Access "IT security education climbs the corporate ladder"
This article is part of the May 2013 / Volume 15 / No. 4 issue of Compliance and risk modeling
It’s a recurring theme. Security is the IT department’s problem. We see it time after time. When asked about security, middle and senior management defer to IT managers and associated staff for answers. Delegating the technical aspects of security to IT departments, especially staff that specialize in security, makes sense. Middle and senior management should have input into decisions that affect everyday business operations, however. Do business managers possess enough IT security literacy to ensure IT practices and policies aren’t adversely affecting business productivity? Unfortunately, many times, they can’t even ask the right questions to determine if their input is needed or not. When a user’s account gets compromised at one organization that we know of, the user is locked out for 24 hours. The account is literally turned off. The person comes to work, but they can’t log into a single system to get anything done. This “24-hour lockout” policy was determined by the IT specialists who setup the authentication hardware. The policy wasn’t created by the ... Access >>>
Premium Content for Free.
Editor’s desk: A chat with Peter G. Neumann
by Kathleen Richards
Peter G. Neumann shares his thoughts on the inherent complexity of trustworthiness and the evolutionary promise of clean-slate architectures.
Apple security update: Is it ready for the enterprise?
by Karen Scarfone
It’s hard to declare Apple security as superior to its competitors, but it’s also hard to fault it as inferior.
- Editor’s desk: A chat with Peter G. Neumann by Kathleen Richards
Reframing compliance with a threat model
by Tony UcedaVelez
Too many compliance programs miss the mark. Tony UcedaVelez explains how leveraging a threat model can re-energize your strategy.
Data breach protection requires new barriers
by Ernie Hayden, Contributor
Assumption of breach is the new norm. Can this shift help organizations build better levels of data breach protection?
- Reframing compliance with a threat model by Tony UcedaVelez
Marcus Ranum: Q&A with clean-slate pioneer Peter G. Neumann
by Marcus Ranum
Marcus Ranum, security expert and Information Security magazine columnist, goes one-on-one with clean-slate luminary Peter G. Neumann of SRI International and formerly Bell Labs.
IT security education climbs the corporate ladder
by Doug Jacobson and Julie A. Rursch
Managers need more training about technical security threats and input into IT policies that threaten productivity.
- Marcus Ranum: Q&A with clean-slate pioneer Peter G. Neumann by Marcus Ranum
More Premium Content Accessible For Free
Unified threat management aspires to the enterprise class
Unified threat management (UTM) long focused on small and medium-sized businesses, but now it's climbing the ladder and attempting to become ...
Threat intelligence and risk: Why cybersecurity hangs in the balance
As more security professionals take on greater roles in global risk management, Global 2000 companies are investing in cybersecurity measures above ...
How to respond to the latest distributed denial-of-service attacks
All indications show that DDoS attacks are increasing in variety, number and size. No network system is immune and information security pros can't ...