Rather than belabour the PW issue, there are certainly far better ways (including more secure and efficient) for securing corporate enterprises all the way down to permitting private visitors access to your data. What part of utilizing existing technology doesn't make sense to implimentation of a higher level of metrics to security? Certainly MS itself has danced around the biometrics security issue with capabilities of fingerprint readers (see their own post issue regarding changing the same @ http://support.microsoft.com/kb/899626) among other readers, so why not solve the issue by driving hardware and software in that direction once and for all?
In fact even homeland security is a good resource for the encouragement of biometric ID as well as USCIS (http://www.uscis.gov/portal/site/uscis/menuitem.5af9bb95919f35e66f614176543f6d1a/?vgnextchannel=9059d9808bcbd010VgnVCM100000d1f1d6a1RCRD&vgnextoid=b3be194d3e88d010VgnVCM10000048f3d6a1RCRD).
Considering the vunerability of data both from inadvertant theft (lazy or ineffective regular password modification) through ignorance up to corporate espionage (poor corporate security implimentation) wouldn't the addition of a hardware and software security implementation be worth it? Consider the potential cost to a corporations, it's data loss and proprietary technology! Using biometrics provides for the relatively easy identification of all log ons and the user unique identity. All legitimate users shouldn't consider this to be any kind of invasion of privacy, if in fact the person wants to express themself honestly and be a legitimate data accesser, wouldn't you agree? I only can see that there would be a problem with those who would not want to be forthright in identifying themselves anyhow if their intent was to be dishonest!
Either way there needs to be a person that is responsible for information security in general and only focuses on this effort all day long. The CIO is not able to do this since he's being pulled in every direction all day long.
If its an SVP or CISO it really doesn't matter to me. I've seen people in the past that were SVPs that had the title of CISO, so the title doesn't really matter as long as they have the power to get things done and bring information security, not just network security, to the board level.
I completely agree with your second paragraph. WE can make the argument all day long about strong passwords and training of employees but if there aree gaps in our IT systems, then such efforts won't take us anywhere. Your closing thought in that second paragraph is very spot on. How many times do we think of issues like password security at the very onset of developing an IT system? As is often said, security is always an after thought and as a result therefore, we are always chasing shadows trying to fill the gaps left by such a systems' mindset.
If there is accountability across the board, you don't need a new person to step in to check about security. If there isn't accountability, a new C-level exec would have little influence - or too much. But it's convenient to think you can fix this without systemic change.
Good security decisions start with good IT decisions. Requiring great passwords isn't a good solution, since users have every motivation to make it easy for themselves. Requiring training is no panacea, since most trainings are useless - and a waste of time. What is needed is the mindset that systems must be built to standards that make security and resiliency priorities.
Companies need to focus on building things for the long term to do this, and not to appoint a new officer to take the blame when it fails. The existing C-level execs need make a culture where short term decisions that sacrifice long term priorities for convenience or hitting deadlines into a career killer. That's true for reputation, for security, for resilience, or to be clearer: for anything that matters to CEOs except short term profits. And this means they need to make a choice; invest and prevent these failures, or increase their risk. If only I didn't know what many CEOs will do when faced with this choice - take a bigger paycheck for last quarter's profits, and make sure a scapegoat is in place.
Many organizations have a CIO, and a Chief Security Officer - a post which long predates major concerns about digital security. We must always remember that security does not begin and end with networks. It's also all about locks on doors, for example.
What is needed in those cases is a clear understanding of who is accountable for what.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
The US National Security Agency learned the hard way that it can be dangerous to give a contractor too much money and access, with too little scrutiny. The NSA and other government agencies hire tens of thousands of contractors
a year to analyze data. Edward Snowden -- who revealed himself as the NSA leaker after fleeing the country -- was one such contractor, reportedly holding a $122,000 salaried position at Booz Allen Hamilton at the time of his departure.
Big-data and analytics tools enable marketers to understand customers as individuals, identifying unmet needs and addressing each customer as a "segment of one," says John Kennedy, VP corporate marketing, IBM.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?