I know vendors love marketing aphorisms like "Security is everyone's business." (Oh wait… maybe that's these guys.) But the shape-shifting nature of threats to enterprise data and users actually breathes some life into an otherwise tired tag line.
And with that, let me welcome you to the Security Clan of Internet Evolution. While we expect that CIOs and IT security pros will comprise the bulk of members in our newest clan, we built Security Clan with the knowledge that security touches everyone these days. We also wanted a place for our readers to tap into the latest thinking and dialogue on security challenges that will shape the future of the Internet. You can join the Security Clan just by clicking here.
Regardless of where you sit in the organization or how much you’re paid, it's clear that the threat or risk from hackers, spammers, and identity thieves hasn't gone away. It's more a matter that "C" level executives (and, by extension, IT security pros) have awakened to the threat posed by their own employees.
But user negligence isn't the only internal threat; malfeasance runs in parallel here and is usually discovered long after the fact, if it's discovered at all. From cellphones with cameras to multi-gigabyte portable hard drives (you may know them better as iPods), there's plenty of opportunity (and disk capacity) for end-users to walk away with all sorts of proprietary information. Maybe they take it to their next employer; maybe they sell it to a competitor or to some broker with ties to organized crime; maybe they just lose it.
Small wonder, then, that many companies have a policy of disabling USB drives on laptops and desktops, or that they keep close tabs on the volume of individual downloading or copying, all to guard against fraud, theft, and other malfeasance.
Security Clan bloggers will be looking at where technology, business, and regulations collide, and they'll be predicting and prognosticating to divine how companies will protect networks, systems, data, and end-users. They'll be making assessments of different threat vectors, and they'll be suggesting areas and issues that require the attention of everyone from the CIO down to the newest admin. Got ideas about what the future of Internet security looks like? Write us and tell us more. After all, security's everybody's job now.
This blog is part of Internet Evolution's Security Clan, which examines the future of Internet security and the changing nature of risks and vulnerabilities. Register here to join the Security Clan and for a chance at all kinds of free stuff.
Job descriptions are used especially for advertising to fill an open position, determining compensation and as a basis for performance reviews. Not everyone believes that job descriptions are highly useful. Read Dr. John Sullivan's article listed at the end of the following links. He points out numerous concerns about job descriptions that many other people have as well, including, e.g., that too often job descriptions are not worded in a manner such that the employee's performance can be measured, they end up serving as the basis for evaulation rather than performance, etc. Read the following links to buid your own impression.
Thanks for flagging that Vancouver conference, RPR. While I don't think they'd necessarily be the best fit for that event, there are lots of different Best Security Practices papers we could tackle in the Security Clan on:
--Wireless
--Password protection
--Portable hard drives (USB drives, iPods, smartphones, etc.)
Where are other clanners and regular posters with their biggest security issues/concerns? We'd love to hear from others about their security pain points.
Ideally the posts and related dialogues help make things increasingly better; perhaps even as soon as Dec 2008. Maybe the Clan can generate a paper for an upcoming conference (e.g.). It is good in any event that this Internet Evolution Clan is now in (and about) progress. Well done IE!
Security is everyone's concerned. Even Charities are being hacked. But sometimes they fail to mention it in order not to threaten "online donors" and prevent them from giving. It was reported by the New-York Times that Hackers have recently Cracked Charities’ Addresses and Passwords. And " some charities might have been reluctant to inform donors about the breach out of fear that it would affect donations". Instead of exposing donors to the risk of being stolen, "Charities need to be more open with donors about security" said Allan Benamer, who writes for a Non-Profit Tech Blog. Security should also be in the "job description" of Charity Organizations and they should not only be concerned about getting donations.
Interesting link Paul. Social Engineering is one of the most effective ways to gain information and you don't even need to know what a computer is.
Kevin Mitnick, who is actually a TN, was once one of the best known social engineers. He published a very famous book: The Art Of Deception which talks about what he did (not as a tutorial or anything but to prove how useful and dangerous it is),
IMHO, that's where the biggest threat is. You can protect and firewall your data center all you want but if the administrator gives you the password, it's game over.
Did you know about the recently concluded HOPE Conference? I have been following proceedings from this hackers conference and i really want to confess that we are pathetically vulnerable security- wise. As we continue to mop all of our activies online even to the mudane issues of ordering pizza , there is no disputing of the facts that we are opening ourselves to more security problems. Even the prudent ones has to be more prudent in order to have a very healthy and safe online experience. One really can't afford to be that callous again when it comes to security issues. Let's hope this new clan will prepare us better for the security challenges ahead.
It boggles my mind to think about the lack of security in the workplace. Forget the hazards of simply plugging in an iPod or external hard drive, or Gmailing oneself sensitive files... what about the fact that most employees are carting their laptops around town, to and from work, on the train, etc.? How many employees have left these laptops behind somewhere, whether intentionally (in a car) or on purpose (in a cab). Or, how many employees are carelessly using their company laptop to connect to WiFi hotspots -- or even their own unsecured network at home? None of the above bodes well for the safety of the enterprise. I'm curious to see the outcome of the first security clan reader poll (Virtual Self Defense). It would also be interesting to note the precautions readers take on their personal machines vs. the precautions they take on their work machines.
The concept of "security is everyone's business" in itself is self defeating as anything that is everyone's business is not secure. That said, I had the experience of examining a published technology security policy from a local business with about 250 electronic seats and probably 350 devices that have access internally and externally. The security policy for the average users and managers consisted of about two pages of documentation. There were no policies or procedures outlining the most basic of best practices, no guidelines listed for sequence of action in the event of some sort of failure, and not even a phone number to call in the event of a suspected breach. I was simply amazed this extremely successful and multi generational, growing and profitable, family based business has survived this long into the technology age without some sort of major catastrophic failure related to security practices.
I also noticed upon trying the simple task of installing a CD into an accessible drive bay, that it loaded and installed, with no administrator priviledges required. During a break I noticed a couple of the managers updating their personal stock portfolios and bidding on items for sale. I noticed another department was utlizing the web for the first indurty to utilize it's power of commerce (the same industry that jump started the mail order industry)... Basically pictures of ladies with less clothes on than a g-string...
Now "security" is a big word and even larger topic. It covers everything from what not to say, to what not to click, to doorlocks, paper shredders, mute buttons, and today it covers anything that can be transmitted from cell phones, GPS data, broadband, modem, the various wireless technologies, and even bluetooth communications with your vehicle computer system. No hard drive is safe from forensics short of a nuclear blast, and nobody truly knows who has been tracking what, for how long, why, and nobody can predict how any accumulated data will eventually be utilized.
I do know enough about the general topic of security so that when I start to go beyond basic policies outlined in operating system manuals, router instructions, and basic common sense it is time to call in "experts", yet even the input from the best in their disciplines cannot provide a true secure environment as someone beyond reproach and beyond reasonable corruptability (yes I saw the Dark Knight this past weekend), must somehow be able to architect, design, flowchart, streamline, and accomodate the ever present "exceptions" that must be maintained so a company can maximize profitability.
Great topic. I joined the clan and am looking forward to learning a lot and based on my hopefully increased knowledge becoming even more cautious than I have already become.
Just last week, the HP vice-president indicted for leaking trade secrets from his former employer, IBM, pleaded guilty.
With the widespread use of 2.0 technologies, anyone (unintentionally or not) can leak secrets. There are some cases of bloggers finding out about mergers seeing someone's Facebook's status and a couple of Tweets.
Companies normally don't offer enough information on the topic, as sometimes not even know where to draw the line. But as you mention, it's in everyone's job description.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
If you were serious about good dental hygiene, you wouldn't floss, brush, then gargle only to tear into a package of Oreos five minutes later. Why, then, are so many of the world's biggest companies essentially doing the same thing where enterprise security is concerned?
Since security startups that scan baggage and passengers are all the rage now, this is probably as good a time as any to reconcile ourselves to racial profiling and other stereotyping that will come with them.
Google (Nasdaq: GOOG) is engaging in some very high-stakes gamesmanship, and it's picked an appropriately formidable opponent in the shape of the Chinese government.
Smarter Collaboration: How to Thrive in a Challenging Business Environment Market conditions are changing faster than ever, and organizations need to improve their agility and adaptability in order to provide better service and improve processes. The ability to work with customers, business partners, and employees as effectively as possible - while at the same time holding down costs - is a key to success. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
What kinds of companies are doing the most innovation in the data center? Turns out it's midtier enterprises that are taking the "Just Right" approach.
Data mining of social networks means people might face unforeseen consequences as a result of their seemingly innocuous personal choices and associations.
Some of the "cool" people are testing a new Web service: Blippy. It could be a great data source for corporations to glean info about customers’ credit card purchases. But it has all sorts of possible privacy and security problems. Buyer beware!
Microsoft reportedly has plans to integrate Windows Live and even Xbox with Windows Mobile. That may provide them a strategic advantage, but what will the cost be to your privacy? Tom explains all.
E-discovery is the requirement to make available all digital information related to, and in conjunction with, a legal proceeding. An appeals court ruled recently to limit the scope of e-discovery searches, which gives corporate counsel and IT executives a bit more power over the e-discovery process.
The sooner purveyors of cloud computing services can pass muster, security-wise, with financial services companies, the sooner cloud computing will really go mainstream.
The US loses about $20 billion a year on pirated software, movies, and music. But public policy can help stem the tide of digital theft. For example, France has recently passed a 'three strikes and you’re out' law, whereby if after two warning letters an individual continues to download pirated software then his Internet access will be cut off. US policy makers should consider adopting similar policies.
The release of Microsoft's newest OS raises the question of the company's relevance in an era when Google dominates applications and search, and Apple runs circles around Redmond with its gadgets and user interfaces.
Research shows that the youth of today like Facebook – but not blogging or Twitter. Does that mean Facebook has won, or just that it's not yet out of favor? Will all the services we see today fade into Ovaltine-or-Wheaties status in just a few years?
What kinds of companies are doing the most innovation in the data center? Turns out it's midtier enterprises that are taking the "Just Right" approach.
Ray Kurzweil's Blio and Apple's iPad tablet will make it easier than ever to have books "read" to us, says Dr. Kim, who believes that talking tablets will become interwoven into our consciousness as we "merge" with the increasingly elegant machines we hold in our hands.
Digg
Del.icio.us
Reddit
Email This
TWEET THIS
