Risk Management with Stuart King and Duncan Hart

Security policies are unrealistic

Reed Elsevier

“Employees’ disregard of corporate IT policies

will increase as long as the policy is too rigid or impractical to

allow them to get their jobs done.”

Full article online here.

In my opinion, this is one of the most important things of all. Information security is a function to enable the organisation to go about its business with an awareness of the risks it faces in doing so. In the business of making a profit, organisations will take risks and do things that we would consider to be insecure. It is not the role of infosec to put the kibosh on plans or prevent people from working. If people can’t get their jobs done without having to find a way to circumvent policy then the policy is wrong. Change it.

SearchCIO

Top 2020 IT priorities hold fast amid COVID-19; spending takes hit

The biggest IT spending drivers from TechTarget's 2020 IT Priorities Survey remain relevant amid the COVID-19 pandemic, although ...

How CIOs can combat the IT talent shortage

Research shows organizations are still struggling to bring in IT talent. We identify the reasons why there's a shortage and what ...

How companies can ensure success working from home

Analyst Andrew Hewitt explains how companies have adjusted to remote work, what they need to be effective now and what to ...

SearchSecurity

How to get actionable threat intelligence from tech tools

Even advanced threat intelligence tools can't do it all alone. Learn what it takes to parse actionable insights from the ...

AI threat intelligence is the future, and the future is now

Threat intelligence services and tools get a boost from advanced technology like AI and, specifically, machine learning. Learn ...

Uncover and overcome cloud threat hunting obstacles

You can be an effective cyberthreat hunter even if your organization's assets are in the cloud. Know the likely obstacles you'll ...

SearchNetworking

5 principles of the network change management process

Network change management includes five basic principles, including risk analysis and peer review. These best practices can help ...

Small vendors that stand out in network automation

When incumbent vendors fall short, enterprises should consider these small vendors for new approaches to analytics and network ...

Top 5 VPN myths and misconceptions for IT organizations

Although VPN technology has its challenges, various misconceptions exist that can muddle IT teams' understandings of VPNs. Here ...

SearchDataCenter

IBM layoffs target services, marketing employees

IBM layoffs under newly appointed CEO Arvind Krishna largely affect its Global Technology Services and marketing groups.

Microsoft supercomputer looks to create AI models in Azure

Microsoft has expanded its AI initiative up to the supercomputer market, unveiling a system focused on helping users build large ...

Data center liquid cooling market heats up

As organizations increase server rack density, more C-level execs investigate liquid cooling technology. Industry experts see ...

SearchDataManagement

Benefits of a data catalog and why you need one

Data catalogs help across enterprises, from breaking down data silos to ensuring data privacy. A new book from Technics ...

Instaclustr CTO on open source database as a service

Ben Bromhead, co-founder and CTO of Instaclustr, provides insight into the state of the open source database-as-a-service market ...

Percona users detail open source database challenges

Speakers from Shopify and LinkedIn outline open source database cloud and security challenges and best practices at the Percona ...

Join the conversation

2 comments

Send me notifications when other members comment.

Oldest

[-]

Colin Beveridge - 4 Nov 2008 5:58 AM

Everyone agrees that data loss is a serious problem, for the private sector as well as government. All this, despite huge investments in so-called information security. Companies and government have information handling policies coming out of their ears but don't seem to have any means of measuring their effectiveness in the sphere of Information Governance. I have put together a brief outline of some practical measures that could be adopted, easily, by any organisation. My quick guide (Measures for preserving stakeholder confidence) is available as a free download from my website - see this page: http://tinyurl.com/5dmzap

Stuart King - 4 Nov 2008 8:03 AM

Thanks Colin - it's a useful guide.

Risk Management with Stuart King and Duncan Hart

Security policies are unrealistic

Join the conversation

2 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

Top 2020 IT priorities hold fast amid COVID-19; spending takes hit

How CIOs can combat the IT talent shortage

How companies can ensure success working from home

SearchSecurity

How to get actionable threat intelligence from tech tools

AI threat intelligence is the future, and the future is now

Uncover and overcome cloud threat hunting obstacles

SearchNetworking

5 principles of the network change management process

Small vendors that stand out in network automation

Top 5 VPN myths and misconceptions for IT organizations

SearchDataCenter

IBM layoffs target services, marketing employees

Microsoft supercomputer looks to create AI models in Azure

Data center liquid cooling market heats up

SearchDataManagement

Benefits of a data catalog and why you need one

Instaclustr CTO on open source database as a service

Percona users detail open source database challenges

Join the conversation

2 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.