Disaster-Resource.com

Take a Common-Sense Approach to Computer Security, Expert Says

Call it a pragmatic approach to computer security: Motorola’s corporate vice president of information security Bill Boni says his security policies address what must be addressed, while not trying to be over-controlling and injecting too much friction into the company.

In a new Q&A with John McCormick on the Baseline website, Boni, who is responsible for the company’s global network and computer systems, shares his thoughts on today’s state of computer security, as well as ways his company makes it easier to enforce the rules of security.

McCormick asked Boni about his top concerns these days. Boni said he’s most concerned about the criminalization of hacking in the past few years. “I.T. and management have had in the 20th century the hackers-as-hobbyists and hackers-as-hooligans kinds of experience,” Boni told him. “Where hackers were either just experimenting around to see what could be done or they were basically saying, ‘Well, look how smart I am, I can break a lot of things and be highly visible.’”

Boni also voices concern over companies that have security policies that are too complicated. He admits Motorola used to have a policy and framework that was more than 300 pages, which was tough to get staff to read and commit to memory. Boni and his team shortened it down to 20 pages.

“And there is still some concern about that,” Boni told McCormick. “I pulled out a copy of the Illinois driver’s license training handbook, and there’s 120 pages on how to drive an automobile. I said, ‘OK, if we can get a 15-year-old to read 120 pages because it’s the most important thing for him to get that license, I think we can get our people to understand their personal responsibilities of these 20 pages.’” Boni says in his experience, 90 percent of people in an organization will do what’s expected 90 percent of the time if they just understand the rules.

“It’s a very pragmatic effort to address what must be addressed, and to take a step back from trying to be over-controlling and injecting too much friction into an engineering culture,” Boni added. “Motorola has a lot of talent. If you become too rigorous, the engineers will either route around you or they’ll opt out. You have to accept the responsibility to educate and inform the population of both management and employees about the changes in the environment, the changes in risk.”

To read the full article, click here: Link