Thursday, February 15, 2007

Taking care of business with the four Ps

Dawn Jutla of the Saint Mary's Sobey School of Business has a piece in today's Chronicle Herald on information protection that's worth a read:

The ChronicleHerald.ca

Minding your Ps can protect your customers

By DAWN JUTLA / Taking Care of Business

IN 2006, the FBI reported that unauthorized data access — similar to the problem faced by WINNERS’ parent company T.J. Max — became the second-most-costly loss in organizations due to computer crime after viruses. As the costs of unauthorized access are on the rise, suppliers will increasingly be asked to provide copies of their security and privacy policies and processes as part of contract agreements.

Security and privacy documents are key communication vehicles for helping employees understand and comply with recommended security and privacy guidelines, as well as learn good security and privacy behaviours. Recent high-profile examples of where policies were not well-formulated, communicated or complied with include AOL’s firing of its chief technology officer after users’ search results were published on the web, and Boeing’s disclosure that the personal information of hundreds of thousands of current and former employees was compromised when an unencrypted laptop was stolen from an employee’s car.

To control unauthorized access from insiders and outsiders, good security policies, at a minimum, address the management of four Ps: Policy guidelines for employees, Patches and updates, Protective software and devices, and Physical security. Security managers, chief information officers and consultants help company executives understand the costs and benefits of the 4Ps. ...

Policy guidelines for employees: ...

Patches and updates: ...

Protective software and devices: ...

Physical security: ....

Dawn Jutla is an associate professor in the department of finance, information systems and management science. Taking Care of Business is a monthly column created by the Sobey School of Business.

No comments: