IT security, like Mom and apple pie, is something everyone’s in
favor of.  That’s why it’s interesting to see what an authoritative
publication like CIO magazine finds out when it does a
survey of
the global state of the art (in this case, involving over 8,000
respondents in 62 countries across six continents).  The survey
also yielded six "secrets" (yes, journalists will be journalists)
of effective IT security:

  • spend more; you do get what you pay for;
  • separate information security from IT, and in fact merge information
    security with physical security;
  • conduct penetration tests; better you should discover your
    vulnerabilities than a Sasser worm code jockey;
  • perform a comprehensive risk assessment; this is jargon for
    the common-sensical approach of fixing the big, dangerous vulnerabilities
    first and saving the trivial, harmless ones for last;
  • define your overall security architecture; this is jargon for
    making sure that all your "local" solutions can work and play
    well with others; and lastly
  • establish a regular (they suggest quarterly) review.

Counterintuitively, the study also found that companies with a
higher degree of confidence in their security measures were
in fact
more secure:  Of the "best practices" group,
nearly 80% of CEO’s were "very confident" about security, while
in the rest of world only 30% were.  Why do I label this counterintuitive?  Because
in many contexts the best defense stems from a healthy paranoia.

But the numbers speak for themselves.  Even though many of
the "best practices" firms were targeted more often in 2004 than
in 2003, they suffered less down-time and lower financial losses.  So
maybe they do have reason to be confident.

 

Related Articles

Email Delivery

Get Our Latest Articles Delivered to your inbox +
X

Sign-up for the Insider’s Email

Be the first to learn of Adam Smith, Esq. invitation-only events, surveys, and reports.





Get Our Latest Articles Delivered to Your Inbox

Like having coffee with Adam Smith, Esq. in the morning (coffee not included).

Oops, we need this information
Oops, we need this information
Oops, we need this information

Thanks and a hearty virtual handshake from the team at Adam Smith, Esq.; we’re glad you opted to hear from us.

What you can expect from us:

  • an email whenever we publish a new article;
  • respect and affection for our loyal readers. This means we’ll exercise the strictest discretion with your contact info; we will never release it outside our firm under any circumstances, not for love and not for money. And we ourselves will email you about a new article and only about a new article.

Welcome onboard! If you like what you read, tell your friends, and if you don’t, tell us.

PS: You know where to find us so we invite you to make this a two-way conversation; if you have an idea or suggestion for something you’d like us to discuss, drop it in our inbox. No promises that we’ll write about it, but we will faithfully promise to read your thoughts carefully.