Rather than belabour the PW issue, there are certainly far better ways (including more secure and efficient) for securing corporate enterprises all the way down to permitting private visitors access to your data. What part of utilizing existing technology doesn't make sense to implimentation of a higher level of metrics to security? Certainly MS itself has danced around the biometrics security issue with capabilities of fingerprint readers (see their own post issue regarding changing the same @ http://support.microsoft.com/kb/899626) among other readers, so why not solve the issue by driving hardware and software in that direction once and for all?
In fact even homeland security is a good resource for the encouragement of biometric ID as well as USCIS (http://www.uscis.gov/portal/site/uscis/menuitem.5af9bb95919f35e66f614176543f6d1a/?vgnextchannel=9059d9808bcbd010VgnVCM100000d1f1d6a1RCRD&vgnextoid=b3be194d3e88d010VgnVCM10000048f3d6a1RCRD).
Considering the vunerability of data both from inadvertant theft (lazy or ineffective regular password modification) through ignorance up to corporate espionage (poor corporate security implimentation) wouldn't the addition of a hardware and software security implementation be worth it? Consider the potential cost to a corporations, it's data loss and proprietary technology! Using biometrics provides for the relatively easy identification of all log ons and the user unique identity. All legitimate users shouldn't consider this to be any kind of invasion of privacy, if in fact the person wants to express themself honestly and be a legitimate data accesser, wouldn't you agree? I only can see that there would be a problem with those who would not want to be forthright in identifying themselves anyhow if their intent was to be dishonest!
Either way there needs to be a person that is responsible for information security in general and only focuses on this effort all day long. The CIO is not able to do this since he's being pulled in every direction all day long.
If its an SVP or CISO it really doesn't matter to me. I've seen people in the past that were SVPs that had the title of CISO, so the title doesn't really matter as long as they have the power to get things done and bring information security, not just network security, to the board level.
I completely agree with your second paragraph. WE can make the argument all day long about strong passwords and training of employees but if there aree gaps in our IT systems, then such efforts won't take us anywhere. Your closing thought in that second paragraph is very spot on. How many times do we think of issues like password security at the very onset of developing an IT system? As is often said, security is always an after thought and as a result therefore, we are always chasing shadows trying to fill the gaps left by such a systems' mindset.
If there is accountability across the board, you don't need a new person to step in to check about security. If there isn't accountability, a new C-level exec would have little influence - or too much. But it's convenient to think you can fix this without systemic change.
Good security decisions start with good IT decisions. Requiring great passwords isn't a good solution, since users have every motivation to make it easy for themselves. Requiring training is no panacea, since most trainings are useless - and a waste of time. What is needed is the mindset that systems must be built to standards that make security and resiliency priorities.
Companies need to focus on building things for the long term to do this, and not to appoint a new officer to take the blame when it fails. The existing C-level execs need make a culture where short term decisions that sacrifice long term priorities for convenience or hitting deadlines into a career killer. That's true for reputation, for security, for resilience, or to be clearer: for anything that matters to CEOs except short term profits. And this means they need to make a choice; invest and prevent these failures, or increase their risk. If only I didn't know what many CEOs will do when faced with this choice - take a bigger paycheck for last quarter's profits, and make sure a scapegoat is in place.
Many organizations have a CIO, and a Chief Security Officer - a post which long predates major concerns about digital security. We must always remember that security does not begin and end with networks. It's also all about locks on doors, for example.
What is needed in those cases is a clear understanding of who is accountable for what.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Our college students and recent graduates are not prepared for the working world. Corporate managers say so, college career center staff say so, and even the students and grads themselves say so. College students need “soft” career skills to succeed in their jobs after graduation.
It's the holiday season, so people around the world are hopping online to hunt down the top deals. They're entering all sorts of search terms into Google -- from words like "Christmas" and "Hanukkah" to such things as "sweater" and "bicycle." If you run a seasonal website, where do you start when it comes to search engine optimization (SEO)? How can you separate yourself from the pack?
Values define human and organizational culture, and a core set of values can become a team culture that guides the behavior of all members. To become a culture, the team must celebrate people who exemplify the group's values, inculcate new members with these values, and actively resist deviations from these tenets.
You've heard the expression, "Out of the frying pan, into the fire?" Amazon lives in the fire. The e-tailer wins by keeping things hot for its competitors, employees, and itself, according to a new book.
Positec, a manufacturer of power tools for homes and commercial applications, achieves greater customer service flexibility and cuts hold times in half by using a cloud-based service to manage its call center.
Big-data and analytics tools enable marketers to understand customers as individuals, identifying unmet needs and addressing each customer as a "segment of one," says John Kennedy, VP corporate marketing, IBM.
Linux Journal recently released its 2013 Readers’ Choice Awards. As an Ubuntu convert in recent years, I was glad to see Ubuntu took the top spot for "Best Linux Distribution" (at 16 percent, edging out Debian, which took 14.1 percent).
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?