Risk Management: 12 Keys for Locking Up Tight

By Angela Genusa
Thu, March 01, 2001

CIO — In a perfect world, a bit of common sense and a dash of due diligence would protect us from hackers, saboteurs and the common cold. Well, the world isn’t perfect, and we know we can never be completely secure. There is a measure of safety to be gained by following a formula of threat education, security breach prevention and risk mitigation. n "There’s no single answer," says Bruce Schneier, CTO of security consultancy Counterpane Internet Security in San Jose, Calif., and the author of Secrets & Lies: Digital Security in a Networked World (Wiley, John & Sons, 2000). "I can’t say, ’Do these seven steps and you’ll be magically secure.’" Although every organization’s security infrastructure must be unique to be effective, Schneier and other experts point to the following essential ingredients. Pay close attention to these basic security issues.

1 Establish Accountability

Companies have traditionally relegated security to IS, viewing it merely as an administrative function and expense. However, security can no longer be a closeted IT function, says Michael Assante, cofounder and chief intelligence officer of LogiKeep, a security consultancy based in Dublin, Ohio. "It’s got to be a boardroom issue and not a backroom issue. It needs to become part of a business decision-making process, looking at system survival and business continuation issues. Accountability should fall on the shoulders of the business decision makers."

As the liaisons between operations and management personnel, CIOs are uniquely positioned to champion IT security issues in their organizations, according to John S. Tritak, director of the Critical Infrastructure Assurance Office with the U.S. government. CIOs and other senior IT executives need to cultivate and maintain close relationships with senior operations, telecommunications, physical security, human resources and other executives in their organizations to develop and implement a comprehensive IT security plan.

CIOs must have the authority and the autonomy to immediately address security issues or react to breaches quickly, says the executive vice president of IT at a Fortune 500 financial services corporation. "You can’t create a ton of bureaucracy that makes it impossible for you to act or quickly react," he says. "It’s called accountability."

Some companies are hiring vice presidents of security and chief information security officers (see "Someone to Watch Over You," Page 82) to put policy, processes and methodology in place. Some are hiring chief privacy officers (see "Oh No, Not Another O!" CIO, Jan. 15, 2001) to oversee privacy issues. However, these positions must be more than window dressing, security experts say.

Continue Reading

Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring (FIM) tools that provide immediate alerts. This white paper has been brought to you by NetIQ, the leader in solving complex IT challenges.
This white paper describes the business challenges and opportunities that are driving interest in Identity Governance while discussing considerations your organization should make to help achieve project success.
This paper explores the concept of content-aware IAM, describes the integrated architecture for this new approach, and highlights the benefits that this approach provides.
One of the key strategies that IT teams are pursuing to reduce capital costs while boosting asset utilization and employee productivity is the transition to highly virtualized data centers. However, IDC finds that expectations for further boosts in IT asset use and operational efficiency often surpass the actual results for a variety of reasons. These problems can quickly overwhelm any hoped-for benefits as the scope of virtual server deployment expands.
For your IT organization to keep pace with the business, you need a new, faster approach to infrastructure deployment-an approach that increases agility and accelerates time to application value. That's HP Converged Systems. Built on Converged Infrastructure, these systems deliver the industry's first portfolio of pre-integrated, tested, and optimized infrastructure solutions for applications running in virtual, cloud, dedicated, or hybrid environments.
The nature of the blade platform makes system management, monitoring and provisioning easy and efficient. Access this resource to learn how blade migration will save your data center time and money while increasing performance.
Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as support considerations
Many enterprises have discovered that the use of virtualization to support desktop workloads creates a range of significant benefits. These benefits include price efficiencies, improved IT management and greater agility and choice for end users.

This VMware sponsored webcast with IDC will provide both quantitative measurement of the business value -- defined as the expected ROI -- and qualitative analysis associated with the use of VMware View™. IDC will also provide an analysis of the View Composer and ThinApp™ features of VMware View, including the business value of these solutions and an overview of how they work.

Attend this webcast to learn about:
- Challenges and barriers that might impede the adoption of desktop virtualization
- Navigating roadblocks to facilitate a strategic implementation
- Optimizing qualitative and quantitative benefits to IT and your business
Applications are changing - they're increasingly web-oriented, global in nature and run from multiple device types. Additionally, the volume of data is growing exponentially every year. How do you ensure your applications have fast, accurate, up-to-date information in this new world? Modern applications are data-intensive; delivering data the old way using monolithic databases isn't working. What's needed is a modern approach to data. One that scales-out as needed and delivers predictable high performance, but without sacrificing data consistency or integrity.
VMware View™ 5 simplifies IT management while increasing end user freedom by delivering desktop services from your cloud. Building upon VMware's leadership in desktop virtualization, VMware View 5 delivers a high-performance user experience while giving IT greater policy control.

View this webcast and find out how VMware View 5 can help you:
- Deliver the highest fidelity experience of desktop services across any device and any network
- Simplify and automate IT management, security and control of desktop services
- Reduce the costs associated with your desktop environment
IT professionals are being asked to deliver faster "time-to-value" than ever before. An IDG Research survey found that CIOs are eager to invest in technologies that will enable them to get new applications and services up quickly, achieving faster time-to-value.
Learn how to reduce IT management overhead, ease revision control, guarantee data security, scale systems more quickly and reduce server and software costs.
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all Newsletters | Privacy Policy
Resource Center