Risk Management with Stuart King and Duncan Hart

Security policies are unrealistic

Reed Elsevier

“Employees’ disregard of corporate IT policies

will increase as long as the policy is too rigid or impractical to

allow them to get their jobs done.”

Full article online here.

In my opinion, this is one of the most important things of all. Information security is a function to enable the organisation to go about its business with an awareness of the risks it faces in doing so. In the business of making a profit, organisations will take risks and do things that we would consider to be insecure. It is not the role of infosec to put the kibosh on plans or prevent people from working. If people can’t get their jobs done without having to find a way to circumvent policy then the policy is wrong. Change it.

SearchCIO

IT workforce skews younger, says analysis of US data

The IT workforce is getting younger, according to government IT workforce data. The reasons for this are subject to a debate that...

Top edge computing trends to watch in 2020

Edge computing is still an evolving technology domain and enterprises should expect continued evolution in the year ahead. Here ...

Shell, Halliburton, Unibap AB execs share real-world AI strategies

Technology advances like quantum computing mean AI's best years are still to come, but that doesn't mean companies aren't already...

SearchSecurity

City of Pensacola hit by ransomware attack

A cyberattack, later confirmed to be ransomware, hit the city of Pensacola, Florida on Saturday, and the city is currently in the...

Ryuk ransomware change breaks decryption tool

The threat actors behind Ryuk ransomware made changes to their code that have made the official decryption tool unreliable, ...

Use a data privacy framework to keep your information secure

Find out how a data privacy framework gives companies the tools they need to ensure their information is protected -- from both ...

SearchNetworking

Test your knowledge of SD-WAN deployments and testing

As SD-WAN becomes more mainstream, organizations must learn what to expect during all phases of deployment. Try your knowledge of...

4 SD-WAN vendors integrate with AWS Transit Gateway

Aruba, Cisco, Citrix and Silver Peak are among the first SD-WAN vendors to integrate their products with the AWS Transit Gateway.

Assess the Wi-Fi 6 features available in Wave 1 and Wave 2

Catch up on the different features available with the first wave of Wi-Fi 6, including OFDMA and Target Wake Time, and find out ...

SearchDataCenter

Comparing Linux distributions: Red Hat vs. Ubuntu

Before selecting a Linux distribution, compare Red Hat Enterprise Linux and Ubuntu when it comes to features, ease of use, ...

Get eco-friendly with LEED data center certification

The U.S. Green Building Council helps companies make existing and new data centers eco-friendly. HVAC, lighting and monitoring ...

Top 4 open source automation tools for admins

Open source offerings are an easy way to bring automation into your organization. When selecting software, evaluate the user ...

SearchDataManagement

Data warehouse technologies evolve as vendors look skyward

The need for high-speed analytics and low latency are pushing data warehousing vendors to create and reinvent their platforms and...

Top database cloud migration considerations for enterprises

As the amount of incoming data grows, many organizations are switching to cloud databases. Understanding what database best meets...

Amazon cloud database and data analytics expand

AWS expands its Redshift data warehouse capabilities including managed storage and query acceleration at the re:Invent 2019 ...

Join the conversation

2 comments

Send me notifications when other members comment.

Oldest

[-]

Colin Beveridge - 4 Nov 2008 5:58 AM

Everyone agrees that data loss is a serious problem, for the private sector as well as government. All this, despite huge investments in so-called information security. Companies and government have information handling policies coming out of their ears but don't seem to have any means of measuring their effectiveness in the sphere of Information Governance. I have put together a brief outline of some practical measures that could be adopted, easily, by any organisation. My quick guide (Measures for preserving stakeholder confidence) is available as a free download from my website - see this page: http://tinyurl.com/5dmzap

Stuart King - 4 Nov 2008 8:03 AM

Thanks Colin - it's a useful guide.

Risk Management with Stuart King and Duncan Hart

Security policies are unrealistic

Join the conversation

2 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

IT workforce skews younger, says analysis of US data

Top edge computing trends to watch in 2020

Shell, Halliburton, Unibap AB execs share real-world AI strategies

SearchSecurity

City of Pensacola hit by ransomware attack

Ryuk ransomware change breaks decryption tool

Use a data privacy framework to keep your information secure

SearchNetworking

Test your knowledge of SD-WAN deployments and testing

4 SD-WAN vendors integrate with AWS Transit Gateway

Assess the Wi-Fi 6 features available in Wave 1 and Wave 2

SearchDataCenter

Comparing Linux distributions: Red Hat vs. Ubuntu

Get eco-friendly with LEED data center certification

Top 4 open source automation tools for admins

SearchDataManagement

Data warehouse technologies evolve as vendors look skyward

Top database cloud migration considerations for enterprises

Amazon cloud database and data analytics expand

Join the conversation

2 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.