- Nokia's new N97 vs. the iPhone
- Talk-powered cell phones?
- FBI: Copper thieves jeopardize U.S. infrastructure
- 10 Microsoft research projects
- Smartphone smackdown: Storm vs. iPhone
Think your security staffers are trustworthy? Competent? Knowledgeable? Ask a security professional for horror stories and you might think again.
Here's one from Kevin McDonald, executive vice president at managed services provider Alvaka Networks, a member of the national board of directors of the American Electronics Association and author of several books on cybersecurity. A construction company client of his had a senior IT person who was also in charge of security. Somehow, this head of security convinced the firm's owner that it would be cheaper to store the company's employee databases at his home, where he had fiber-optic lines already installed, rather than store those databases off-site.
You can see this one coming from a mile away: A conflict arose between employee and employer. Before you could say "internal threat," the head of security was sending threatening e-mails to the construction firm's customers, telling them that he had their private information.
The action "fundamentally put this guy out of business," McDonald says, reducing the construction company's contracts by some 70%. It took six months to shut the rogue employee down, given that -- of course -- he was an authorized user. Only when the employee threatened, publicly, online, to use the data in an illicit manner, was the FBI in Los Angeles able to enter the employee's home -- after the employee had already built a site and lain plans to put some hurt on his former employer.
It's a worst-case security scenario of hiring a nut case. Unfortunately, the security sector isn't immune from bozos, incompetents or know-nothings, whether in their midst or passing down decrees from above. Indeed, security pros are less likely to be judged on the merits of their output than are, for example, code jockeys. What gets in the way can be politics, bad luck, misguided C-level execs, out-of-control consultants, lack of communication, isolation from other parts of the business, blind faith in certifications or simply the difficulty of getting rewarded for what doesn't blow up.
And that's just a partial list.
But take heart. Good companies can weather bad apples in security. Herein, an outline of common security weak sisters, along with the tools on how to cut them off at the knees.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (1)
Security AbsolutistsBy GodAndSecurity.Blogspot.com on July 21, 2008, 6:11 pmWhat about the "security absolutist"? Too many security professionals seem to love the power of bringing projects to a stop because "they aren't...
Reply | Read entire comment
View all comments