Is your organization updating its IT Security

Volume 4 Issue 44

July 2005

There were 17% that were unsure if the attacks had lead to changes in IT management practices. However, 36% reported various types of changes have occurred in the way their organization managed IT. The following data shows some of the comments made about how IT management practices were impact by the terrorist attacks.

• Tighter intrusion procedures and greater checks on corporate travel
• We have tightened the firewall policies. We also look more closely at the firewall logs and reports.
• Security and Disaster Recovery is taken more seriously.  It's starting to get the attention it needs.
• Senior management has shown an increased interest in (and a willingness to spend money on) IT security.
• Strengthened BCP and CSIRT practices
• More concerns over security. All policies were reviewed and rewritten where necessary.
• IT security, physical, and personnel security measures have been strengthened and given greater emphasis.
• Renewed emphasis on BCP/DR with Executive mandate and direction.
• Greater impetus toward physical security
• We have an ISO 17799 project actively working with a pre-assessment.  We also participate in Security Roundtables facilitated by two local universities.
• DR sites are at least 100 miles away from main facility.
• Increased upper management awareness.
• It has given senior management a better view on security practices and it makes it easier to get a security project funded.
• More emphasis on Disaster Recovery and Business Continuity. Its Security training has been budgeted and approved by Sr. Management. User interest is high and training attendance is mandatory. Policies and procedures have been updated or revised and employees trained.
• DR became a priority.
• Increased security and awareness.
• Much more physical security on IS areas computer rooms, etc.
• Tightened security, decreased bureaucracy, better security training for all employees, lockdown of many systems to prevent any unauthorized software installation.
• Yes, the disaster recovery plan has been given a higher priority.
• More urgency in developing needed training and policies.
• Has ramped up security  awareness and preemptive measures substantially.
• Enforced the use of computers for work-related items only.
• More security in place and more monitoring of inappropriate data transfers.
• Corporate wide virus protection installed.
• Heightened security awareness and caused procedures to be tightened.
• Focused attention to review, enhance, and otherwise improve System Security Safeguards, Policies, Practices and Procedures. 
• Greater regard for security policies (both physical and logical for information systems).

This lack of change and much of the uncertainty may be because DHS was still organizing to address its mission.

Email this article to a friend

Email a friend a link to our web site

Have you seen a safety device you think our readers should know about?
Does your company make or sell a safety device you would like to see featured in this column?
If so, please e-mail the information about the device to Safety Issues.
The purpose of this column is to make your life safer with the use of the latest technology.
Neither Safety Issues nor its affiliated companies are responsible for any opinions expressed in this column.
Thank you for reading this column.

  © 2008 SafetyIssues.com, Inc. All Rights Reserved.