There will never be an outright winner in the "arms
race" between those who wish to misuse data for their own ends and
organisations seeking to protect commercially sensitive information
or customers' privacy.
As technology changes, threats come from different directions.
The challenge is to spot them as soon as possible and take
effective action.
For many years the focus was firmly on the security of the
network, with the solutions being primarily technological, such as
firewalls, anti-virus software and intrusion detection systems.
Now, the importance of security policies within the organisation
is increasingly being addressed. But unless these are enforced,
they remain an academic exercise.
It is not about doubting the honesty of staff, it is merely
recognising that staff who do not realise the dangers or know how
to minimise them can create internal insecurity every bit as
threatening as a dishonest outsider.
"What characterises a good security function?" asks security
expert David Lacey in his Computer Weekly blog. "If I were forced
to select one thing, I would say it is the ability to close the
loop, to check that policies, standards and controls are being
implemented. Failure to do so is the most common reason for
ineffective security programmes."
If only information security were as easy as putting locks on
your windows and doors, installing a burglar alarm and feeling
satisfied that you have done what you can to keep the bad guys out.
That one-off fix is a luxury unavailable to organisations seeking
to keep essential business information protected.
Constant vigilance is the price of staying in business in the
information age, and that means effective security at every level
of the organisation.
David Lacey’s security blog
The latest
ideas, best practices, and business issues associated with managing
security
Related article:
High price of failing to tighten IT security
Comment on this article:
computer.weekly@rbi.co.uk