|
In addition to making sure new employees get the
system access they need and former employees' access
rights are terminated as soon as they leave the company,
Orozco works with IT on security policy development.
When she first joined the company, the IT director
expressed concern about the company's policies
on system use. "His argument was we need stronger
controls, and management's reply was that we can
trust our employees," she says. "So bridging that gap
between the two and coming up with policies that
would satisfy both has been important."
Today, Sonneborn has tight controls on Internet
use, and employees can't download programs onto its
systems. It also uses thin clients, and Orozco says the
company has been free of computer viruses for years.
In working with technology personnel, she's
learned that they're very structured and process
oriented. "As long as I have a process and good
checklist, it generally goes pretty well."
In the end, human resources and IT are similar
in that both are service oriented departments, she
says. "They're providing a service and I'm providing
a service."
Lee Kushne...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
r, founder and CEO of information security recruiting firm LJ Kushner and Associates,
also sees the similarity. "HR is shared service, just
like security. Security and HR have a lot in common
because they affect everybody" in the enterprise,
he says.
COLLABORATIVE CULTURE
Melody Silberstein, senior vice president of human
resources at Woodruff-Sawyer & Co., began working
more closely on security issues with her IT director
and IT manager about 14 months ago. The reason
was twofold: the San Francisco-based insurance brokerage
firm, which has 300 employees in six locations,
was kicking off its first in-depth disaster
recovery plan and also embarking on a review of its
security procedures.
Silberstein leads the disaster recovery planning,
which she says has involved understanding how
quickly the firm could get its systems back up and
running after an incident, revamping some systems
for better backup, and building awareness.
"So much of disaster recovery is getting people to
stop for a few minutes and think about what they'd
need if they had to walk out of the building and not
come back," she says.
|
 |
|
