Contrary to popular belief, corporate sabotage is among the least likely causes of computer security breaches. According to an April 2002 survey by the Computer Security Institute, sabotage accounted for just 8 percent of system attacks in 2002. Security breaches . . .
Contrary to popular belief, corporate sabotage is among the least likely causes of computer security breaches. According to an April 2002 survey by the Computer Security Institute, sabotage accounted for just 8 percent of system attacks in 2002. Security breaches are more often due to errors by end users or administrators. The inadvertent gaffes are the main culprits for introducing viruses, allowing denial of service attacks, and opening entryways to supposedly secured data.

CIOs can reduce, and possibly eliminate, an organization's risk from these errors by creating and implementing a comprehensive set of IT security policies aimed at user behavior. These policies, along with efforts to educate users about how to eliminate security weaknesses, can thwart future vulnerabilities and boost awareness about security issues throughout the enterprise.

Defining IT security policies and making them operational is no light task, according to TechRepublic members. A good security policy must address both end users and administrators. On the user side, policies should address how the staff is allowed to make use of computer equipment and applications, according to TechRepublic member William Graham, president of G&G Computing consultancy in Fort Campbell, KY. Graham recommends that end-user policies include the following:

The link for this article located at ZDNet is no longer available.