Risk Management with Stuart King and Duncan Hart

Security policies are unrealistic

Reed Elsevier

“Employees’ disregard of corporate IT policies

will increase as long as the policy is too rigid or impractical to

allow them to get their jobs done.”

Full article online here.

In my opinion, this is one of the most important things of all. Information security is a function to enable the organisation to go about its business with an awareness of the risks it faces in doing so. In the business of making a profit, organisations will take risks and do things that we would consider to be insecure. It is not the role of infosec to put the kibosh on plans or prevent people from working. If people can’t get their jobs done without having to find a way to circumvent policy then the policy is wrong. Change it.

SearchCIO

OT security brings new challenges in the age of IoT

We're diving into the IoT security challenges CIOs need to be aware of as a result of integrating OT devices, which often work in...

The changing role of the CIO

The shift to a digital economy is dramatically changing the role of the CIO, from trusted IT operator to business strategist.

Book excerpt: Communication structures of an organization

The following is an excerpt from 'Team Topologies: Organizing Business and Technology Teams for Fast Flow,' by Matthew Skelton ...

SearchSecurity

DerbyCon panel discusses IT mistakes that need to stop

Common security risks can be mitigated or prevented, according to a panel at DerbyCon. But users need to feel empowered to speak ...

What it takes to be a DevSecOps engineer

To address security early in the application development process, DevSecOps requires a litany of skills and technology literacy. ...

FBI says $26B lost to business email compromise over last 3 years

On the same day that 281 suspects were arrested in business email compromise stings, the FBI said worldwide losses from BEC ...

SearchNetworking

F5 Networks updates NGINX Application Platform, other tools

Updates include improved security and observability features, a new developer portal, API importing and improved analytics and ...

Legacy tools encumber modern network infrastructure monitoring

Many IT teams still use older monitoring tools that provide limited visibility across multiple network environments. AI and ...

CenturyLink acquires Streamroot, adding P2P CDN capabilities

Peer-to-peer content delivery network technology from Streamroot will enable CenturyLink to reach underserved areas and offer ...

SearchDataCenter

IBM z15 mainframe secures data across multi-cloud environments

IBM unveiled the latest in its line of mainframes capable of processing 1 trillion web transactions a day. The IBM z15 ...

Data center management as a service launches DCIM to the cloud

DMaaS is an option for organizations that want to use cloud-based management. Though these offerings hold a lot of promise, there...

Decrease legacy hardware security gaps

Dated infrastructure poses security threats to organizations -- especially with the amount of sensitive data used today. Address ...

SearchDataManagement

Amazon Quantum Ledger Database brings immutable transactions

Based on technology built internally at Amazon, the tech giant's newest database provides a centralized approach for enabling a ...

Stibo Systems advances multidomain MDM system

The new Stibo Systems 9.2 update expands the MDM platform's features with Sisense business intelligence integration and machine ...

Cloudera Data Platform to debut, as big data fortunes waver

The interim CEO of Cloudera is cautiously optimistic about growth prospects as the big data vendor acquired Arcadia Data and ...

Join the conversation

2 comments

Send me notifications when other members comment.

Oldest

[-]

Colin Beveridge - 4 Nov 2008 5:58 AM

Everyone agrees that data loss is a serious problem, for the private sector as well as government. All this, despite huge investments in so-called information security. Companies and government have information handling policies coming out of their ears but don't seem to have any means of measuring their effectiveness in the sphere of Information Governance. I have put together a brief outline of some practical measures that could be adopted, easily, by any organisation. My quick guide (Measures for preserving stakeholder confidence) is available as a free download from my website - see this page: http://tinyurl.com/5dmzap

Stuart King - 4 Nov 2008 8:03 AM

Thanks Colin - it's a useful guide.

Risk Management with Stuart King and Duncan Hart

Security policies are unrealistic

Join the conversation

2 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

OT security brings new challenges in the age of IoT

The changing role of the CIO

Book excerpt: Communication structures of an organization

SearchSecurity

DerbyCon panel discusses IT mistakes that need to stop

What it takes to be a DevSecOps engineer

FBI says $26B lost to business email compromise over last 3 years

SearchNetworking

F5 Networks updates NGINX Application Platform, other tools

Legacy tools encumber modern network infrastructure monitoring

CenturyLink acquires Streamroot, adding P2P CDN capabilities

SearchDataCenter

IBM z15 mainframe secures data across multi-cloud environments

Data center management as a service launches DCIM to the cloud

Decrease legacy hardware security gaps

SearchDataManagement

Amazon Quantum Ledger Database brings immutable transactions

Stibo Systems advances multidomain MDM system

Cloudera Data Platform to debut, as big data fortunes waver

Join the conversation

2 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.