Skip Links

Network World

  • Social Web 
  • Email 
  • Close

The human element in IT security

By Linda Brigance , CIO , 12/05/2007

The air express industry, like many other businesses, has rapidly transformed the way it serves customers over the past few years, through the aggressive and ingenious use of the latest IT. FedEx spends more than $1 billion every year on IT. Frederick W. Smith, founder of FedEx, once said, "The information about the package is as important as the package itself."

But these advances come with a price: the need to protect the system from damaging viruses, accidental data breaches and even deliberate attacks. Breaches can often start in a very personal way--with friends over a cup of coffee, at a café where employees go with a work PC and surf the net or do personal e-mail. Most of us are familiar with the technology fixes that form one side of the picture, including firewalls, passwords and digital certificates. However, the policy that supports these is equally important.

It is becoming vital for any successful global business not only to have an excellent security policy in place, but also to ensure that the policy is prioritized and communicated in an efficient and meaningful way.

A Vital Protection Tool

In the last six months in the U.S. , nearly 40 percent of firms surveyed by the Computing Technology Industry Association reported a major IT security breach. How many of these could have been prevented by considering the human element in the workplace? Many stemmed from the accidental loss of a laptop, Blackberry, or mobile device; employees using unsecured networks from home to conduct company business; or employees downloading unapproved software onto the company network. An effective security policy is, in short, a vital protection tool for any kind of enterprise.

The paradox is this: security policies often do not make it onto the management's radar screen until the organization has a major security incident. But the most effective policy is not one that is developed during a crisis, but rather, one that is developed, updated and communicated continuously after a systematic review of security needs.

The question then becomes, how are the best security policies developed? Large companies and those with the most at stake have put significant resources into this area. FedEx delivers more than 3.3 million packages each working day and the information that goes with them, and understands the significance of solid IT security--not only in the server room, but also in the boardroom.

Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.

Whitepapers

Advancing the Economics of Networking

Aging network systems and old habits have dictated how businesses spend their IT budgets. As a...

Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch Offices

This paper reviews the problem of creating a network where the dynamic availability of services is...

Enterprise Data Center Network Reference Architecture

Using a High Performance Network Backbone to Meet the Requirements of the Modern Enterprise Data...

Webcasts

PoE Plus: Impact on the PoE Market

The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...

Harnessing the power of communications to increase workplace performance

Due to the convergence of IT and telecommunications technologies, the business workplace has been...

Stay out of the headlines: Detecting and preventing network intrusions

How do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...

Special Reports

The Evolution of Network Security

We have so many holes punched in our firewalls today that many industry insiders question the value...

IP address management in 2008 - six things to know

Read this Network World Special Brief to learn how Enterprise IT managers must update their...

The self-managed network

We aren't there yet, but advances in network and systems management tools are making it possible to...