Security in the Slow Lane | eWeek

Security in the Slow Lane

Écrit par
eWEEK EDITORS
eWEEK EDITORS
Aug 22, 2003
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

The rising cyber-security risk, combined with the recent Sarbanes-Oxley law requiring companies to deliver greater information security and integrity, are forcing companies to retool operations-but its hard for companies to make the necessary trade-offs between competing, conflicting demands for greater security, lower costs and faster operations. Mark Doll, digital security services director for the Americas at Ernst & Young, talks to CIO Insight Executive Editors Marcia Stepanek and Ed Baker about the trade-offs companies will need to make when trying to figure out the best new ways to re-engineer for security.

CIO Insight: Whats the biggest security issue facing corporate strategists?

Doll: I actually dont think the largest challenge of security are technical issues. I think people have historically spent about 80 percent on technology, about 10 percent on people, and 10 percent on process. I think it should be the reverse. I think it should be more like 40/40/20. In fact, if you just took all the uninstalled security software and just tried to install it, youd have a lot better security than you have today because a lot of the functionality goes unused because youre trying to get an application to run quickly. Speed is one of the first things to go, or you take on more business risk-or you have a tendency not to have the time and investment on the process and training issue, and so these security tools dont get used for those reasons, either.

How much more important has it become for companies to make these trade-offs?
People want to talk about it now. Board level people want to talk about it, the CIOs want to talk about it, CEOs want to talk about it, directors of internal audit want to talk about it more and understand where their position is-and all much more than ever before.

Why?
I think a lot has to do with the new federal regulations; a lot of it has to do with homeland security. I think recent, large virus and cyber-worms events has kind of made it a bigger issue as well.

How much of this new awareness is due to CEOs reading scary articles in The New York Times? Isnt corporate security really just a matter of how many locks you want to put on your door and how inconvenient it is to have to turn all those locks every time you want to go in and out and how expensive it is to install those locks?

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.