Decision support data and systems, including pricing and forecasting models, usually are very important and must be secured against inappropriate use and theft. What are potential sources of risk?
Recently, Michael Hickins had an article in eWeek.com (May 29, 2008) titled "10 Ways Your Employees Pose a Security Risk for Your Organization." When I got the email what caught my attention was the teaser line "From using unauthorized wireless devices to frolicking around in virtual worlds, workers can unwittingly unleash havoc on their company's IT infrastructure." I was and am unsure how frolicking around in a virtual world can unleash havoc for IT.
The 10 risks cited include: 1) USB Flash Drives, 2) Laptops, 3) P2P, 4) Web Mail, 5) Wi-Fi, 6) Smart Phones, 7) Collaboration Tools, 8) Social Networks, 9) Unauthorized Software Updates and 10) Virtual Worlds. Hickins has misidentified the risks.
Why? 1) Clearly flash drives are a problem for data theft but they have little impact on IT infrastructure. 2) Laptops again create data theft and model-driven DSS risks, but won't impact IT infrastructure. 3) Peer to peer (P2P) does create some load problems and risks for decision support. 4) Web mail is valuable even though data theft risks are real. Any external email capability can facilitate data theft. 5) Wi-Fi properly configured should present no threat. 6) Smart phones pose the same risk as laptops. 7) Collaboration tools have almost zero risk. 8) A social network can create professional connections. The risk to IT infrastructure is limited. 9) Yes, clearly any unauthorized IT software update activity is a major problem. 10) Virtual worlds can distract people from work, but virtual world can support decision making.
What do you think? What about risks like hacking and unauthorized use? Do physical risks pose an equal danger? Does IT infrastructure fail more from ineptness of IT staff or actions of disgruntled staff?
Hickins, M., "10 Ways Your Employees Pose a Security Risk for Your Organization," eWeek.com, May 29, 2008, URL: http://www.eweek.com/c/a/Security/10-Ways-Your-Employees-Pose-a-Security-Risk-for-Your-Organization/?kc=EWKNLEDP052908A .
Posted May 31, 2008 5:50 PM
Permalink | No Comments |