IT Management - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  IT Management


How to Integrate People, Processes and Technology



 By: Paula Hamm, Symantec
2008-06-11
Article Rating:starstarstarstarstar / 3


There are 0 user comments on this IT Management story.


Rate This Article:
Poor Best
In today's interconnected marketplace and global economy, information assets are at greater risk than ever before. Symantec Vice President Paula Hamm writes that security incidents have become increasingly more devastating and expensive, not to mention public. Recovering from data loss can have an immeasurable impact on an organizations reputation, business operations and ultimately, its bottom line.

As organizations continually increase their dependence on IT systems to conduct business, mitigating IT risk has become a top priority. But effectively managing IT risk is no longer a matter of only addressing technologyit's now about integrating people, processes and technology. The effectiveness of even the best technology and processes is frequently undermined if employees do not understand both the value of the organization's information assets and their role in securing these assets.

With so many security threats on the horizon, it's comforting to know that the strongest security asset is already inside the company. Successfully protecting information assets requires employees at every levelfrom the top downto obtain a basic understanding of the security risks, policies and technologies implemented to help mitigate those risks, as well as their respective responsibilities in protecting the company's assets.

When it comes to managing IT risk and creating a highly reliable organizationor one that has zero IT failurestechnology plays a crucial role. Enterprise software products work very well, but to complete the equation, people and processes should also be addressed. A recent study conducted by IDC showed that well-trained teams were twice as likely to properly protect their PCs from security threats and were 60 percent more likely to successfully complete backup jobs. This proves that, while processes for routine events are critical and can help ensure that mistakes don't happen, it's the people who help ensure that the right things happen.

Human operators are often the most essential part of any equation. When the human side of the equation breaks downdue to insufficient expertise, lack of experience or inadequate process designIT systems fail. But, with proper education and training, employees can become an organization's strongest line of defense and its most valuable security asset.

Security education and training also helps organizations improve their security posture by offering employees the knowledge they need to better protect the organization's information through proactive, security-conscious behavior. To successfully protect information assets, employees at every level of the organization require a thorough understanding of security policies, as well as their respective responsibilities in protecting these assets. Additionally, technical product training helps the IT personnel ensure that they properly implement and manage their technology and optimize its functionality to better protect the organization.

Resource Library:

Implementing a security awareness training program can improve application and infrastructure security and enhance security incident handling and response. Once employees have a basic understanding of security policies, they can apply simple steps to help them protect the organization's information.

To be effective, a security awareness program must be ongoing and include continuous training, communication and reinforcement. A one-time presentation or a static set of activities is not sufficient to address the ever-evolving threats to the security landscape. The key messages, tone and approach must be relevant to the audience and consistent with the values and goals of the organization.

Equally important, an awareness program must influence behavior changes that deliver measurable benefits. Merely providing security awareness training is not enough. Organizations need to know if training programs have been successful in changing behavior. Measuring the program's effectiveness requires metrics to be set in place from the start. Not only do metrics help establish a baseline of individual and organizational competencies in enterprise security, but they help identify gaps in current training initiatives that should be remedied. They also improve the methodology and content of training programs. Measuring training effectiveness can also prove useful in validating the competency of the training entity itself.

As with any program, the success of a security awareness program will rely heavily on how the information is delivered. Security awareness training should be incorporated into new employee orientation, as well as special training sessions by department - while executives and managers may be more receptive to training that is incorporated into regular management meetings.

A good way to reinforce what has been learned is to offer rewards and positive feedback to employees for improving their security behavior. Rewards can be presented to individuals or companywide. Announcements can be made through company newsletters or mass e-mails that show employees a comparison of statistics from before and after the training. Seeing that others in the company are making the effort to become more security-conscious will further encourage employees to continue good security behavior.

Designing a comprehensive set of computer-based training, seminars and other live training experiences, and communication tools, can all be part of a security awareness training program. But, to save time and be more efficient, organizations can also find outside help from industry veterans in the design and implementation of their training program.

 Paula Hamm is vice president of Symantec Education Services. In this role she is responsible for the development and delivery of technical training to help customers maximize their investments in Symantec software, as well as custom learning services and IT best practices education.

Previously, Hamm was vice president of product management for Symantec Global Services. Prior to joining Symantec, Hamm held product management positions for various security product lines with Axent Technologies. In this capacity, Hamm developed the strategy for a new security management initiative, managed network scanning and Unix security tools. Before that, Hamm was the manager of systems engineering at Software AG. She has also held positions in systems engineering and database administration with EDS.

Hamm has a Master of Science from the University of Maryland and a Bachelor of Science in computer science from the University of Dayton. She can be reached at phamm@symantec.com.





  Reader Comments: How to Integrate People, Processes and Technology
>>> Be the FIRST to comment on this article!
 

 
 
>>> More IT Management Articles          >>> More By Paula Hamm, Symantec
 


xks8(y\9;N1EۑR%XRMRQ$$qLZ37nBK$}6FhD޻%;acqE1]zk;oHR}o履Lß2J. :AZ&!:,o)> #YخetjOu{#|6b%?w *sR{:€wɄ_Sx^ۗͩ6Q7;6GubhqF@#: rWü%h-#@I.RfGuwf\.G=4HPߢȱ}3{Pe3;6m( !)/FXP~FDcfCovN|w0vaz3K[7@SѠ*"U{AehZ&92&h #wJ3v"S#&u@hl2IR3܉H;@oX S*HTfFԴ55x-y5G@̱=ǥ>.$gtj.O֟GB?঳J[8Qz>2=h{' a;6]u~CocZZ[u7cי!֛VQT(8a#*m y {_2o:v-2q騖A\eY33ML&kS_֭#U)j%;ʗ jP=ߋWwm8we{2g՝ֺw+)U;e? n04h;@b* E}ruOu~N֯9 m |'k[L \R)?ƙ|a|Ol@tXB^ ,> x[^ T ռS|٥rǹY3(2,"[dni][WW^['gW)fٚY J%dPY3oMzUi}^i4['g:RڟmOoklxiuHZ䖺540R)V%%fE&>u}B2,_Odo;ٞBdu!糎;W=ReQcof ȰnO<Ӡdr* 1@/4TUt-Mf_#dL&Zh-Aho *Kh.Lr5&@Sk~$M cb.L2w<| m\—V/(A/- 5|*ٛ"Kn;Cxr!DKI88{FNRٌ.[\08?כUsNWt];3e{Zw{\?m5ZMһ^Z0*>c]f%",QqsuXStT˥jd:|5 *߂WL F̶-a[Sisjܟ<0tZC6tvϧ0P@= pЦޡR?3}MiI7D4@.~;ͥn]?&tnYPŞ+ CߜRoV˨U0E 6z&6P6=ol299 L&&0`D֠wMPbLTE=PAX4u'6(X3PlmV3-mhZ`1 .5:%~Fmi0x?z2r)%dh ⣋ 4.g@)AH =99^ Ŋ?H^MHX)Vp`(ݞH:w@)sXHأXB YX/_b23C$ɤX9!{MfT`[ᇥDKak`F^R^-FMASIIL;RsJNCT"ğ;l;{ Si#Wu??t)iBI ?,xݥpoFnB?1fѦ)jM&C3^ ~2ۃ-=Ȣ&565uBX͙3e  n̍M(َspL(> }Y9&_"|k۬ ԙ> .z:HLq0xnv(d g;[䞅ҁ+O)YXX`nMRd0q6q :SXh8GCW4JU=?~MkCp@r6y2Kmg@xC X{+/,7(kA+_iid9fX6X.]4^`Na<*)Ϳl 1ȤmD r^six)Kˌ7V)9|RP($y< ,D0(2n@7MVRQy9:' ȃX`r=|6O7}]Lk}\Srj%ּݬ`jB[$ zDÈ ;qĆZ jYMfvq?pߎ3XAm9k+sD ü z33Jјljl\am(},LZ[u3up]8􃽩ojvQly2G3.d߉&z>)km!5]9~ܘye`@mY@?늪c]}2hSIpgOؚIyMLYr+bL sݿxji==cM?Mٜܶ zWO!SD9^%Lɹ%wA6ZPn2`e~.xVKi3'Gu"M.";&́08zGdD|zZL*>]xHf6J@ b9˞7Gc3 "J{x@tɂ' xWJ\9_-p/g$ ,$(EDBs9ǃ۷BlpH3T!,8{Jeo[ xr20jX 8fX&1WKƼ 3Z cCs7OZ= ПBQ`nо(&s,$\auvHG/]IKu?;$yCv/i>r 8q~O8eAaARҸ]`Jf럇xD`UUESjwZb0K= L@IP 4p=".FkC曏^JE^6銿z<;o Fk;rӸо_xtϻW9o_8~R`'Mqpqu4)$yq~|hq0nmǛ&yLk쇤3;f쐺Cվt+,SVXs! V⸪,49Fπa6(n4'lC{k^GWX2kv-&ɖ+tzăy\H@ $X)XCu:]7:KyIP ` bcALFrEl&z\G>egI/QAP):(9Q{ [Hҷo@WYGD{_q+ sz8~& \3Z9nl&BR^'28=h)9sڏH/pQZiluz}H&aP;DN[3pu*dhw<)~[ħ{, /䎑b1T$0m0결t]$<2OђN)$tJ3I8 z>RB' ˓8/+qYO(eqhd*ꒀ~*~(h&'ءؠ۳]6.'8 $ k|wisq/ޡ -&XuTո f;ɫ؉\lj9l0t`& !9*l!{~UV۞Nm#Hֳ?{'qߋ8t2Ti 'sX2w{ѺB wz$sm#ڂqj{`ֳ}s@לM(|sE1sFΚڭZn9O_۽$vl'*A-sM<#P`G- ֔I3qCDHޚ2E3 _5d3;a2*|\BZydVa?1 W^L·⎭zgQy}|x8=$[+o' g|o#'M_j S&5ŷ)%4y˭ LdT/2K[⹏^}lQۏo%~!ѩi*2o,]P#Js%bb'a>,czHsFJXfھւPe~ݯ?#0u9q\KS*\%" ; ᘠ9wkǽGg5Հ(hY&6D;nݯ?7oESqiXhnrN5) /|\6=9Z31ˤiM_HcJ] = ]p8_PM&W_K9FM) _=O=֒/zPY+:!%{>*@:3̕{ȥ%XNV$qWb|گ,|wh/Mk/GJd0TrSIޛ%;S 0F]R`8v SUǽ9(}%MO8 `BhAW6Ag\uL \I}gBIkB}exu 9 NS^>8V 1(2&-qoa]?ei3SjeW0g|xV|7Ɣ^gm<i,)S$J]y':bR.ވA2K/vn¨X+(Y9mƈ ݄{_:$+ 19yyާD4 nFA\gd `gg8ʧ/}4sЫઅ~tuOx9<7o7gG|yfS1`@ MA_|s5VUR! Jpy#H?b@Q1T9$LyW6֧ic`jp̓z9r c-uVJ9Y I&3d{:% .%cD ('y2%pK-g6eQOԟp Mk1t_?ANQ#`$RVUT{e{ ϗV@G7m\L40V#;0ɏ:PT9‹~!!j UpI~׷3o,H *]jo@SG{RT ۭH@$R$ [<$2x~׷2I8V±̜KpAÿÿÿÿŪ?ݿp3?lq}!uuzhn '1߽#.5 "4Kn G"x iL E1UHōQW,9 k[TK)H}ImH)[u-9\Q8[~{9Z7wFطhzREuq2g:p!"A$D\|=\"ZGQgbXiY:˅qО09*/^0I J%ps*EiBߒՊH}A05 %Coxى؆a:<IpĭS_r{ Q?-Q ){54{I'mvL}PHpңɰ~*|_ؒ//WX`.KGNL_±$04zxHT{nswtW,*ey:u2# 44)='RCC>xFS3F@4z $yNX/cݏen}ˊZJNHד7ϵ(X2n>a#$##|[2|&՟˻<pah_%:i6W~{)K'1 Q7 'S($#)RA}ڹ{wqK}ս7DZ {7d- Xj G%?[Fב=pX5eSPV3gYw5p<&OưGonD^L1E,B0 9;6[7o٫XfER2o jߦ9m_u_(LV^s UQ7=˺tҕDxoJYV8VCM}_MYRy]z>(N2@04I/3$6E ZHcc9#yh0cT2̬-xdny4VHs y3ͅ^8=_}nj8|uLMg|K^꽊,x[UؙŵERd^LBصT '񋀓C4X!ZpP]?zUcct\51Dj:4LoẊxg~sRYLI#@q"{wo"rתrlnLsZWQIJRP_h | 5ɊfTf8CnDX}:Y@d/ :äIY|’ͦ00} QCpw}`ތ=S8 n8 w>fZȦE}hיSoy>$x&;(6v^,hp ,hӑ!ۖBb5xb-*I8h8+s7 UlNhA %.9xb8M>eR)<%I]1+dB"@Ր) =wzhu﷮zxa@.™c_`Ck._ ritS[qB=j35'va]Q f6Ox|_,h7uRVZw}؛X@?r65Ec9ҔC7zuꢗBR/ROaH;l(% @9 dU 79w=?_z=&jƄ[,NF d k(Eq|b]+],(.gx ns6#26f3/vȠ %KmH= K&(?/q D bB3ȥ4͒o l;G| Q+DjVE)T&}aA=`A!>­!Rta/yn^L?q9QK7Qam:;kw ;uV!50pdjkb(̨flx Vp#tDZz0usyLX: 47OB$i`P)<<&1.ycq ظWyN4Xo o覫o, |bNy`p3W*J9W &u%O<3›HcE)8s;(޴7YR')ʗ0镤B%^TFAgL͔rg);Lc/ \~SlW奈OIw};)}:)@;)vRIOы_|)gP~Rw({Jy;)0){s"?0~))wAtSOK7E\\%U )'ss'O)?C>3s ::S/>IR<9k\ 8K"2SZ9,.NSʫPJ9(OXi׻)Zee KL)/z)^}{'sg+kی+ť$W 7iKxUy%kkF1jttbat5KHe^M!)Ineb^ ydcB bye?bw;]sܤ\se=mbU} 1Tb%dܹhΑcY],(}hiͦpdaOdO\S2Lb><\n`>3v)ݥ, oe*osqoj,@ @9^\pmঠѮsWgpK|{*2U75idpg? <2kӫk+ckp'k͠?~%shD0? at渾5OKȄ+,yO EU&4oixYk@o#{,*fc|&Hq>l|h|Z˳Ok 85Ϝb8y$џXzqVX&@HWz?8߅+j W諡z:Hå]Neo̮`h@Ll>JU-(er)s=oeLTz@t *+99W!=a`RZ,&K<# .m%F1kнmj< b84xK1'B&\CxGtċ`l&r!)2dofN_":7)5@!(,dJ,W{S@3ޚ7^fɼ1i*m {{[d7:'oɔQ$;w9X!DøfE z=yiSrOKz`5z ~ztY 123U{23q.t0 , "XCvqe>m]=SFEVx_<L^\wc-K>Xv7i\Nk> Od1Sf@L @||5hOu$q5V$ǖ2C( kGoiAfywDVLr H ω$r&IͶ湎3];5صkQݍ;3ix\ n2s&ɑ KL+u.|e'v܍0OqJRf«.MȮkfAjܴ: s.͞5Oak#>`yOʗ.[l#H\ Q`xϡI'kR`87'n](:3%>}0RO7i`_CFbЗ#+&30-S4J(KEͱF{ n='DOnӦuMDfβR5[~w[oS|TDJE F*3K-{{@ă?X!C9mBp,Is,n!ߚR TD2v]K= |Eɳdv/+ 0bŽOm=HiUx.AGh|oې/)0XP7v6v>OjF!x["]읚>G'#rӘ2J1А8v2OAi~n\y(o݊66x}ưҀA0e]:γ@W]⁜0ћ1F<. =ۭc/p,ZftGpρ!XsCQF5f@k0.0r:Y )6٥co' Sm1\[ۂKK-6uV¥"UX HMbX,8.# $_-rN稥l@EqH'@ymm<^<:y,E{S[n6-ӛ~H׶I5"`:Vڕ+ꃺiLn2?Z" @ݕ D7#Tx `GYu`Kr 8ǩl61[?܋ϑ{Ⱦ6 Yf+3ccRɸ{m epCdkZ+ DqS XMǢVWQTR2!;/fkpe3="@a)5\dBLN Sw 3pRaL $b[иeCGn0}"+poq-iL%90Eg8yja&'"eyS$Y"/ X+2ƋC^y+{hB(O}i9׻~XYp(z: /UX!6ژъ_kOݫ]CKoxq㇫TP- Q{l%A0|el_|WTP0Eh⍾#01|4ߛ3Ө)jI-ǂI#;oE1um*aR*.{g;AL쭽s6%c(|N!KqkYΦK+Η5Ç>$Q6s6BKslLd-6C-{Ȳ