Integrity begins within: Security pros lead by example
Computerworld - I recently learned that an acquaintance of mine did something dishonest in the name of information security, apparently in order to preserve or advance his own career. Stu (not his real name) acquired his former employer's complete disaster recovery plan in electronic form. At his new place of employment, Stu took that document and changed the headers and footers and some other details and then presented it as his own work.
Later, executives from Stu's current and former employers attended a business meeting. The purpose of the meeting, as I understand it, was a discussion on disaster recovery, kind of a "show me yours and I'll show you mine" exchange. (Stu's current and former employers are in the same industry.) The executives from the two companies were shocked when they discovered that their disaster recovery plans were virtually identical. The disaster recovery director at Stu's former employer recognized the other company's plan as his own.
Hearing this story reminded me of a critical fact: In business and information security -- and closely related disciplines such as business continuity and disaster recovery planning -- we lead by example.
In my columns, I usually speak to "you" in the second person. But on this topic, I will speak to "we" in the first-person plural. I want to make sure that you understand that what I'm saying applies not only to you, but also to me.
Do as we say, and as we do
In information security, we strive to improve the integrity, reliability and control of information systems, business processes and the people in the organization. Through policy and security awareness, we want the people we work with to act with good judgment and integrity.
Some of us are responsible for creating and enforcing security policies that apply to everyone in the organization. Whether we like it or not, we are role models. If, by our behavior, we are strict about conforming to security policy, then those who observe us are more likely to do the same. If, on the other hand, we act as though we're above the law, especially our own law, how can we expect others to be serious about conforming to it?
Truth in, truth out
Here's a simple and reliable definition:
Truth: factual representation of things that are; factual representation of events.
This has everything to do with information security. We expect applications to record, calculate, store and report events and information accurately. Truth in, truth out. We expect these events to be verifiable via audit logs so that the truth can be ascertained later if needed.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Gartner Report: A Guide to Gartner's Enterprise Mobile Security Self-Assessment Gartner introduces a model and a Toolkit intended to help mobility and security IT leaders assess their enterprise mobility programs from a security...
- Gartner Report: Containing Mobile Security Risks With the 80/20 Rule IT planners can deliver better mobile protection with higher user satisfaction by segmenting users into risk groups before committing to specific management or...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts