Strategic CIO // IT Strategy
Commentary
3/22/2012
04:49 PM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

How To Make Information Security Everyone's Problem

Use self-interest and propaganda to change employees' attitudes about endpoint security.

IT pros tend to focus solely on technology to solve endpoint security problems. After all, if malicious software is the poison, it's logical to look to signatures, heuristics, and cutting-edge detection for the antidote. But that's a mistake. Human vulnerabilities--ignorance, inattention, gullibility--are just as exploitable as software vulnerabilities, if not more so.

That means everybody has to be part of the security program. And the message that security is important has to come from the top and reach all levels of the organization.

Of course, it's easy to say, "Get everyone on board with security." It's hard to make it happen. You can dramatically increase the priority placed on information security through good processes and, dare we say, propaganda campaigns. A blend of policy, human resources management, and good old-fashioned self-interest can get employees to take your security program seriously.

Infographic: 6 Ways To Make Users Care About Security

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jfeldman
50%
50%
jfeldman,
User Rank: Strategist
3/29/2012 | 6:36:06 PM
re: How To Make Information Security Everyone's Problem
Best comment ever: "A lot of IT security, if we are honest, is like putting your head under your desk in the case of a nuclear attack."
Sam Iam
50%
50%
Sam Iam,
User Rank: Apprentice
3/28/2012 | 12:32:42 AM
re: How To Make Information Security Everyone's Problem
I think the cure is often, not always, worse than the disease in the case of IT security. Installing anti-virus software on PCs for instance. Good thing you have that anti-virus software on your PC, otherwise someone could install software that slows down your system and puts annoying pop-ups all over the place... which is exactly what the anti-virus software itself does to your system.

Think about the collective amount of time and money (money in form of productivity) that goes into something like 60-90 day password changes. It has to be in the billions across all companies. Not to mention that people need to store their passwords somewhere, like on a post it note, so they don't forget their many, constantly changing passwords... which, again, is more of a security vulnerability than not requiring forced changes in the first place.

I am not saying that people should drop IT security altogether, just that they should stop treating every end-point as if there is an army of hackers bound and determined to crack it. Often times people implement the most elaborate IT security measures under the sun to protect data which isn't of particular value to anyone.

A lot of IT security, if we are honest, is like putting your head under your desk in the case of a nuclear attack. If a talented hacker wants into, for instance, a Windows network, you are not going to be able to stop them regardless of your security standards.
Bprince
50%
50%
Bprince,
User Rank: Apprentice
3/27/2012 | 4:18:09 AM
re: How To Make Information Security Everyone's Problem
"Human vulnerabilities--ignorance, inattention, gullibility--are just as exploitable as software vulnerabilities, if not more so." -- Very true.
Brian Prince, InformationWeek/Dark Reading Comment Moderator
Transformative CIOs Organize for Success
Transformative CIOs Organize for Success
Trying to meet today’s business technology needs with yesterday’s IT organizational structure is like driving a Model T at the Indy 500. Time for a reset.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 17, 2014
It doesn't matter whether your e-commerce D-Day is Black Friday, tax day, or some random Thursday when a post goes viral. Your websites need to be ready.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.