Just ten years ago, security professionals had almost total control over what end-users ran on their computers. Today, the IT landscape looks very different and leading analysts and security experts are warning companies that, no matter what perimeter defenses and technologies they might implement, the biggest threat lies within the company - the system users, the human beings.. . .
Just ten years ago, security professionals had almost total control over what end-users ran on their computers. Today, the IT landscape looks very different and leading analysts and security experts are warning companies that, no matter what perimeter defenses and technologies they might implement, the biggest threat lies within the company - the system users, the human beings.

Paul Robertson, director of risk assessment at TruSecure, a provider of intelligent risk-management products and services, says companies that come to him for advice on security policies are either "those that don't have anything at all, or just the basics," or "those that have a lot of policies, but no tidy implementation."

A common weak area today, he says, is company usage policies. Having strong privacy and usage policies can go a long way to protect a company if someone does something wrong. "Policies need to be up-to-date and reflect the situation and culture of the company," says Robertson. "It should be understandable by the end-user, and have the buy-in of human resources."

The biggest concern Roberts has is that there is no easy way to enforce policies regarding passwords and ID sharing and, as an IT expert, he knows how easy it can be to get a user's ID over the phone. "Even good intentions can threaten security. You have to do some reverse social engineering, because it's hard to get people not to be courteous and helpful," he points out.

The link for this article located at SCMagazine is no longer available.