Professional Documents
Culture Documents
0607 Lec 21 Enterprise Security
0607 Lec 21 Enterprise Security
Enterprise Security
Enterprise security
Putting Security on the Strategy Agenda
John Hartwright
Introduction
j What is your idea of security?
Traditional view
Its all about access control
Introduction
j What is your idea of security?
New technology view Its the job of the IT People
Computer security
j Often summed up by the acronym CIA Confidentiality Integrity Availability j Balance needed between all three
aspects
Technical fixes
j Anti virus software j Encryption j Passwords and biometrics j Firewalls
Human fixes
j Hard to define what you are securing j Changes in location of data j Changes in nature of viruses and
Physical security
j Alarm systems j CCTV j Security tagging j Panic alarms/screens j Guards
Crucial
Trivial
Disaster planning
j What will we do if we cant use the
Employee security
j IT may check for viruses on email but who checks the post for anthrax? who knows what to do when they take a phone call and its a bomb threat? who checks that the windows are designed to cope with a car bomb? who knows if the Chairmans chauffeur understands how to avoid a hijack?
Forgotten dimensions
j Public relations
j Stress
what support is available to staff?
Structured security
j The security department is the
protector or guardian of the companys property, product or merchandise, assets, equipment, reputation and employees (Sennewald, 1998) j May also need to consider nonemployees such as visitors and customers
Bringing it together
j Increasing recognition that
Key issues
j Mail handling j Travel j Employee protection j Risk assessment j Infrastructure protection j Office and plant protection j Employee morale
Final thought
j There is no end to the imagination of
the terrorist so we should not be surprised when what they do surprises us. Yonah Alexander, Potomac Institute for Policy Studies
Enterprise security
Putting Security on the Strategy Agenda
John Hartwright