Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
Editor's Blog and Industry Comments

Managing end users as part of IT security threat reduction.

07 December, 2007
Lumension security has released a white paper entitled ÃâÅ"Why end users are your weakest link" which focuses on the four key elements of managing internal threat reduction.
With as many as 70% of IT security incidents being caused by end users and recent surveys from SafeBoot showing poor levels of user awareness and policy deployment in both the public and private sector, there's a clear need for improved end user management in terms of securing valuable corporate data.

Direct policy violations (whether intentional or not) account for around 25% of security breaches with the remainder either being as a result of no policy being in place or simple user error. Its clear then that the vast majority of these incidents are not caused by malicious intent and so most of the data that's leaking out of the organisation is doing so through ordinary employees who would no doubt be surprised that they're a security threat.

Lumension's white paper gives a few interesting examples of this and goes on to declare the four key steps needed to put controls in place to reduce the attrition of corporate assets. The first of these steps is for the company to accept the reality of the situation. The workforce is more mobile than ever before and technology has enabled this meaning that we can move data in and out of the company with childlike simplicity. The technology that enables this is also easy to lose. Flash memory falls out of pockets easily and lodges nicely behind taxi seats and laptops are left lying around all the time.

Controlling end points is a complicated business that needs a policy and indeed most larger organisation have one but the problem is that this policy is often inadequately enforced or communicated. Printing a booklet that nobody reads and getting employees to sign that they've read it isn't enough and, according to Lumension, requires more human factors or a more social approach to policy communication including training and round table meetings to raise the overall level of awareness.

Given that employees are always going to click on links, download data to take home at the weekend and bring in photos of the dog to put on their desktops, technology is also needed as a means of enforcing the policy such as auto-encryption, drive blocking or selective access rights.

The final step is to understand the effectiveness of the policy by having reporting tools in place to enable the organisation to know what is going on and not simply to have blind faith that the policy is working or that users are complying with it.

The Lumension white paper is available from their web site.
Bookmark and Share