The article I chose for this week’s post discusses the various interval threats faced by organizations to their information security. He listed 10 breaches that took place at an organization in which he was working, and labeled them “the oops.” Most of them are instances of actions which inadvertently affected the state of the company’s information security. For example, an executive who plugs his personal computer into the network and unleashes a virus, or a failure to remove a departing employee’s login from the system. He was later able to go back in and access information. Another example involved an IT member who purposely built a route around the firewall because the firewall was too difficult to maintain. This was in place for five years before discovery and manipulation by a hacker. The author provided some other examples of internal breaches, but the majority of of items on the list were “oops.” These three incidents, as well as the others in the article, could have been avoided through awareness and skills training. He went on to list some other factors that may have caused “the oops” problems such as, lapse in judgment, accident, mistake, sheer stupidity, full moon.” However, I think training, which leads to better awareness, would have been enough to eliminate the emergence of these situations. Except maybe for the full moon.
I think training in information security is critical. I worked for a corporation that was very conscious of not only security the digital data, but the physical data as well. Over the last year, they instituted new practices and procedures for the protection of physical assets that, while a pain in the ass to follow at times, make a lot of sense. I’m not going to go into what they guidelines are, or how they were changed, because it is part of their internal policy. But back to the main point, we had to undergo a lot of training so that we could understand and practice the new rules, We were also trained on the repercussions of we failed to follow them
No comments:
Post a Comment