• Skip to primary navigation
  • Skip to main content
IBIT

IBIT

Engages with industry to develop digital knowledge and talent

  • Home
  • Knowledge
    • AI Analytics Automation Case Competition
    • AI Opportunity Index
    • National Information Systems Job Index
    • Digital Innovation Foundry
      • Digital Innovation Foundry Workshops
    • Quantifying Impact
    • Case studies
    • Projects and Research
    • The IBIT Report
  • Talent
    • Mentoring Program
    • Scholarships
    • Professional Training
    • Prior Talent Development Activities
      • Temple Analytics Challenge
      • National Cyber Analyst Challenge
  • Engagement
    • Advisory Board
    • Executive-in-Residence
    • Symposiums and Conferences
    • Information Technology Awards
    • Prior Engagement Activities
      • Small Business and Non-Profit Digital Transformation
      • Digital Leader Fireside Chats
  • Partners
  • About
    • Mission
    • Annual Report
    • Impact Analysis
    • News
    • Staff
    • Advisory Board
    • Contact Us and Directions
  • Show Search
Hide Search

Security: What is real and truly important in securing the enterprise?

April 03, 2003
7:30 to 10:00 AM
Fox/Gittis Foyer
Liacouras Center
Temple University Main Campus

After 9/11 security has become an important topic in industry and government. IT security already under pressure from the threat of viruses and hackers has become even more complex and important. There continue to be major misconceptions about what is feasible, practical, and important. A completely secure enterprise is not a realistic goal but how much is a company willing to spend to go from 80% security to 90%? The panel will provide insights on the relative role of IT security in the management of the enterprise.

Panelists

  • Raymond Blair, Vice President – Global Security Solutions, IBM
  • James Finn, Principal, eBusiness Security, Unisys
  • Douglas Hurd, Senior Product Manager, Network Associates International
  • R.K. Raghavan, eSecurity Practice Head, Tata Consultancy Services
  • Tommie Sonby, Vice President of Technology, Concord EFS, Inc

Moderator

  • Nicholas Economidis, Vice President, AIG eBusiness Risk Solutions

Summary

The key points highlighted by the panel include:

Quality vs. Quantity

Focus your IT-security resources appropriately. Many organizations focus an inordinate mount of resources on a limited number of “quality” attacks. Quality attacks typically required a great deal of sophistication, and as a result are infrequently seen in real life. Rather, organizations should focus on “quantity” attacks which require less user-knowledge on behalf of the attacker, but happen with much greater frequency. For example, “social engineering” involves relatively little knowledge of computer systems but rather involves convincing users to divulge User-ID’s, passwords and other information.

Security is a Management Function

As fast as companies employ new security measures, hackers and criminals invent new ways to cause damage. As a result, IT-security is not a something that can be purchased off the shelf. Rather, good IT-security is a management function. IT-security involves the same critical elements as any other management function. These include:

  • Analysis and Assessment: educate yourself as to what the risks are, what laws/regulations you may be subject to, where you may be vulnerable and what your security options are.
  • Implement appropriate risk controls: take reasonable actions to prevent and mitigate loss. Plan for recovery and business continuity should an incident occur.
  • Feedback: Review the results of your security efforts, note changes in the environment, and make changes as necessary. Security is a continuous effort.
  • Fundamentals: The Importance of Basic Blocking and Tackling.

Focus on the fundaments of good security. Some of the fundamentals highlighted by the panel included:

  • Data Backup
  • User Awareness Training
  • Policy & Controls (instructing users what is permissible)
  • Delegation of duties (assigning security as a responsibility);
  • Separation of duties (don’t rely on a single employee; have appropriate checks and balances).
  • Compliance: audit for compliance with policies and controls.
  • It’s Not What You Spend on Security, but How You Spend It!

There is no magic formula for how much to spend on security. The importance is to spend wisely and in an appropriate manner. Avoid spending money on “vanity” items that may sound good but provide few real benefits. Don’t rely on technology along for security. The following allocation for a security budget was provided as an example:

  • 15% Policy development and maintenance
  • 40% User awareness training
  • 10% Assessment
  • 20% Technology (software and hardware)
  • 15% Compliance

 

FOX_Formal_Red_White-300x125

Institute for Business and Information Technology

207 Speakman Hall
1810 N. 13th Street
Philadelphia, PA 19122

About
Staff
Advisory Board
Partners
News
Contact us and directions
LinkedinFlickr

Copyright © 2025 IBIT · Fox School of Business · Temple University · contact us at ibit@temple.edu