Security & Risk

In 20-30 years time Generation Y will be running not only IT departments (in whatever form that takes) but they will also be running other business units, and in fact entire organisations. How we engage with them, train them, empower them, and become mentors to them; will sculpt their ability to make decisions. It is vital that the hard-earned knowledge of the last 50 years of IT is not lost from ...

Data leakage prevention (DLP) it is an information management tool, not a threat mitigation tool like anti-virus or intrusion prevention. The DLP market is still very immature, and the products are not integrated with other related technologies, such as: enterprise content management (ECM), enterprise rights management (ERM), and identity management systems. When the vendors who specialise in inf...

Privacy is now a public issue. Consequently, many of the recommendations for the Australian Privacy Act will likely be accepted because they reflect good practice, and are in harmony with international data privacy trends. However, these amendments to the Privacy Act will introduce added complexity and expense to the management of personal data. The danger right now is that organisations may...

At the start of the year a resurgence of interest in Identity Management was heralded as one of a series of IBRS technology predictions for 2007. Subsequent vendor activity1 has borne this out and more market activity is likely to follow. Despite growing vendor activity, we have observed that from an IT management perspective, other than with some banks2 and higher education insti...

Microsoft’s new BitLocker feature, available in select versions of Vista, offers easy access to ‘whole disk’ encryption, which benefits several areas including; identity management, data security, and asset management. While BitLocker is a workable and well-integrated security feature, it is not a complete solution to data protection requirements. Whole disk encryption products have limit...

Effective and responsible management of IT security should concern executives at the highest levels of management. Leading practice suggests, but does not mandate, separation of the IT security function from the IT management function. One of the ways that this can be achieved is with the appointment of a Chief Information Security Officer (CISO) with total accountability for all IT securit...

I have been involved in the provision of information technology solutions in the construction industry for twenty five years. In that time the industry has altered enormously and the model for delivery of information technology infrastructure has changed with it.

Last month I wrote advising IT practitioners to learn the language of risk management, particularly in the context of ANZ/NZS 4360:2004. The article also contained advice to ensure that IT has a place at the decision-making table when considering the implementation of corporate risk management software. An assumption was made in the article that in your organisation some corporate...

In business and government, the subject of risk continues to be a hot topic. It’s covered regularly by the commerce and technology-oriented sections of the media and is increasingly being discussed and actioned at Board and executive levels. Because of the corporate appetite for risk methodologies and tools, a burgeoning IT industry has developed providing risk management software.

IS organisations attack increasing client systems support costs by implementing a desktop "lockdown" or Standard Operating Environment (SOE). However, if they do not give enough attention to the process and planning that is required to lock down their desktops their project will fail because of political and cultural problems, and because lockdown may prevent users from doing their jobs ef...