Return-Path: <sentto-279987-3799-1005104564-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 06 Nov 2001 19:52:07 -0800 (PST) Received: (qmail 31464 invoked by uid 510); 7 Nov 2001 03:49:53 -0000 Received: from n23.groups.yahoo.com (216.115.96.73) by 204.181.12.215 with SMTP; 7 Nov 2001 03:49:53 -0000 X-eGroups-Return: sentto-279987-3799-1005104564-fc=all.net@returns.groups.yahoo.com Received: from [10.1.4.54] by n23.groups.yahoo.com with NNFMP; 07 Nov 2001 03:42:44 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 7 Nov 2001 03:42:43 -0000 Received: (qmail 39877 invoked from network); 7 Nov 2001 03:42:43 -0000 Received: from unknown (216.115.97.172) by m10.grp.snv.yahoo.com with QMQP; 7 Nov 2001 03:42:43 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta2.grp.snv.yahoo.com with SMTP; 7 Nov 2001 03:42:43 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fA73gmv07755 for iwar@onelist.com; Tue, 6 Nov 2001 19:42:48 -0800 Message-Id: <200111070342.fA73gmv07755@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 6 Nov 2001 19:42:47 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:E-security:.Not.just.a.bit.player.in.information.age] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit E-security: Not just a bit player in information age Mary Pat McCarthy and Stuart Campbell, San Jose Business Journal, 11/6/2001 <a href="http://sanjose.bcentral.com/sanjose/stories/2001/11/05/editorial3.html">http://sanjose.bcentral.com/sanjose/stories/2001/11/05/editorial3.html> The devastating effects of the World Trade Center disaster have rippled far beyond the New York City financial district and affected industries ranging from airlines to retail to manufacturing. Clearly we are in a different business environment, as corporations face a new reality filled with previously unimaginable threats. On a physical level, security has become a critical aspect of daily business life, with companies growing more sensitive to employee safety and the protection of their most valuable assets -- their people. The disaster also has spurred executives to revisit the details of their business continuity plans in order to ensure that business continues to function even under the most dire of circumstances. But as companies address these issues en masse, they should not lose sight of the growing threats they now face in the realm of e-business and the Internet. In a world reliant on the Web to conduct business, communicate and complete digital transactions, executives can't afford to give short shrift to a digital defense plan. Without information security, the bonds of trust -- built up over years between companies and their clients -- cannot be ensured in the non-secured arena of cyberspace. A comprehensive e-security plan -- among clients and internally within organizations -- can help companies generate new business opportunities, enhance customer experiences and avoid liability. Internet security also plays a critical part in protecting brand, reputation and market share. Consider this: More than half of global businesses spend less than 5 percent of their total information technology budget on security. Moreover, e-security breaches cause nearly $15 billion each year -- not to mention the potential legal and insurance costs. It's clear that when companies soft-pedal digital security, they do so at their own expense. Internet security fortification requires an approach that frames the issue in a broader context, integrating e-security into the fabric of a company's business ethos. Here are some guideposts for companies grappling with the question of where e-security fits in the overall scheme of business. Solutions start with the CEO and board of directors. Ongoing success in e-business is fostered when digital security is addressed at the highest levels of an organization. The security program must be one the CEO understands, embraces and communicates throughout the employment ranks. The board also must ask the right questions. There is no "security in a box." Corporate chiefs err when they turn to their IT department for a quick security fix. Security is not simply a technology problem; it requires a combination of the right people and a clear process -- in addition to technology. No two companies are alike, and though they may use the same IT hardware or networking equipment, the data they generate and distribute is different, as are the people and facilities. Companies cannot afford to wait for the perfect security technology before making a serious investment. Remember, no single security solution has ever proved to be perfect. There are only relative solutions, based on a real assessment of vulnerabilities and exposures. A relative solution balances the cost of security against a worst-case scenario. Employees are part of the problem -- and the solution. Bear in mind that a significant number of reported break-ins are inside jobs. However, a company's people are also its greatest security asset. Educating employees about various types of external breaches, and empowering them with prevention methods, is an area that shouldn't be minimized. Prevention is only one-third of the security solution. The other two-thirds comprises detection and response. Intrusion detection systems enable companies to catch a hacker in the act. But once a break-in has been detected, a secured environment also must support a response. Instant response programs address violations immediately, ensuring they don't recur. Although some companies have taken steps to address information security, many are still falling behind when it comes to integrating an enterprise-wide, digital security program that involves the right people, processes and technologies. A well-crafted e-security framework can foster legitimate business practices while deterring illegitimate ones. MARY PAT MCCARTHY is global chairwoman of KPMG LLP's Information, Communications and Entertainment Practice in Mountain View and STUART CAMPBELL is national partner-in-charge of KPMG's Information Risk Management Practice in San Francisco. ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST