Are You a Good Security Role Model?

Sue Marquette Poremba
Slide Show

Safe Password Tips

Five aspects of good password management that employees should know.

A Cyber-Ark Software survey showed that 41 percent of the 400 IT professionals interviewed admitted to abusing passwords to sensitive data. As reported at ReadWrite Enterprise, this presented an 8 percent increase since last year's annual "Trust, Security and Passwords" survey. The article also stated:

According to the Cyber-Ark survey, 70% of organizations have controls to monitor privileged access, but 61% say of respondents say they can circumvent these controls. The other 30% of organizations have no protection against admin abuses at all.

I doubt that the IT personnel who abuse passwords to go into areas of the company where they don't belong, like HR files, would consider themselves "malicious insiders," but chances are they are breaking the security policies that they would demand other company employees follow.

 

Security policies are vital for businesses these days, and if you don't have one, you should consider putting one together. However, a policy is worthless if it is not enforced or if some in the company think they are above the policy because of their job. The ReadWrite Enterprise article, via Trend Micro, offered some advice on how to monitor policy:

 

  • Enforce strict supply chain management and conduct a comprehensive supplier assessment.
  • Specify human resource requirements as part of legal contracts.
  • Require transparency into overall information security and management practices, as well as compliance reporting.
  • Determine security breach notification processes.


Then ask yourself: are you a good security role model? If so, congratulations. If not, what can you do to improve your efforts?



Add Comment      Leave a comment on this blog post
Jul 14, 2010 6:18 AM AshleyAbsolute AshleyAbsolute  says:

Sue-This is a great post with valuable insight!

It is important for managers to lead by example.  IT security is no exception.  Managers and employees alike need to be examples to one another.  If there are already internal breaches to passwords and other data, then the risks associated with external threats are probably present.

Instituting policies and procedures as well as leading by example are great ways to improve your company's IT security efforts.  Developing training programs or awareness campaigns across your business can also ensure that the effort is a success and that policies are strictly followed.

Finally, organizations need to invest in technology that will empower their IT department to better manage and secure computers and mobile devices.  The right combination of training and technology will help deter theft and mitigate data breach repercussions while ensuring that all devices are being used properly.

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data