Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Security Success Depends on Good Management



 By: Peter Coffee
2006-08-14
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Opinion: No matter what technical measures you introduce, people will do and say careless things under insecure conditions.

When president Bush and British Prime Minister Tony Blair got caught with their microphones on in July in St. Petersburg, Russia, The New York Times blogger Virginia Heffernan posted a clip of CNN video that included their conversation on the soundtrack.

Most of the subsequent comments posted on The Times site concerned peoples thoughts on the presidents word choice and table manners, but one comment focused on something actually worthy of serious thought: "Lets just be glad that neither person happened to discuss confidential information of national/international security import when both forgot that they still had microphones on their person."

Click here to read an interview with PGP Director of Product Management John Dasher.

This is the issue that comes up, again and again, whenever IT people try to live up to their responsibilities—not to mention meeting rapidly rising expectations—in securing critical data and ensuring the integrity of vital business processes.

You can throw technology at the problem as long as you have money to spend; you can throw even more technology at the problem if you hire your mathematicians and your coders overseas, although you then have to wonder about the loyalties and the incentives that might apply when code crosses national boundaries. Still and all, no matter what technical measures you introduce, people will do and say careless things under insecure conditions.

You can burden your servers with 256-bit keys for encrypted databases, but people will still use their own names as pass phrases to generate those keys. You can put rights management tools in place to limit peoples freedom to edit or forward sensitive documents, but theyll still talk about things in the elevator or read things while sitting next to a stranger on an airplane.

Resource Library:

We dont even have to rise to the level of heads of state to find the human factor being the fulcrum of information security.

This summer we saw PepsiCo and Coca-Cola cooperate in nailing an employee of the latter company whos now accused of attempting to sell trade secrets to the former.

New-product development cycles entail broad vulnerabilities—and theres enormous pressure on corporations to accelerate all their processes, making them both faster and flatter. Rarely do such re-engineering drives include a mandate to make things more secure.

It may be a backhanded dividend of the post-9/11 world that companies and individuals now accept greater infosec responsibility. These things are relative: In a time when we have to take off our shoes to get through an airport, a request to change our network password every month and to meet minimum standards of password nonobviousness seems comparatively less onerous than in happier times gone by.

Moreover, in this era of bloggers sharing corporate dirty laundry with a worldwide audience, even the most aggressive head-office manager may be more likely to think twice before yielding to temptation and misusing leaked information.

The 11th Commandment is said to be, "Thou shalt not get caught"—as did Boeing, for example, when a number of the companys employees made competitive use of documents obtained from a former employee of competitor Lockheed-Martin.

When this came to light, it cost Boeing about a billion dollars worth of Air Force business. The 11th Commandment takes on added emphasis when someone with a Net connection is likely to be watching and to tell people what he or she sees.

Irrespective of continuing technical improvements in the infosec environment, technologists ignore the human factor at their peril. Unlike some elected officials, enterprise managers need to lead by example.

The role of every employee in treating information as an asset must be stated explicitly, monitored thoroughly, and rewarded promptly and conspicuously when faithfully performed. Technology cant do that; only good management can.

Technology Editor Peter Coffee can be reached at peter_coffee@ziffdavis.com.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Security Success Depends on Good Management
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Peter Coffee
 


x}kSȲ!bCg}.n'6+Ke[,H2=b?q3J/?mަVUYYYy$ W7-gD.]sjS;q~@ [!%w> (+ԯ1mnf]S/ _hoL|Nშ :#:@.Sk4Z57껲5G4o/ne0S.ZIa>*VOմIlZ/P8$x$ZB;$?*B4mG$oaT}:XS=2pНYBT +X^DP~DM:-4~rwN5yЀk`Vx>;$5CUVekFVlui! 1!oKݿ!Hݤoި@d jId:4`YTi 1<\Ї@ڮSTPfIJ;o tG o c]uק&Z! !$f >v?' QI'q_-F^:X1'@8:)y u<-̿{+_ݸ1Էߌ[좖>GlR[ؼz00!} %D"cˡ,ft 2 eþ;r@)Q_9P╇C`[BUzEÝ3۟^(U{>.GAn+p[N^׵vSq>t;g=rԺx';AڼW;Y_KL~#/@Dr V*$MD&-؁fIu_ǗH5](ŭ~ZJi%ɥvdY̞o fVҐ 'UUXۭީlji]Z77nZ'77bYXC ji@$m vD -E%ms%gr>iu>Sɀ&dXaV|YkU[_nG_C&"rVJZ@R ~8>_8?_OHA҉,N/ `HםBi۲ܺ*BKEɽa(7fhXӀ?$eR2ML8X@.@שS 07'/zppf-n "dLh|]Z P3Z$23}Pru&Sk~$GM \sƚb.L24x){4/^PeP샖_΢k1jNէTwYQc'axL^,ʹeg^R]y6aU?uwܬ.e 4޹ϳ~<}ޡ:Yx:%U.[nC T364>H I!e4%V$cWPsv/*r[h c2ud8İ1nҡ>âxA`:: '>PӚNqRO#Gs>2胎6mb8-ƹ" ,70}HG:qI$wX0|}ZsO6/|Taք^I$>6Z\?`# VLC&B랂9׿eromMA(oIn@X^0G`^@48`88ʼE]uCbӀB=hMu &SsjPB=x?K1 Tt }JIIL}FBt"BђF 4  g cX"K"'3 [AX;.Vi+\fz"BIcyD3,ЂW-Kїtfd(=?l1!UG ,D`v9r,L.Y ϴֱVJԵy}H*5tDބph,af8Bdp=ZISLpQY hAwp=7߄s Ͱ"hZ5{8.Ƈ5Œ{JmRr`81ՠZ&4B uV<ۢf|A8鴉| k2JE'6`FTTMZ|!||=Ꭴm[4@>|z].z8؍8r!O5kb$`CO uP\Oō4 BЊO}=?ٲRd-YV$VWv/K\.L\[KҞ rL+Zԥ1/ E$$"Y `}.-yOgqHLċd-mGwa=nvP jrIlc#5E&:,Wf  ()r?-j5 3XS;hM>]!ŧB 8yRfbnTct ˀQ55QkaAa ĵAb=<Všk&;°{Z\vԻ~|4ݴZ#V!҃FD+ه0`-E=[;b^-#毻BRR4G q/#Y /m0ܡkC>bDugFPOK-K˙'*$Y/g­pPU+@ bN$(Nt=(U+埯:i@Y*#7k Bo`"2l3q/.jt|pݑM% i4_RJ&24Z(@cy62$ u`m\>(epFl`^ \| BK K-PT1"AcK鬡cKU1SOm{hCyX\(Ti;AÒ?DBRcK}ܴ>?CU^oVLSwfZV*ժ 6UT\=W*7;zAq{ @>+zcm81Yo>+}zK]SM7+\3>'=\V`QcF4FX\dHЮ#xi+B#М w 'L`Z>5£ᗬ{ 0v?\3w+q5\ EY;An-4J :2 )& u0Ȁ%|=Wl2۩t>zdV{PBK"nʚ7 S}&-no^F{x,۝Erzm2-E8z.0Jd mؙY%,@:e۴s:i&21065"Z` |iLFbT~\3gbסڳj20󓫻玾vPBpA IǸ}wSO>~UcG6~zi1bN(n<0{L3wB>ִ iQ4rRd2z6P"lZǐlLO/n'U@wOJYTJ`zEZ9y HǞ1L]]2Yޘx4> J>hhG2e7(6CiB/%e.]>/$RIr+Հ%΀,Ox_V8C+`-XRjj#D*"Go&ŏ[oȧ5rVKG~!Wn+~J Dm_-Uղ?YXᐫiI#Ǹ"ZAX_dLAKl!/`.Q(ֶA 4[*X>-DД4ϰ;dRb h kGQh1FyqG̕=%(XU\=QDu@Z:hG*ݔ;YjNIZVڳ$t`۳"0%I"L=ym5uef`<#ϟݜw;} >L7H}MVJȥe0F\0B_==bH%~w9@` |RQ*Gr22DBZNBq<9N+tSN`+T.n߂B&WF@"'!M+73,`jRU\ό&ݽ]VSv&/!(0H_dhǭdU]uv@Ώ.ci4O}ֹIgC*N[Un:NeCMqr`SRH3 J@#G$;Ĥ9}v|{{<=m_}n;lѳY/`y Bz+ǝ^s)\6o>ėlO:~\ZR ^Zd.GypuȒe8*DEypn6<̰֣MG,kd҃aH`q, ' t}Xq q6a4lꏝ%/Q֭ Bb-3Bt|PZ# (ʑ=`=` Ɉv9>c/:͞$BL0B_XH!)$je*K<;mtn( 6F_᫢ٿ~g[ =~_dxHM=8Y,rluJ;t.1?xؾhwNCz?"YZgÍ7"lSOC2L:1D&rޚSE[B5{BaJ;t e~=m2첰uC%<0OќLȔ&='C8 z>SB&T˓4-i^yqj ieʒ~(i' ۡX!^7G8 (OMkz7isy/P}a%3h dgKEҊ2 Pk I"RH>`-*VZZFZ-VVyʏhqz])YLU9$E_A=?rT%}ݙ8V8i;FHS p'#9ʼSsLaZ/ GW .[ }v}`NأU̵j 32bucLNj=5@ \cALuvp߁؉H.Ero 78{Jn-dO1\jm)輳A2 a[Vo lϸG scx2HC%O׀7Zp*gcc=/`HI@R缩gA j(9jtpUbZrL0 SEkƬ1!c+g3-(ǜ؎ w *ڒK0K(p!$~8M{fr+ 7EAn˸!E%Öd._2Xl랟2d]dga$1awr .FxudpF`mRLtH:%.|N&/p)N {xi"5ImglA>TrExz8DoRAan8}S$8$܂gvĝxS<J KC|ET;.NqGJSJI!9C]7N ƿVWUt,]1cl+%+$aJ6ȫʲR6LRNmgn0ij9M79^$G<9Ѧj_f(JagK4~uMz1/ z`.J'ƿm[#ȃj^l py˧6MbIR4lKCy9j|&/fM*-bh>-6 f=]:=@ 5f QXWנI2It$̽M P@Z|ID޶i<5I< -Fxp <(iTG/ryE`Gb8L $pz.>h}46~eMZ)!eEz鎰v/.foM(&5ͧT&@W@2PA˭6Gi[#LkRa Qa >fYԄG=[ p*$9DI D "Bːv蚣0xk\ .iJ"$nciRa.K#kmh| MdQ1~xy ^R|PڼKB+RZz@ C șwumDURDmjD``DɆÎ7f:]2":(]#+TA9S>$qk6[<KXKFrro KF@.C<5I+_A*ÍFkV޷zrڶXe6u0&/t 3>c/W#^ia["Dg;)4vֿu\igDcq!ߥ{jQ+3rnRYB))tϚpE\O\sA,YtS8!@=Wo͓ixHW&'^zA_sh~ۄdW&<^II-ں/hG `|F05c l _8Y=y=&UV忍#+ B y,徯X&S>`z{c~uC2o@45+Q/NF(p5Ɗ8aYXZS@FaR , [&=WnWIv|wouv1 נ)8eQo~ׂu֋^_ZB1$S(y욶=_ '+p>hS&L!(CŜ*lc"8 X"wOx[qSDCX"h?ލ* nO2Ű{4K3T4k`꤯L7v&FiL]LQXCJ;*n5\?ԝSPŁE\y|=K" {^@M!tl6xۜt$I dē;.~GWňkO)G>?WeIU6\ۏo? TŢW\Q#!kjj`/O4#zn@]o~4,R|D?SM}1w⫦> ~.V9Ep+=6i~jbdfiAh!Fv;Kb+6QF$I`kKjj52%^z}F1akZzF-?xǍE/,]Q|U~4.2dRCn4?8^z2js~̙Tl/ZNtXD+cΩկZU9Ps.K\G(zdI2// c|ŇRO&ǪTe:-0S5A_\UBI O|^kO5OM}^Šx!Vy ?l+=uvX5.2{q3kY5BYQs尚ȍF.ޥ5}9 ՗>͹,Qk[:g|?emTdF}{a ??{ r>PP.%(י_w s|t[œo>V-Z]ˎs0d'01!R8HRs҇5o$xޜj $|tRO&S':&L|NL͆$õn͔OtLTνNrExˑ2#=aXYrRfYzp ͬG[VjYɎvn~Xev1h:#纣; gM]jg~R_UX0addd=+DT bxdibF+).3լN[!;áCI?M_%&c# 1"x11t-gfɝ7pY|XC3 cL^^ĭRQ)oR[ZS>_E_YCJ>#oKI c7rtG7%eRS[ٓKU8@`mļDRSx &؛Xi̥7d?= θ9}wǃ""a=X@2>ndeH"4]YUc `xM!Fپ WEkt*4>s(-$=ؘ]]%Ya3>z4:B{| (]A&.!* xtP$l9e1v0!L\nX\xk :L$!iz盫r0Qݾ!?1@L-aDiAX#hBGH[1~eMZsxXҚfm!ah\Z7mDRRBx 1)ӈ)i剻{S}99ߺKqE<{W@tQR*tQ:..( %H)YPOXP؟S?pk2TJLmn$t:S;%̄c,0 uA"\2},GxGaa2?yu:POL5zy 6t(^U=1&  sXDej @̔0د?=').yDci 8^iN4Wd>Hou7s@`>bJM*IdR|WJ\gޕa)걪S/(^ ;e"Us=Mɕ@*9ZȐq/ #&a@}lF(Xw3мL:7InZ-x=i_ڝ+rܺ(lkIߢԲQ7qIYu}Ӿg3f&SE`94eIe)SS9mꌸ4WȁW.}QXml+ڽ'0%yї51o&(񏙟A~jJj9'j:ٙEGN\3G MPkJc> U.Mp4ħEG:WB#2[EENPsNPkN ߬.?i6s;P)GJ.?rOdu,?r#\]~.4۫ۧF4gW9vN?ws?C">he\/s /~/s{ %2g@9y yCȣW9rϡ<PK()ʙ+ʙȟN|ȗks޿ɡ.3.3_/z@/?}}̡OP))g|rw y@9{  wCi]'I9zʛ9|ּƅ)rqC/ ȋOy射:)?yVQ<^`k9x 挿{9;[?kO:u CFW\=o /dmMt^i8&Vap_/{i K{IyHGW4:<)~bye?VRRw;]Cڤ\r!{]W喛O'ikz(s<2g.h{dZ#+mDt<|.y |8SNtw<17 }^Җ1 B8'vd{zUtsn] xK % SG075iq~[~r^<^ȬU.j,7m(ϋ9y}2cپOh] ߒč,3{ %H00(g0>`4[`eR 7㌰6Ǜv3{uCZ7W͋uC=tz}YXW$KeB'hZc(+"@794\9GqbBP[tC=ӯνd ;#}ö0N t U5m_oR-W+w俓v h=""CSL`FTMVYi2ZE9(W&K<3 .=u^ed fMȡ!p<@fJ5G P }:cE{_,m\fH6T<'U~ m'<@7 5v;3Ũ逕@O-w `>ǤK4l&9Kl]i'bN#'MgT&L<)G ?n 3ɕy Xh =xq_SYF D\^:&3!M{6Tx| "e*sa j?5;n%cL$Q6S bYXl;${F( !>p^`ˋiB0H_EtE׿ûr T`a\8ꒌI8q0靁3݌ΊqM Ljǐ]%a5c,[*mL!IU/`  :o=1N525~ɱL( 1 kEF(l#BDe 6{N̄8B:L %}Xx*$ ]vu$$}9m_ =>ZTù([ǞД0k@ ł露#,zHTP}-`7v>kuNܟo-"v#}#8@sr1Fa_Ġ)be h ki8`9o"ߋ!ҚMPL\=O=/k"1pΚl'OS0^ R [QʹT&vUlv7[1ZOeBI<ŗ`<~'zo]>K:#[3Qh5'៴;Xi Nޒ{ھ8 ;C>Bvbd\*KxrHIhC>~EE`A0\|eDį;m<.[9p,Ug "@`0AFS ܀}olI-_gx R}r8I 965O-  `ꎈu@6iRH\*Elf) Kdv9qS}@Eqg˫Hy'm{|w)燸[ 0rczzwY>קgk8K Ӿcd.'XI@ Ik-.,wvUa4,Lb1"[\'QI 8`\6X3,@a)5BO QO80Ux|-h\l}{ݘ]e8Lg񼜸ތ"?H=8HVlw^^Y5El߃*Ԉ|rV$?a91+>c-hwͩ!c׆)0ѕDM1F(M',1f Ax& =`#hxl "nh1 d'k%I' Q >d317Dj0BrQH d[\O_مt&v3k9/YH~1  <99.@$NSP_X1]̐?Q&g\%ƕEyzXqө8Yo>_.)ZByֹIgCRI>Q}v<:~vmڊ.3Jbq')m?t.:7 XغqK'?|:6Ҍ%!tnN[Y B*Ew<=m_}HWzv S$ȕ/ڧ2f#|oUA,j z' l4mEgl(3W'~֥;7 D^R꧰f9PUd%r R⒫+4>S!aa؄;66BJ:6L]_X PI+