Risk Management with Stuart King and Duncan Hart

Security policies are unrealistic

Reed Elsevier

“Employees’ disregard of corporate IT policies

will increase as long as the policy is too rigid or impractical to

allow them to get their jobs done.”

Full article online here.

In my opinion, this is one of the most important things of all. Information security is a function to enable the organisation to go about its business with an awareness of the risks it faces in doing so. In the business of making a profit, organisations will take risks and do things that we would consider to be insecure. It is not the role of infosec to put the kibosh on plans or prevent people from working. If people can’t get their jobs done without having to find a way to circumvent policy then the policy is wrong. Change it.

SearchCIO

Cloud migration failures and how to prevent them

Companies are moving more applications than ever to the cloud, but many of these initiatives fail. Learn how to avoid making your...

Achieving business value from cognitive collaboration

CIOs can take advantage of AI to improve employee and customer collaboration with cognitive capabilities that are now available ...

3 ways to use quantum technology features in your enterprise

While quantum computers aren't available just yet, there are other properties to consider, such as quantum sensors and quantum ...

SearchSecurity

Imperva breach update puts blame on exposed AWS API keys

Imperva CTO Kunal Anand posted updated information regarding the recent breach affecting Cloud WAF customers and admitted poor ...

Cybersecurity threats on the rise, prey on human nature

Cybersecurity attacks continue to rise, taking advantage of network vulnerabilities -- and human ones. First National Technology ...

Palo Alto launches new version of Demisto SOAR platform

New features to the Demisto platform include a customizable user interface, threat intelligence, database scaling and a mobile ...

SearchNetworking

After ransomware virus, Merck's medicine was network automation

After a ransomware attack, Merck decided the best remedy was to deploy network automation tools designed to transform how it ...

5 steps to follow in a network security audit checklist

Planning, execution, analysis, reporting and follow-up are the basic elements of a network security audit checklist. But ...

Top 3 network security threats and how to protect against them

Enterprise networks are seemingly always under attack. Learn about the most common network security threats and what protections ...

SearchDataCenter

IBM quantum computers' usefulness in sight -- using binoculars

IBM's Bob Sutor discusses Big Blue's new quantum systems and computation center, the realities of quantum computing today and how...

Addendum sets ASHRAE 90.4 as energy-efficiency standard

The publication of ASHRAE 90.4 in 2016 brought a new set of energy guidelines, but the industry still used Standard 90.1. A new ...

How to realize the benefits of software-defined infrastructure

Software-based infrastructure and services can streamline management and application data. Before you add them to your data ...

SearchDataManagement

PostgreSQL 12 boosts open source database performance

Widely used open source PostgreSQL database platform gets a major update providing users with new SQL query capabilities for JSON...

Data integration vs. ETL in the age of big data

Data integration provides a consistent view of business performance across multiple data sources, though it needs to keep up with...

5 steps to an improved data quality assurance plan

Consultant David Loshin offers tips on developing a data quality strategy that can help identify data errors before they cause ...

Join the conversation

2 comments

Send me notifications when other members comment.

Oldest

[-]

Colin Beveridge - 4 Nov 2008 5:58 AM

Everyone agrees that data loss is a serious problem, for the private sector as well as government. All this, despite huge investments in so-called information security. Companies and government have information handling policies coming out of their ears but don't seem to have any means of measuring their effectiveness in the sphere of Information Governance. I have put together a brief outline of some practical measures that could be adopted, easily, by any organisation. My quick guide (Measures for preserving stakeholder confidence) is available as a free download from my website - see this page: http://tinyurl.com/5dmzap

Stuart King - 4 Nov 2008 8:03 AM

Thanks Colin - it's a useful guide.

Risk Management with Stuart King and Duncan Hart

Security policies are unrealistic

Join the conversation

2 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

Cloud migration failures and how to prevent them

Achieving business value from cognitive collaboration

3 ways to use quantum technology features in your enterprise

SearchSecurity

Imperva breach update puts blame on exposed AWS API keys

Cybersecurity threats on the rise, prey on human nature

Palo Alto launches new version of Demisto SOAR platform

SearchNetworking

After ransomware virus, Merck's medicine was network automation

5 steps to follow in a network security audit checklist

Top 3 network security threats and how to protect against them

SearchDataCenter

IBM quantum computers' usefulness in sight -- using binoculars

Addendum sets ASHRAE 90.4 as energy-efficiency standard

How to realize the benefits of software-defined infrastructure

SearchDataManagement

PostgreSQL 12 boosts open source database performance

Data integration vs. ETL in the age of big data

5 steps to an improved data quality assurance plan

Join the conversation

2 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.