Social engineering isn't a new concept - hackers for years have obtained confidential information by manipulating legitimate users into revealing it. But the rash of high-profile data thefts has put a big spotlight on what can happen when people give out sensitive corporate data without first verifying the recipient's identity and access privileges.
Ann Bednarz is a senior editor covering enterprise applications at Network World. She can be reached at mailto:abednarz@nww.com
Check Point's VPN-1 Edge W security device picks up wireless support
Network World, 05/30/05
Congress offers competing ideas on fighting ID theft
IDG News Service, 06/16/05
To help shore up the "human aspect" of an enterprise's security systems, Al Decker and Rebecca Whitener of the security and privacy services division at EDS have created a Top 10 list of how to create a culture of security in a company (see below).
I talked to Decker, executive director of security and privacy services at EDS, about the need for companies to balance security technology investments with employee training and provisions for policy enforcement. Those efforts need to encompass all employees - including those working in corporate offices, road warriors and home-based personnel.
When implementing security measures, many companies focus on the technology behind the processes but forget the people, Decker says. Yet if people don't have an understanding of a company's security policies and procedures, the systems won't stand up to threats.
"From my perspective, culture is by far the most significant portion of security," Decker says. "Security is about 20% technology, 80% the mindset of people using the technology."
It's critical that companies convey to their employees - local and remote - why security measures are important. Otherwise employees may view security measures simply as obstacles to getting their work done and try to circumvent those obstacles, he says. "Some employees see security as one more task they have to do to get the information they need, rather than something helping protect the value of the company."
Browse Newsletter categories: Branch Office Best Practices | Convergence | High Speed LANs | Identity Management | IT Careers and Training | IT Leadership | Linux | Messaging | Network Optimization | Network/Systems Management | New Data Center Strategies | Novell NetWare Tips | Optical Networking | Outsourcing | Security Strategies | Servers | Service Provider News Report | Small Business Technology | Storage in the Enterprise | Technology Executive | View from The Edge | Virus and Bug Patch Alert | VORTEX Digest | VPNs | Web Applications | Wide Area Networking | Windows Networking Strategies | Wireless in the Enterprise |
|
Does Verizon's Voyager stack up to the iPhone? |
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
Emerson Network Power and its Liebert power and cooling technologies increase IT system flexibility and availability, while lowering the total cost of ownership.
Learn how to optimize power and cooling in network access rooms to keep equipment operating at peak performance and proactively monitor changes.
Read about Sequent and how they implemented a new data center to meet current requirements while easily scaling to support projected growth.
Reduce cooling system energy costs by 30 to 45 percent through five data center efficiency strategies.
