COL KR DHARMADHIKARY(RETD) its very late to reply the link, but if it is still alive and looking for opportunity, i would like to know th...
32 minutes ago by deb021280 on Education takes off in rural India, helped by PCs
We have relaunched: What's new at ZDNet Asia?
ZDNet / Techguide / Internet Security / Story
IT security policies: Why they don't always work
Summary
IT security policies never pleases everyone, and can be nebulous and difficult to get right. Learn from one company's experience of getting its plan to work.
Topics
im, it security, messaging, michael kassner, policy, security, strategy
Events
Microsoft MSDN/Developer Event
25 Mar 2010
One Marina Boulevard, Microsoft Singapore
IT Architect Regional Conference Singapore 2010
20 - 21 Apr 2010
Singapore Management University, Singapore
The Internet Show 2010
21-22 Apr 2010
Suntec Singapore
A client asked me to attend a meeting. I said sure, asking what it was about. The client said they wanted to revise their IT security policy.
That's good; we both knew there were some problems with it. The CEO also knew that getting buy-in from everyone was critical and she expected it to be an uphill battle.
The results
Surprisingly the meeting went quite well. The CEO explained the situation and everyone got to work. In short order, the group agreed that most issues with the security policy were due to three reasons.
1: Policy was vague
Most IT security policies that I have read aren't very clear, thus absolutely useless to employees. For example, the company's IT security policy states that social-networking applications are not allowed.
During the meeting, I asked a few employees about their use of instant messaging (IM). Besides feeling they weren't abusing company guidelines, everyone mentioned how IM made their job so much easier. No one saw a problem.
That confirmed the vagueness of the security plan. Wanting to eliminate any ambiguity, the group came up with the following changes:
- If certain programs or services are banned, specifically mention which ones in the security policy and communicate it to every employee.
- Revisit the security policy periodically. If need be change policy to meet current business needs.
- Technically prevent banned applications from working rather than relying on user education.
2. Security versus productivity
Security and productivity are polar opposites. The best anyone can hope for is an agreeable middle ground. During the meeting it was very evident that it was more like a no-man's land.
IT personnel were doing their job as they understood it. Some security practices were adding significant overhead to the production process, but in their eyes that was acceptable. The plant manager disagreed. Increasing production and reducing costs were paramount for the company to remain successful.
Who's right? I'd say neither. Regardless, a turf war is bad for everyone. Under the watchful eye of the CEO, both sides worked together to create a strategy that should improve security, increase production, and reduce overhead costs. Now that's an agreeable middle ground.
3. The policy applies to everyone
I found interesting, the discussion about whether the security policy applies to everyone or not. Some employees actually felt the security policy didn't apply to them.
The CEO quickly put the matter to rest--it does. The CEO wisely pointed out that if there is a problem, revisit the policy and see if it needs changing.
Michael Kassner has been involved with IT for over 30 years, and is currently a systems administrator for an international corporation and security consultant with MKassner Net.
Transform your business interactions with real-time voice, video and telepresence solutions.
Tech Vendor: Cisco
Tech Vendor: Cisco
ZDNet Asia Live
It was just a matter of time until google was marginalised anyway. I'm afraid this will be forgotten in China very quickly. Still, it...
2 hours 37 minutes ago by robinsmith on Report: Google to leave China on April 10
High performance computing (HPC) most-wanted job in Asia http://bit.ly/9vFC3i (via @zdnetasia) #singapore
2 hours 49 minutes ago by mySingapore on twitterHe doesn't care if her shoes are of glass, All he wants to see is a huge rack and nice a*s. Sleeping beauty's not awoken by true ...
3 hours 6 minutes ago by warlowdavies on One pair of 3D glasses to rule them all
RT @zdnetasia: EMC COO, Pat Gelsinger, on bridging gaps in the organization and its cloud ambitions in Asia. (cont) http://tl.gd/i5jjd
3 hours 37 minutes ago by mistymaitimoe on twitter
EMC COO, Pat Gelsinger, on bridging gaps in the organization and its cloud ambitions in Asia. http://bit.ly/9etOZW
3 hours 41 minutes ago by zdnetasia on twitterSpoke to EMC COO, Pat Gelsinger, earlier, and here's the account of the interview: http://bit.ly/9etOZW
3 hours 48 minutes ago by kevinzdnetasia on topsy
Asian SMBs need to pay more attention to disaster recovery planning http://bit.ly/bDet08 via @zdnetasia
3 hours 57 minutes ago by asiapacsolution on twitterAsian SMBs need to pay more attention to disaster recovery planning http://bit.ly/bDet08
4 hours 12 minutes ago by zdnetasia on twitterExperts: social media guidelines good for upcoming Youth Olympic Games, but focus on cooperation, not enforcement. http://bit.ly/d9M0BQ
4 hours 19 minutes ago by zdnetasia on topsyAsian SMBs need to pay more attention to disaster recovery planning http://bit.ly/bDet08
4 hours 21 minutes ago by kevinzdnetasia on topsyZDNet Asia features IBM collaboration roadmap story from LCTY Singapore - http://bit.ly/9CuSbZ #lotusknows
5 hours 14 minutes ago by lotusknows on topsy
[TECH] URL Shorteners slow Web redirection. - http://bit.ly/bySnWK @zdnetasia
1 day 55 minutes ago by danielcktan on twitter
URL shorteners are great but they can slow web redirection & you pray it would never go down http://bit.ly/bySnWK via @zdnetasia
1 day 23 minutes ago by angahsin on twitterTemasek Holdings eyeing tech stocks, indicating optimistic outlook on IT sector. http://bit.ly/aM7VwU
1 day 52 minutes ago by zdnetasia on twitterURL shorteners slow Web redirection. http://bit.ly/bySnWK
1 day 52 minutes ago by zdnetasia on twitterChinese agencies cry foul over Google. http://bit.ly/by6rwV
1 day 58 minutes ago by zdnetasia on twitterPhilippine antipiracy drive focuses on enterprises. http://bit.ly/aWryDC
1 day 19 minutes ago by zdnetasia on twitterGartner: China to become world's fastest-growing enterprise software market. http://bit.ly/bqJTtb
1 day 20 minutes ago by zdnetasia on twitterall of sg's isps have been practising compulsory invisible proxy for all home subscribers at their backend since many years back alre...
1 day 16 minutes ago by melvinchia on Web filters mean bad news for businessit is not to good for china.
Proactol
RT @zdnetasia: HP touts new products and management and productivity tools to address business computing pain points. http://bit.ly/dudgA6
1 day 31 minutes ago by LiruChan on twitterFor those with a computer science background, or interested in the high performance computing scene: http://bit.ly/9vFC3i
1 day 56 minutes ago by zdnetasia on twitterHP touts new products and management and productivity tools to address business computing pain points. http://bit.ly/dudgA6
1 day 4 minutes ago by zdnetasia on twitterVery good explanation of JMX
2 days 6 minutes ago by Babith B on Managing applications with JMXThe reaction to a report issued Tuesday by Flurry Analytics managed to completely overlook some interesting news--the Android-based Motorola Droid outsold the original iPhone over the same period of time following their respective launches--to focus instead on the sales numbers for the Nexus One.
2 days 9 minutes ago by lonemavericks on diggsAnother ZTE story....
2 days 11 minutes ago by Moderate Your Greed on Philippines opens bid for final 3G licenseWe at www.fifosys.com have also seen a growth in IT outsourcing and anticipate it as a growing field.
2 days 45 minutes ago by sarah Jane on Companies' outsourcing spend to increaseI agree with you. The iSiVaL is super portable and TVs can't expand their image size. I recorded a video that might bring some ideas to...
2 days 15 minutes ago by Jesse B Andersen on Buying a projector? Try an LED TV insteadhermm... he deserved it.. he shud not talk abt sensitive things like tat, well, he shud think twice before saying all those things, event...
2 days 53 minutes ago by ... on Facebook user charged in MalaysiaPassword manager tools are potential security threat. Criminals who hack into the computer can use the password manager to log onto any s...
3 days 53 minutes ago by ohanae on What defaults should random password generators use?I've found the cross platform utility unetbootin to be rather handy for this kind of thing as well.
3 days 27 minutes ago by Jim on Use Live USB Creator to install Fedora 12 from a USB stickThanks for the article. I think the debug command has an "\" after "C:" it should say w32tm /debug /enable /file:C:\l...
3 days 28 minutes ago by Roger Biefer on Manage time accuracy with W32Tmavailable in singapore now
http://www.portablemall.com.sg/goods-71-Microsoft+Zune+HD+32GB+-+Platinum.html
How about just using http://www.random.org/strings/? It is very configurable, satisfies all of the flexibility requirements you have ment...
3 days 10 minutes ago by Varun V Nair on What defaults should random password generators use?Keep up with ZDNet Asia
Linkedin 
RSS Feeds 
Newsletters 
Twitter Inside ZDNet Asia
Sponsored
The Desktop Virtualization Revolution is here!
Find our more with Citrix Simplicity is Power
2010 IT Salary & Skills Report
Find out the salary range of IT professionals. Join activeTechPros for free access to the report.
The Internet Show 2010, 21-22 Apr 2010, Singapore
FREE admission for visitors who pre-register online. Register Today!
