The widespread impact of the SQL Slammer worm in January 2003 highlighted an issue that most security professionals see as a basic fact – IT system security is not based on a single installation, but on an ongoing management of risks and vulnerabilities.
The ability to maintain a healthy balance between personal privacy and stringent enterprise security standards has been a sensitive and long-lasting struggle among security vendors and privacy advocate groups.
This question was raised at a recent shareholders meeting: “Can the Board of Directors assure us that this organization’s information security program is deployed fairly and legally in every jurisdiction in which we operate?”
If wireless were simply a matter of business expedience, and we ignored security concerns, it would be as ubiquitous today as laptops and cell phones – especially for the growing number of workers who depend on mobility to do their jobs and can’t afford to be tethered to a desk, office or single location.
As I write this article I note that Infosecurity Europe is currently conducting an online survey, asking participants to consider if they would download their list of contacts or competitive information, to take with them when they leave their current employment.
E-policy is a corporate statement and set of rules to protect the organization from casual or intentional abuse that could result in the release of sensitive information, IT system failures or litigation against the organization by employees or other parties.