The Security Action Plan

Here's a to-do list that ranges from managing patches to securing wireless LANs.

My colleague Frank Hayes says that "security is the new Y2k" . And he's right: IT security is in a state of crisis on both the vendor and user sides and needs a full-scale remediation effort. But security doesn't have the immovable deadline that was so good at focusing everyone's attention on the Y2k problem and breaking through the usual logjams. Lacking a natural deadline, maybe the pressure for remediation will come from security audits by the federal government, as predicted by futurist Thornton May.

Short of federal audits, the pressure will have to come from corporate CEOs. Unfortunately, like Y2k, security doesn't have a clear-cut ROI. So, how are we going to get the CEO's financial support for major investments in IT security and disaster recovery? I suggest asking your CEO three simple questions:

  • How will the board react if Russian hackers steal $10 million from our accounts? (It happened to Citibank in 1994.)
  • How will we stay in business if employees can't get into the headquarters building because it's been cordoned off due to an anthrax scare?
  • How will it look on Wall Street if we're hit with a "security malpractice" lawsuit because we failed to close security holes that were widely known?

For starters, let's do the easy stuff. GartnerG2 predicts that 90% of cyberattacks will exploit known security flaws for which a patch is available or a solution known. That's why one of the tasks on the to-do list in this special report is patch management. We also suggest assembling a SWAT team to handle security incidents and distributing IT resources for better disaster recovery.

We can help set the agenda and provide implementation tips, but you'll have to get the CEO to open his checkbook yourself.

Mitch Betts (mitch_betts@computerworld.com) is director of Computerworld's Knowledge Centers.

Special Report

The Security Action Plan

Stories in this report:

Related:

Copyright © 2002 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon