|
Home |
|||
|
Mastermind Keynotes |
|||
|
Agenda & Programs |
|||
|
One-on-Ones |
|||
|
Hotel & Travel |
|||
|
ITxpo |
|||
|
Brochure (PDF) |
|||
Past Symposium/ITxpo
|
|
||||||||
|
Wednesday, 13 November 2002 Security breaches have doubled every 12 months for the past two years, GartnerG2 analyst Rich Mogul said during one of the highlight presentations on the second day of Gartner Symposium/ITxpo 2002 at Darling Harbour, Sydney. Too many IT security systems are “hard and crunchy on the outside, and soft and chewy on the inside,” he said. Security professionals are fighting a war that cannot be won,” Mr. Mogul said. “No matter how much money you throw at this problem, you will never get on top of it.” Losses from intrusions – at least those that companies would confess to - are up 90 percent over 12 months ago, yet the average spend on security measures has increased only 27 per cent in that time. “We are facing a difficult situation to secure ourselves,” he said. “Education of our colleagues is one of the critical areas we must all work on.” Most illegal intrusions came from the outside “mainly because we have done very well to protect ourselves with efficient perimeter fencing, Mr. Mogul continued. More effort needs to be made now by business leaders to ensure that all staff – not just those in an IT organization – are drilled in the basics of data security. A quick show of hands among the audience indicated few organizations in Australia make any effort to teach staff about the importance of security, or what to do if they know a breach has be made to protocols. “You guys know as much about security and its associated technology as I do,” Mr. Mogul told his audience. “But you need to change your mindset. You need to see that security is not just a challenge of technology. It is a business issue that must be addressed by your senior management. “Would an employee know if an action was right or wrong,” he asked rhetorically. “Would they know if a colleague had done something wrong, and would they think it important enough to report it. And would they know who to report it to.” Security specialists need to improve their communication and work their colleagues in the human resources department to ensure staff are educated and trained regularly on the importance of security and appropriate conduct that will minimize any threat to the company. Even the simple task of insisting that staff wear their mandatory nametags while in the office would be a good starting point, he said. New employees should be made to sign a declaration that they have read and understood their responsibilities in relation to security issues. But those guidelines must be relevant, non-technical and realistic in what they require staff to do and not do. Mr. Mogul complained that in too many companies, staff guidelines for security are too hard to find. In some cases, those rules are hundreds of pages long and will never be read by anyone. “All employees are security liabilities if they are not trained in the need for good behaviour,” Mr. Mogul continued. The risk to organizations has increased because in the past five years, infrastructure has been re-engineered to plug into the Internet, a public network. “We have to understand what we have done in this regard and appreciate that changes in behaviour are required.” He encouraged the audience – the majority of whom were security managers and specialists – to reward good security-driven behavior. “Money works for me,” he quipped. Conversely, harsh measures should be taken with employees who flout the system. “Obviously, sacking is the ultimate penalty,” Mr. Mogul said. “But if you see an employee looking at an inappropriate Web site, you would be amazed at the effectiveness of an e-mail that says you were watching them. I think you’d find they’d stop straightaway.” The goal is not to punish staff but to build a culture that “creates behavior without thinking,” he said. “You must lead from the front and formalize education programs based on good security practice, but it will only work with the support of your senior management.” Mark Hollands Garnter Staff |
|
||||||
|
|
|||||||
