- +
Ticked Off at Tick the Box Mentality 04/02/2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients? - +
Doing Your Sums on . . . Build, Buy or Rent 05/11/2007 13:32:30
You’re trying to build a world-class IT team, but everyone’s going after the same talent pool. What mix works best? Should you grow your own, draft your players or barter your way to the line-up you want to field?CIOs should never forget that while new technologies have a maturity cycle, the maturity cycle for human beings in IT is even longer - +
Order Takers to Innovators 02/10/2007 15:20:08
How four CIOs energized their staffs to take risks with new technology and generate fresh value for their businessesWhen David Behen became IT director for Washtenaw County, Michigan, the department was little more than an order-taker. And not a very good one. It was kind of like the waiter who makes you wait, then brings the entree with the mains and brings you a bottle of Grange when you asked for a carafe of the house red - +
Your World. . . Hacked 02/10/2007 10:51:23
As your business becomes more collaborative and global, the risks to your company’s trade secrets rise proportionally. Fortunately, there are new strategies to protect the data that allows you to competeThe call to Bob Bailey, an IT executive with a major US government contractor, came on an otherwise ordinary day in October 2003. "Why are you attacking us?" demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey's company had launched a denial-of-service attack against his network
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
Enterprise security executives need to make practices such as safe USB use and discreet handling of patient or customer data as commonplace as not accepting luggage from strangers in airports or wearing a seat belt when driving.
But they can't do it alone; it takes an entire organization to secure corporate assets, protect data from breaches and make sure enterprise-wide risk remains low.
"Security is everyone's responsibility," says John Kirkwood, vice president of Information Security Strategy at American Express, who spoke recently at a seminar hosted by risk-management company Consul. Kirkwood, formerly chief information security officer at the financial services giant, says his role has evolved from security policy maker to enterprise risk-management evangelist. "Security has gone from being a server room concern to a boardroom type of issue," he says.
Part of the reason companies need to reprogram IT organizations, business managers and employees to approach security as a way of life is that so many breaches are the result of insider mistakes. According to the 2005 Computer Security Institute/FBI survey, the number of security events originating within an organization is equal to those propagated by external sources. Privileged users, who have more access than typical users, perpetrate 43.5 percent of those inside security events.
"Security has evolved beyond a centralized team, and it has evolved beyond networks, systems, applications and databases," says Paul Stamp, a senior analyst at Forrester Research. "Security can no longer exist in its stand-alone, enforcer function. It must exist as part of what everyone does, and it has to be created using a two-way flow of information between policy makers and business users."
Business unit unity
To establish a security culture within a company, a logical first step is for security managers to work with other IT departments, as well as business managers from human resources and legal, and then spread the word through awareness and training programs to the entire company population. The responsibility for security moves from a technical, protection role to one that could be seen as enabling the business to function more efficiently and with less worry, industry watchers say.
"Many business units can be hesitant to bring in security, because in the past it has required them to do more work for additional costs and really impeded how they operated," says Khalid Kark, a senior analyst with Forrester Research. "Security advocates have to educate the organization to incorporate security from the beginning of every project that comes along, because it is much more costly to retrofit."
Kark says security policymakers must build or adapt security practices around the way business units actually use systems and applications, rather than forcing a process or policy onto them.
"If you don't talk to application users, you are going to build policies that will be broken right out of the box," says Cory Elliot, IT director at Basic Energy Services. Elliot is working with the chief financial officer of the oil and gas services company to assess the entire company structure, establish a security framework and fill gaps in security policies. He says he realized early that without upper management support and user buy-in the security practice project would be dead in the water.
Computerworld Member Login
Prioritizing Services with IT Service Management (ITSM)
Computerworld Live Webinar
Wednesday 20th, August 2008
11:00am EST (Sydney, Australia)
To be repeated on:
Thursday 4th, September 2008
11:00am EST (Sydney Australia)
Sign up and receive a free copy of The Forrester WaveTM Service Desk Management Tools, Q2 2008 at the conclusion of the Webinar.
Attend and discover:
- How to deliver value to your business through ITSM
- Best practice ITSM implementation
- Why emphasis is changing from optimizing IT management processes to better servicing customers and demonstrating real dollar value
- If service-oriented ITSM is best for your business
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Tumbleweed appoints O2 Networks to its Australian Channel Partner Program 2008-08-29 12:31:00+10
HP ProCurve Brings Big Business Gigabit Switching Features to Small Businesses 2008-08-29 12:00:00+10
Nortel and LG Electronics are First in World to Demonstrate Mobile LTE Handover 2008-08-29 11:30:00+10
GlobalConnect Provides Treatment for Healthcare Provider’s Contact Support Requirements 2008-08-29 09:59:00+10
Sybase and Logica Partner To Mobilise The Supply Chain 2008-08-29 09:47:00+10
Revolutionising Back-up and Recovery
Rapid adoption of virtual server technology, and the challenges associated with the backup and recovery of ever-growing stores of information is causing a number of IT managers to reevaluate their data protection strategies. New backup and recovery methods which use data de-duplication technology to reduce capacity and network bandwidth requirements are being deployed to keep up with explosive data growth, shrinking backup windows, compliance initiatives and security concerns. Read on to find out more.
