• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

IBIT

  • Home
  • Knowledge
    • Case studies
    • Digital Innovation Foundry
    • Projects and Research
    • The IBIT Report
    • National Information Systems Job Index
  • Talent
    • Mentoring Program
    • Scholarships
    • Temple Analytics Challenge
    • National Cyber Analyst Challenge
    • Professional Training
  • Engagement
    • Executive-in-Residence
    • Digital Leader Fireside Chats
    • Symposiums
    • Small Business and Non-Profit Digital Transformation
    • Information Technology Awards
    • Advisory Board
  • Sponsors
  • About
    • Annual Report 2020-2021
    • News
    • Staff
    • Advisory Board
    • Contact Us and Directions

Security: What is real and truly important in securing the enterprise?

April 03, 2003
7:30 to 10:00 AM
Fox/Gittis Foyer
Liacouras Center
Temple University Main Campus

After 9/11 security has become an important topic in industry and government. IT security already under pressure from the threat of viruses and hackers has become even more complex and important. There continue to be major misconceptions about what is feasible, practical, and important. A completely secure enterprise is not a realistic goal but how much is a company willing to spend to go from 80% security to 90%? The panel will provide insights on the relative role of IT security in the management of the enterprise.

Panelists

  • Raymond Blair, Vice President – Global Security Solutions, IBM
  • James Finn, Principal, eBusiness Security, Unisys
  • Douglas Hurd, Senior Product Manager, Network Associates International
  • R.K. Raghavan, eSecurity Practice Head, Tata Consultancy Services
  • Tommie Sonby, Vice President of Technology, Concord EFS, Inc

Moderator

  • Nicholas Economidis, Vice President, AIG eBusiness Risk Solutions

Summary

The key points highlighted by the panel include:

Quality vs. Quantity

Focus your IT-security resources appropriately. Many organizations focus an inordinate mount of resources on a limited number of “quality” attacks. Quality attacks typically required a great deal of sophistication, and as a result are infrequently seen in real life. Rather, organizations should focus on “quantity” attacks which require less user-knowledge on behalf of the attacker, but happen with much greater frequency. For example, “social engineering” involves relatively little knowledge of computer systems but rather involves convincing users to divulge User-ID’s, passwords and other information.

Security is a Management Function

As fast as companies employ new security measures, hackers and criminals invent new ways to cause damage. As a result, IT-security is not a something that can be purchased off the shelf. Rather, good IT-security is a management function. IT-security involves the same critical elements as any other management function. These include:

  • Analysis and Assessment: educate yourself as to what the risks are, what laws/regulations you may be subject to, where you may be vulnerable and what your security options are.
  • Implement appropriate risk controls: take reasonable actions to prevent and mitigate loss. Plan for recovery and business continuity should an incident occur.
  • Feedback: Review the results of your security efforts, note changes in the environment, and make changes as necessary. Security is a continuous effort.
  • Fundamentals: The Importance of Basic Blocking and Tackling.

Focus on the fundaments of good security. Some of the fundamentals highlighted by the panel included:

  • Data Backup
  • User Awareness Training
  • Policy & Controls (instructing users what is permissible)
  • Delegation of duties (assigning security as a responsibility);
  • Separation of duties (don’t rely on a single employee; have appropriate checks and balances).
  • Compliance: audit for compliance with policies and controls.
  • It’s Not What You Spend on Security, but How You Spend It!

There is no magic formula for how much to spend on security. The importance is to spend wisely and in an appropriate manner. Avoid spending money on “vanity” items that may sound good but provide few real benefits. Don’t rely on technology along for security. The following allocation for a security budget was provided as an example:

  • 15% Policy development and maintenance
  • 40% User awareness training
  • 10% Assessment
  • 20% Technology (software and hardware)
  • 15% Compliance

 

Share:

  • Email
  • Print
  • Tweet

Primary Sidebar

IBIT NEWS

Workshop will focus on the role of metaverses, AR, VR, and digital twins

Career Experience wins 2022 Digital Innovation Award

Jignesh Patel, SVP at AmerisourceBergen

Information Systems Job Index 2022

Vince Ford, SVP at Curtis Institute of Music

20th Annual IT awards

IBIT Scholarships 2022

The digital transformation of workforce development summit

Agora World and LogixCxt win 2021 Digital Innovation Awards

Sondra Barbour, Executive-in-Residence spends the day engaging with students

Digital Innovation Award

9th annual IT career fair attracts 23 employers

IBIT Annual Report 2020-2021

Digital Innovation Foundry Projects in 2021

Digital Fireside Chats kept big ideas flowing during social distancing

[Read More...]

Footer

Fox School of Business

Institute for Business and Information Technology

210 Speakman Hall
1810 N. 13th Street
Philadelphia, PA 19122

RSSLinkedinFlickr

ABOUT IBIT

  • About
  • Staff
  • Advisory Board
  • Sponsors
  • News
  • Contact us and directions

Search

RSS IBIT NEWS

  • Workshop will focus on the role of metaverses, AR, VR, and digital twins
  • Career Experience wins 2022 Digital Innovation Award
  • Jignesh Patel, SVP at AmerisourceBergen
  • Information Systems Job Index 2022
  • Vince Ford, SVP at Curtis Institute of Music
  • 20th Annual IT awards
  • IBIT Scholarships 2022
  • The digital transformation of workforce development summit
MORE NEWS...

Copyright © 2023 IBIT · Fox School of Business · Temple University · contact us at ibit@temple.edu

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.