information access

Survey: Businesses lack adequate security plans

Tue, 15 May 2007 20:01:39 -0400

A recent survey conducted by technology services firm Scott & Scott in conjunction with the Ponemon Institute found that businesses are still unprepared to deal with data breaches. The survey found that businesses don't have proper security policies in place, are not taking advantage of encryption technology to protect data, and aren't consulting with legal counsel before responding to an event which could leave them vulnerable to legal liabilities. The survey also pointed out the need for encryption technology on all devices containing confidential information.

Read more survey results:
- read the article at Dr. Dobb's Portal

ALSO:
- read this on picking up the pieces after a data breach
- this on maintaining vigilance in an insecure world
- this on controlling information access
- and this on layered security

Going back to security basics

Sun, 29 Apr 2007 20:01:38 -0400

In many environments, basic security recommendations are not applied consistently. Taking a personal and institutionalized interest in applying basic security principles consistently will mitigate more risk and lead to a more secure environment. Improving existing systems also provides better outcomes than simply adopting new technology. Focus more on the basics, like patch management, password policy and malware blocking, and less on the latest and greatest security products. Truly secure environments are consistency secure and have the basics well covered. And don't forget to pick good metrics.

Learn more about the importance of security basics:
- read the article at InfoWorld

ALSO:
- read this on controlling information access
- and this on IT security

Improving information access

Wed, 18 Apr 2007 20:01:38 -0400

There is something of a tug-of-war in many companies between the IT department, which sees itself as the gatekeeper of information and all things technical, and end users, who need access to information. In effect, there is a disconnect between the IT department and power users trying to gain access to the information they feel they need in order to do their jobs. Some IT departments take a defensive approach, locking users out of direct access to some systems or limiting the systems resources available to them to run queries and reports. It's more effective, however, to approach it more positively. One idea is to use a liaison within business units to bridge the gap between IT considerations and business requirements for information access. Liaisons can educate users on safe and effective practices, provide more reactive and immediate local support where required, and feed back requirements, concerns and ideas for improvement to IT in a much more coordinated and efficient way. Another idea is to proactively assess information access requirements beyond prescriptive reporting and then make sure users have the tools and data that match their business needs.

Read more about improving user access to critical information:
- read the article at IT-Director.com

E-discovery and the CIO

Thu, 12 Apr 2007 20:01:39 -0400

Electronic discovery is a firm's obligation to produce all of the documents or information in its possession--including documents that exist only in electronic form--in the event of initiated or threatened litigation. It is important to recognize that in today's business climate, litigation is not always a last-resort. Increasingly, it is becoming an active strategy of the business and is being critically assessed, based on its potential to generate a positive return on investment. In-house counsel should play an important role in information access and management. Managing the content of information should not be ignored. Pay attention to the content of the information being protected. Failure to do so can expose the company to substantial litigation risk. A systematic campaign of education and compliance monitoring is a fundamental element of effective corporate policy around information management. Finally, litigation needs can present a fundamental departure from otherwise highly effective information strategies. Don't try to generate a one-size-fits-all strategy to accommodate the often unique demands presented by litigation. Give proactive consideration to potential litigation when developing information processes.

Learn more about e-discovery and the CIO:
- read the article at CIO Canada

ALSO:
- read this on dealing with e-discovery
- and this on heading lawsuits off at the pass

Finding key information fast

Sun, 01 Apr 2007 20:01:36 -0400

Missing valuable information is an unfortunate byproduct of today's massive corporate data stores. To make sure you can find information wherever it resides at a moment's notice, first understand if you're dealing with structured or unstructured data. Data from a company's logistics, finance or marketing activities can be pulled into a database that can then be fed to executives using a reporting system or dashboard. For a dashboard to work, though, a reporting system has to integrate data from separate systems, which must themselves be sophisticated enough to export it. The alternative is to move to a single platform with built-in reporting capabilities. And once you've moved to a unified platform, you have to persuade the employees to use the new system. But the biggest challenge of all is collecting tacit information that exists in people's heads. Depending on the size of the company, wikis, blogs and corporate social networking software could be a way forward.

To learn more about information access:
- read the article at Silicon

Controlling information access

Thu, 29 Mar 2007 20:01:38 -0400

Some companies aren't doing a very good job of managing their employees' identities and access, which is affecting the ability of these organizations to comply with regulations. It can also have a negative financial impact on the organization while reducing customer confidence, should a leak be discovered. Fixing the problem isn't easy, however, because of the complexity of most business environments today. That complexity makes it difficult to determine and control how information is accessed and used. And because employees themselves are not immune to breaching their own company's security, either on purpose or by accident, identity-based access systems are becoming essential for enterprise infrastructure. It's also important to fully understand the value of business-critical information; without that awareness of the need for information security, security can be compromised in the form of passwords being written down in plain view, leaving PCs unlocked, or leaving laptops where they can easily be stolen. It comes down to this: educate users on the importance of security while taking measures to secure your systems and data against internal and external threats.

For more about controlling information access:
- read the article at Computing

Related Articles:
Intellectual property theft is on the rise. Report
CSI: IT security. Report
Avoiding insider attacks. Report