Features
- +
How to Save the Internet 12/05/2005 10:59:59
Imagine labels on software like those on cigarettes - Infosecurity General's Warning: The use of software and hardware that is not certified secure can harm your system and other people's systems, and you may be held liable for those damages.Computing on the Net is heading for a fall because security is a joke. So we summoned the best minds to see if we could put Humpty back together again. - +
The Four Stages of Enterprise Architecture 07/02/2007 14:04:06
An exclusive MIT survey maps the evolution of IT architecture and explains why you can’t skip any stepsIt was 1999, and addressing any potential Y2K flaws in all of State Street's computer systems consumed the giant financial services provider's IT attention. - +
A New Blueprint For the Enterprise 08/04/2005 12:30:47
Enterprise architecture is not just about mapping and standardizing hardware and software any more. Now it's about services, events and - get this - good old ROI. - +
Auction Blocks 22/09/2005 10:09:24
Criminals use online auctions as a place to unload stolen, diverted and counterfeit products. EBay does little to stop them, creating more work for CSOs. Here's what smart companies do. - +
Altered States 08/05/2002 11:45:00
It is a paradox that the one thing that does not change is change itself. Always there, energy sapping and confronting, change is a permanent feature in the modern corporate landscape. Beverley Head tracks its progressPeople are willing to change. They're just not willing to change continuously, says Dr Max Jory, a senior lecturer in psychology at Monash University."Change consumes a lot of our resources," he warns.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
Enterprise security executives need to make practices such as safe USB use and discreet handling of patient or customer data as commonplace as not accepting luggage from strangers in airports or wearing a seat belt when driving.
But they can't do it alone; it takes an entire organization to secure corporate assets, protect data from breaches and make sure enterprise-wide risk remains low.
"Security is everyone's responsibility," says John Kirkwood, vice president of Information Security Strategy at American Express, who spoke recently at a seminar hosted by risk-management company Consul. Kirkwood, formerly chief information security officer at the financial services giant, says his role has evolved from security policy maker to enterprise risk-management evangelist. "Security has gone from being a server room concern to a boardroom type of issue," he says.
Part of the reason companies need to reprogram IT organizations, business managers and employees to approach security as a way of life is that so many breaches are the result of insider mistakes. According to the 2005 Computer Security Institute/FBI survey, the number of security events originating within an organization is equal to those propagated by external sources. Privileged users, who have more access than typical users, perpetrate 43.5 percent of those inside security events.
"Security has evolved beyond a centralized team, and it has evolved beyond networks, systems, applications and databases," says Paul Stamp, a senior analyst at Forrester Research. "Security can no longer exist in its stand-alone, enforcer function. It must exist as part of what everyone does, and it has to be created using a two-way flow of information between policy makers and business users."
Business unit unity
To establish a security culture within a company, a logical first step is for security managers to work with other IT departments, as well as business managers from human resources and legal, and then spread the word through awareness and training programs to the entire company population. The responsibility for security moves from a technical, protection role to one that could be seen as enabling the business to function more efficiently and with less worry, industry watchers say.
"Many business units can be hesitant to bring in security, because in the past it has required them to do more work for additional costs and really impeded how they operated," says Khalid Kark, a senior analyst with Forrester Research. "Security advocates have to educate the organization to incorporate security from the beginning of every project that comes along, because it is much more costly to retrofit."
Kark says security policymakers must build or adapt security practices around the way business units actually use systems and applications, rather than forcing a process or policy onto them.
"If you don't talk to application users, you are going to build policies that will be broken right out of the box," says Cory Elliot, IT director at Basic Energy Services. Elliot is working with the chief financial officer of the oil and gas services company to assess the entire company structure, establish a security framework and fill gaps in security policies. He says he realized early that without upper management support and user buy-in the security practice project would be dead in the water.
Computerworld Member Login
Realise Your VMware Vision: Storage Consolidation and Virtualization for Small to Medium Businesses
10:30 - 11am (EST, Sydney, Australia)
Wednesday, 4th June 2008
Screening live at your PC
Join Computerworld and our expert speakers:
- Jean-Marc Annonier, Research Manager, IT Spending, IDC
- Howard Porter, SMB Channels Manager, VMware
- Clive Gold, Product Marketing Manager Australia/New Zealand, EMC Corporation
to learn about the various virtualization technologies available today and what factors are driving it in small to medium businesses. Discover use cases and technologies that allow successful virtualization and storage consolidation for a more flexible IT infrastructure.
- +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future. - +
Data Management Edition #9: Data centre makeover 24/04/2008 07:43:06
This week CW Live looks at the death of the old style data centre which is undergoing its first makeover in more than 30 years. - +
IT Security Edition #9: Inside the bug trade. 16/04/2008 09:08:12
This week guidelines are released for the mandatory reporting of security breaches and we go inside the black market bug trade.
F-Secure Represented On The International Advisory Board IMPACT 2008-05-16 13:42:00+10
Quantum announces General Availability of Industry's First Solution Designed to Match De-Duplication Functionality to Specific B 2008-05-16 10:44:00+10
Hansen Technologies Extends Contract With Tokyo Electric Power Company 2008-05-16 09:44:00+10
More Than 140 Higher Education Institutions Worldwide Use RightNow on Demand CRM 2008-05-15 18:06:00+10
DST International Names Rob Gould as Director of Business Development and Strategy for Australia 2008-05-15 15:40:00+10
Application Modernization: Preserving Your Organization’s DNA
Modernization has once again attained buzz-word status. But like any other term with billions of dollars swimming around it, modernization has taken on some unexpected connotations. Read on to discover how to embrace modernization in your organization successfully.
