Risk Management with Stuart King and Duncan Hart

Security policies are unrealistic

Reed Elsevier

“Employees’ disregard of corporate IT policies

will increase as long as the policy is too rigid or impractical to

allow them to get their jobs done.”

Full article online here.

In my opinion, this is one of the most important things of all. Information security is a function to enable the organisation to go about its business with an awareness of the risks it faces in doing so. In the business of making a profit, organisations will take risks and do things that we would consider to be insecure. It is not the role of infosec to put the kibosh on plans or prevent people from working. If people can’t get their jobs done without having to find a way to circumvent policy then the policy is wrong. Change it.

SearchCIO

An introduction to intelligent document processing for CIOs

With IDP, enterprises can bring documents into automation workflows, which can help reduce document processing time and save on ...

Why CIOs need to establish an automation CoE

With organizations continuing to automate business processes across several departments at a rapid pace, it's time they consider ...

Is your company's IT governance strategy cloud ready?

As companies prepare to migrate to the cloud, they need to review their IT governance strategy before making any decisions to ...

SearchSecurity

For cybersecurity training, positive reinforcement is best

Traditional cybersecurity training methods often focus on negative reinforcement techniques, but experts say positive ...

Why SASE should be viewed as an evolution, not revolution

The hype around secure access service edge (SASE) is palpable. But by taking a step back, security leaders can align an emerging ...

The 5 principles of zero-trust security

Zero trust is a journey, not a destination. Ensure your corporate network is safe from internal and external threats by ...

SearchNetworking

The power and plights of female network engineers

Impostor syndrome burdens female network engineers, due to discrimination, as well as a lack of representation and education. But...

Bye-bye ISR, hello Catalyst 8000 for Cisco SD-WAN

The new Catalyst 8300 Series of routers replace ISRs that customers said were ill-equipped to run the Cisco SD-WAN. Cisco also ...

Juniper's 128 acquisition needed to improve SD-WAN

Juniper Networks plans to 'enhance' its Contrail SD-WAN through the acquisition of 128 Technology. 128 has a more advanced SD-WAN...

SearchDataCenter

Top 4 ways to reduce data center power consumption

Infrastructure power requirements can drive up operating costs. Data center managers can cut their utility bills if they address ...

IBM cloud revenues climb as hardware continues to decline

IBM cloud revenues continue to increase as hardware sales drop, sharpening the company's strategy to focus on hybrid cloud.

Figure out the differences of asset management vs. CMDB

There is no shortage of software options for change management tools. Operational goals can help IT teams decide if ITAM or CMDB ...

SearchDataManagement

Growing enterprise benefits of augmented data management

Gartner predicts plenty of growth in the booming augmented data management market, which helps data professionals focus on ...

MongoDB Atlas now enables multi-cloud database clusters

Multi-cloud data portability comes to MongoDB Atlas with a new capability that will enable users to run a database application ...

How AI data privacy can help your enterprise

Enterprises benefit in many ways from AI data privacy tools that reduce the need for manual efforts from data professionals. Read...

Join the conversation

2 comments

Send me notifications when other members comment.

Oldest

[-]

Colin Beveridge - 4 Nov 2008 5:58 AM

Everyone agrees that data loss is a serious problem, for the private sector as well as government. All this, despite huge investments in so-called information security. Companies and government have information handling policies coming out of their ears but don't seem to have any means of measuring their effectiveness in the sphere of Information Governance. I have put together a brief outline of some practical measures that could be adopted, easily, by any organisation. My quick guide (Measures for preserving stakeholder confidence) is available as a free download from my website - see this page: http://tinyurl.com/5dmzap

Stuart King - 4 Nov 2008 8:03 AM

Thanks Colin - it's a useful guide.

Join the conversation

2 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.