Read Bennett Gold LLP's privacy policies and practices regarding this web site.
LINK TO: Bennett Gold LLP's Privacy Policies and Practices. E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


PEOPLE "WEAKEST LINK" IN SECURITY EFFORTS

Source: IDG News Service

Posted on November 5, 2001

      Humans may be the weakest link in securing information systems, according to a panel of experts at a conference organized by the Computer Security Institute last week.

      A panel during the conference's Wednesday morning session was dedicated to examining the role that people play in securing digital information. CSI is a membership organization that provides training and events related to information security. Senator Bob Bennett, a Republican from Utah who is a member of the Republican High Tech Task Force, introduced the session by calling on the audience of security professionals to make contributions to their company's information security that go beyond technology and engineering.

      "Computers can't protect, only people can protect," he said.

      Specifically, Bennett urged the audience to convince their company executives that data is as important to a business as capital is. "American business has to start to think of data with the same reverence that it thinks of money," Bennett told the audience, many of whom nodded their heads in agreement.

      A company's chief financial officer builds layers of control around handling money, such having more than one person sign checks or hiring outside firms to perform audits on accounting books. "There are redundancies to protect the money, we need the same kind of attitude to protect data," he said.

      The senator asked the audience to make their companies' executives realize this, by coming out of "Nerdville" and demonstrating that their concerns about information security are rational and appropriate.

Assessing Vulnerability

      Following the senator's speech, a recently formed group called the Human Firewall Council announced a downloadable free utility that lets visitors assess their organizations' security awareness by answering survey questions. According to Doug Erwin, council member and chief executive officer of PentaSafe Security Technologies, 350 individuals have already taken the survey, and many of them did not score well.

      Beyond answering the survey questions, Erwin told the audience to challenge existing security policies that don't make sense to them, and to become company evangelists for protecting data. Securing company information "is not just the security manager's job, it's everyone's job," he said, adding that in the chain of security, people are "the weakest link."

      Brett Hovington, council member and national coordinator for the FBI's National IfraGard Group, said that understanding the human component, or identifying who is behind the keyboard, is essential to solving information security breaches. The FBI has begun profiling cyberintruders, much as it does serial killers, to help agents understand behavior and motivations behind attacks and hopefully identify attackers.

      Another council member, independent security consultant Charles Cresson Wood, lauded President Bush for establishing an executive organization to head up security, after the terrorist attacks of September 11. He suggested businesses do the same. "President Bush is doing what every organization should do, creating a new organizational unit to come to terms with new threats," Wood said, referring to the U.S. Office of Homeland Security.




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.