On The AlertOn The Alert
Information-security policies are getting people's attention far outside the IT department
September 6, 2002
Jim Finn, a principal in the enterprise security consulting practice at Unisys Corp., says the primary information-security focus before Sept. 11 was enabling E-business, everything from making transactions more secure to making servers less vulnerable to hacker attacks. These elements remain important, but today the emphasis is broader, extending to business continuity and physical security. "The trend has become a more holistic view toward security," Finn says. Charles Kolodgy, a security analyst with IDC, says that instead of the surge in security-software spending that he expected, the events of Sept. 11 may have driven funding away from IT security and more to physical security at some companies.
Even On The Worst Of Days
"We had made the decision not to show my wife any of the horrible images being shown on the TV. Finally at 4:17 p.m., our beautiful baby girl was born, and there was nothing in the world that could take away this moment. Today, I look back at the tragedies of 9/11 and I hear the stories of how someone lost a loved one in the attacks. Then I look at my daughter, who is almost a year old. Her smile just melts my heart, and I realize that this is what life is all about. Things happen that take a toll on our beliefs and destroy our lives, but the world goes on. The most amazing miracle I have had the good fortune to experience happened on the same day so many people's lives were changed for the worst. Every day, the miracle of life, of love, and sometimes just plain old good luck happens to each and every one of us, and it's these miracles that we need to cherish and remember to help us deal with the horrible things that happen outside of our control."
-- Dan Donati, Santa Ana, Calif.
The possibility of blending physical and IT security has jumped at many companies, though most say this convergence is a long-term goal. FedEx's Zanca says there's been more collaboration between his group and the team that handles physical security. Joint projects include ongoing development of a smart-card system with a biometrics component to meet Federal Aviation Administration regulations related to employees with access to company aircraft.Security managers continue to show interest in tools such as employee smart cards and biometric systems that can identify a person via fingerprint or retinal scans. But implementation is often complicated and costly. "We started investigating a way to manage employee access to everything from building access to telecommunications on a single smart card," says a security administrator with a large Manhattan financial-services firm. The biggest obstacle in terms of cost and time would be integrating a new system with the existing telecom system and network.Despite the cost and time involved, the financial-services firm hasn't given up. Early next year, it will start a limited test of a system that it hopes will lead to a wider smart-card system that includes building, phone, and IT network access. Some departments, including IT, will be issued smart cards to gain access to sensitive areas within the offices. The ultimate goal, the administrator says, is for employees to be "able to access everything they need the day they start, and we're able to shut them off, with one flip of the switch, the day they're terminated or quit."Such cards might have helped the interns at Lehman earlier this year. Instead, Engle used a low-tech solution. "We printed up an ID card," he says, "and I wrote a note they carried that told anyone who had any questions to call me."Return to New Priorities
Return to Making Progress (Main Story)It's hard to believe it's been nearly a year since we were attacked. As predicted, life has changed. Please join us in remembering what each of us has lost and gained since Sept 11. Your thoughts will help everyone better understand where we are and where we're headed. Go to our Listening Post to share your experiences, some of which could appear in our pages.
About the Author(s)
You May Also Like
Edge Computing Bridges IT and OT People, Process, and Technology
From Data-Lock to Data-Driven: Effective Data Management for Financial Institutions
The Definitive Guide to Understanding IP Addresses, VPNs and their Implications for Businesses
Checklist: 7 Essentials for Securing Modern Applications
The New Frontier of Cyber Security: Securing the Network Edge