On The Alert - InformationWeek
09:10 AM
[Cyber Attackers] How They Research Your Organization & What To Do About It
Jul 13, 2017
In this eye-opening webinar, you'll learn how attackers can take advantage of your website, employ ...Read More>>

On The Alert

Information-security policies are getting people's attention far outside the IT department

Everyone talks about "increased awareness" of security since Sept. 11. Here's what increased awareness looks like.

Mike Engle, VP of information security at investment bank Lehman Brothers Holdings Inc., sent a pair of interns on a mission to ferret out unauthorized wireless access points that create potential vulnerabilities to the IT network's security. So what was the reaction when two unknown faces wandered by the desks of traders and analysts, taking notes on a notebook computer? A flurry of calls to security guards and a few direct confrontations. "They had people on every floor jumping up," Engle says. "The interns almost got jacked up on one floor."

Before Sept. 11, employees probably wouldn't have been so quick to notice a strange face and take action. The biggest change at many companies is that a lot more people have come to see security as a component of their job responsibilities. Half of companies put a greater emphasis on information security and physical security since Sept. 11, according to an InformationWeek Research survey of more than 1,500 business-technology managers. Fifty percent say they've made significant changes to their strategies or policies related to information security. Engle says that now, when a Lehman Brothers department creates a new application, it brings in someone from the security team at the onset to head off potential problems. "In the old days, we would have been scrambling after the changes to the network," he says.

A YEAR OF CHANGELate last year, FedEx Corp. created the job of chief information security officer, a move it was considering before Sept. 11 and that jumped up the priority list after the attacks. FedEx has always been serious about protecting customer information, but the attacks raised the profile of security issues throughout the company. "We've propelled it from the bowels to the boardroom of the organization in the last eight months," says David Zanca, the new chief information security officer and a 10-year FedEx veteran.

The security officer at a major paper-goods producer says that before Sept. 11, his company would only periodically scan for weaknesses in networks and applications that could allow a security breach. "Now we scan every quarter, internally and externally. We're staying much more on top of things," says the executive, who asked not to be identified.

Companies once keen to put loads of information on their Web sites now are more careful. Burlington Northern Santa Fe Corp. removed its rail-freight schedules from the Web. The railroad had a good reason for posting such information--train buffs and hobbyists love that kind of data and aren't happy it's gone--but the company decided post-Sept. 11 that those details made it too easy to track the locations of its trains. The government has been particularly diligent about removing information, such as building floor plans, VIP itineraries, and the locations of sensitive facilities, that could make a terrorist's task easier, Gartner analyst John Pescatore says. "It was crazy having this information available on the Web," he says, "and pulling it offline is a prudent thing to do."

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll