November 04, 2008
Editorial

Pondering IT security basics

Illena Armstrong, editor-in-chief, SC Magazine
Illena Armstrong, editor-in-chief, SC Magazine

In this month's View from the Top feature, we get some insight into what a panel of 100 CEOs thinks about information security. What we found was that while many respondents are quite optimistic about information security risk planning, showing intentions to bolster their security practices in the next five years, they also seem to underestimate the IT security risks they face in a corporate world resting on a technological backbone.

Worth reviewing a little more, a majority of respondents don't have an official written information security policy, and 47 percent do not actively train employees on information security risks. After recently speaking with a CSO of a long-standing enterprise, I was troubled to find out that as the economy continues its downward spiral one of the first line items his company cut was IT security awareness training. Yet, given that social engineering, phishing and other end-user focused attacks are alive and kicking, it helps to address one of the more worrisome security problems with which he must struggle.

Another IT security leader at a large university just shared with me a phishing attack that is making the rounds in his college. Making requests of faculty, staff and students for webmail account information due to an impending website upgrade, the scam prompted some end-users to pass along their information to avoid any possible hiccups in service. He's now trying to determine the extent of the problem to ensure that no account holders gave up information that potentially could expose personally identifiable information. Meantime, he's sent out a note to all members of the college, explaining what to look for in official correspondence from university officials.

Although a few CEOs may indeed view some IT security practices as superfluous, the fact is there are fundamentals that just can't be underestimated. Policies, training and simple awareness campaigns that keep employees updated on risks and solutions can't be overlooked. Even if money's tight, these basics often can be executed inexpensively and can have a great effect on how employees think about IT security threats to corporate and their own personal information.

Speaking of employees, please help me to welcome our new Reporter Angela Moscaritolo. With a strong newspapering background, Angela's got a nose for industry news and is ready to hear from you.

 

 

From the November 2008 Issue of SCMagazine »
Similar Articles
close

Next Article in Opinions

Sign up to our newsletters

More in Opinions

Spotting the "black swans" of security

Spotting the "black swans" of security

How can it be that firms can feel confident in their security technology investments and their people, yet ultimately still believe that they remain at great risk?

Me and my job: Blake Frantz, Center for Internet Security

Me and my job: Blake Frantz, Center for ...

A brief Q&A with Blake Frantz, director of benchmark development, security benchmarks division, Center for Internet Security (CIS).

BlackBerry back in the game

BlackBerry back in the game

Thanks to BYOD, gone are the days of one single mobile device manufacturer or model to support, says Dimension Data Americas' Darryl Wilson.