Security // Compliance
Commentary
3/22/2012
04:49 PM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%
Repost This

How To Make Information Security Everyone's Problem

Use self-interest and propaganda to change employees' attitudes about endpoint security.

IT pros tend to focus solely on technology to solve endpoint security problems. After all, if malicious software is the poison, it's logical to look to signatures, heuristics, and cutting-edge detection for the antidote. But that's a mistake. Human vulnerabilities--ignorance, inattention, gullibility--are just as exploitable as software vulnerabilities, if not more so.

That means everybody has to be part of the security program. And the message that security is important has to come from the top and reach all levels of the organization.

Of course, it's easy to say, "Get everyone on board with security." It's hard to make it happen. You can dramatically increase the priority placed on information security through good processes and, dare we say, propaganda campaigns. A blend of policy, human resources management, and good old-fashioned self-interest can get employees to take your security program seriously.

Infographic: 6 Ways To Make Users Care About Security

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Apprentice
3/27/2012 | 4:18:09 AM
re: How To Make Information Security Everyone's Problem
"Human vulnerabilities--ignorance, inattention, gullibility--are just as exploitable as software vulnerabilities, if not more so." -- Very true.
Brian Prince, InformationWeek/Dark Reading Comment Moderator
Sam Iam
50%
50%
Sam Iam,
User Rank: Apprentice
3/28/2012 | 12:32:42 AM
re: How To Make Information Security Everyone's Problem
I think the cure is often, not always, worse than the disease in the case of IT security. Installing anti-virus software on PCs for instance. Good thing you have that anti-virus software on your PC, otherwise someone could install software that slows down your system and puts annoying pop-ups all over the place... which is exactly what the anti-virus software itself does to your system.

Think about the collective amount of time and money (money in form of productivity) that goes into something like 60-90 day password changes. It has to be in the billions across all companies. Not to mention that people need to store their passwords somewhere, like on a post it note, so they don't forget their many, constantly changing passwords... which, again, is more of a security vulnerability than not requiring forced changes in the first place.

I am not saying that people should drop IT security altogether, just that they should stop treating every end-point as if there is an army of hackers bound and determined to crack it. Often times people implement the most elaborate IT security measures under the sun to protect data which isn't of particular value to anyone.

A lot of IT security, if we are honest, is like putting your head under your desk in the case of a nuclear attack. If a talented hacker wants into, for instance, a Windows network, you are not going to be able to stop them regardless of your security standards.
jfeldman
50%
50%
jfeldman,
User Rank: Strategist
3/29/2012 | 6:36:06 PM
re: How To Make Information Security Everyone's Problem
Best comment ever: "A lot of IT security, if we are honest, is like putting your head under your desk in the case of a nuclear attack."
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.