes. |
|
ALERT  WebTrust Is Your Best Defense Against Privacy Breaches. Get WebTrust Working For Your Site. |