Get Back to Security Basics, Expert Says

With survey after survey finding that IT security professionals are working their way up the corporate ladder, one industry watcher is sounding an alarm. If senior management is asking security pros to focus on things like worm and virus outbreaks, potential data espionage and ongoing regulatory compliance, does that mean they’re losing sight of the security basics?

In an opinion piece on the Network Computing website, editor-in-chief Rob Preston reminds us that even though companies are faced with threat mitigation and compliance issues, they still “continue to lose, misplace and mishandle sensitive data.” According to Preston, our focus might be better if we just get back to what he calls “Security 101.”

“Expensive intrusion-prevention, global authentication and information-management systems have their place in the secure enterprise, but they won't keep your sensitive data from walking out the door,” he says. “Let's go back to Security 101: creating a formal policy on accessing, distributing, storing and transporting such data--who does what and how. Employees must be trained. And then drilled. If data protection is indeed a board-level priority, everyone in the organization must be made aware of that fact, with clear consequences for those who don't follow the rules.”

At the same time, Preston says enterprises need to be truly held accountable for failing to protect personal data. But he also warns against creating yet another national regulation like HIPAA or SOX to do so. “Here’s another thought,” Preston says. “Punish the handful of wrongdoers and bunglers, instead of tying up the masses with more red tape.”

To read the full article, click here: http://www.networkcomputing.com/showitem.jhtml?docid=1701colpreston