October 22, 2004 (Computerworld) --
A lack of information sharing and cooperation between IT security, physical security and risk management functions is hindering efforts to upgrade corporate security, according to a report released this week by The Conference Board Inc. The separate silos in which many businesses put those functions can create a corporate culture that encourages the hoarding of vital security information, said the report, which was based on interviews with more than 200 senior executives at major companies. Businesses need to bridge the gap and develop a "common frame of reference," said Tom Cavanagh, a security expert at The Conference Board, a New York-based research organization. "What you need to have is a way for everybody to be on the same page and speaking the same language" when it comes to implementing companywide security policies, he said. Cavanagh's advice echoed comments made at last month's ASIS International 2004 conference in Dallas, where corporate managers and analysts cited a growing need to unify the management of IT and physical security (see story). That viewpoint is "absolutely right," said Dennis Treece, director of corporate security at the Massachusetts Port Authority (Massport) in Boston. "Until the various factions stop bickering over turf, we're going to find any holistic security improvements terribly difficult" to achieve, he said. Treece, who oversees both physical and IT security at Massport, said that the separate security-related functions within companies "all have different points of view, different cultures, different career paths, different educations and even different vocabularies." Physical security practitioners who typically deal with human intelligence issues and technologies such as intruder alarm systems often have little in common with IT security professionals, said Eddie Schwartz, chief technology officer at Securevision LLC, a consultancy in Fairfax, Va.
Similarly, risk management executives tend to come from financial backgrounds and often have little technology savvy, said Schwartz, a former chief information security officer at Nationwide Insurance Co. in Columbus, Ohio. The resulting communications breakdowns often lead to gaps in security, said Lew Wagner, CISO at Clarian Health Partners Inc. in Indianapolis. "The secret to any long-lasting and effective security practice is to have IT security dovetail with physical security, risk management and human resources" functions, he said. Wagner added that long-established corporate hierarchies and territorial boundaries make this integration hard to achieve. "Each of these groups have already carved out their niches and protected areas and are resistant to change and have to be shown that this [integration] is a way to enhance what they are doing," Wagner said. Demonstrating the value of information integration to all stakeholders in corporate security can be a challenge, Schwartz said. "But one of the mistakes that people
"Welcome to a special IT Blogwatch EXTRA: as Richi Jennings watches bloggers' reactions to the Russian hackers who claim to..."
Read more...
"As if taxpayers needed another reason to scorn the IRS. I read yesterday that the inspector general review of several..."
Read more... Read more Security posts or See all Blogs
One positive development stemming from the collapse of Wall Street may be a boost in interest in computer science and IT careers among students who were previously interested in financial services jobs.
From Laggard to Leader: Transforming the Data Center
From Laggard to Leader: Transforming the Data Center Register for this complimentary webcast today! Go to the webcast
Computerworld Executive Bulletin: Building a Robust Antivirus Defense
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing
Quick Sizing Guide for SAS Grid Running on HP BladeSystems and EVA Storage
Download this white paper today! (Source: HP) Designed for CIOs, IT managers, data center managers and grid computing architects seeking to improve performance, SAS Grid Computing on the HP BladeSystem c-Class helps accelerate growth and mitigate risks with a simplified, consolidated infrastructure that's agile enough to efficiently handle change. SAS Grid Manager on HP BladeSystem can lower costs through automation, virtualization and improved IT efficiency. Download this white paper
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Securing your network begins at the gateway, also called the perimeter, to keep unauthorized users, viruses and malicious code from entering your systems. Deploying multilayer technologies is your first line of defense. With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. One of the key facets of a successful security strategy is protecting the servers that run critical applications and house so much of your essential data. Having the right policies, procedures and server configurations is critical.
Fired up about IT?Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day.
Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage.
Preston Gralla: Apple plays the bully again
Apple is once again unleashing its attack dog lawyers. This time against a college for using an apple in its logo. ... [more]
See your link here
Subscribe to
Computerworld 
or
Other Security Stories
From Laggard to Leader: Transforming the Data Center
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. 
Download this white paper today!
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
The Security Zone
Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day.
Preston Gralla: Apple plays the bully again
Apple is once again unleashing its attack dog lawyers. This time against a college for using an apple in its logo. ... [more]
