Targets of Opportunity: Information Security: The Human Factor. (Video Review).TITLE: Targets of Opportunity: Information Security: The Human Factor PRODUCER: Commonwealth Films, Inc. LENGTH: 26 minutes PRICE: $695 from Commonwealth Films; $637 for ARMA members buying from ARMA MEDIA: Available in CD-ROM CD-ROM: see compact disc. CD-ROM in full compact disc read-only memory Type of computer storage medium that is read optically (e.g., by a laser). , VHS (Video Home System) A half-inch, analog videocassette recorder (VCR) format introduced by JVC in 1976 to compete with Sony's Betamax, introduced a year earlier. , PAL, Secam SOURCES: Commonwealth Films Inc. (617-262-5634; www.commonwealthfilms.com) In today's competitive business climate, every competent information manager knows that security of all the organization's information assets has become a critical responsibility. Targets of Opportunity is a vivid exposition of how easily a company's information resources (1) The data and information assets of an organization, department or unit. See data administration. (2) Another name for the Information Systems (IS) or Information Technology (IT) department. See IT. -- digital and hardcopy -- can be compromised. After learning that copies of a sensitive fax transmission have been sent to incorrect locations, and with some remaining unaccounted for An inclusive term (not a casualty status) applicable to personnel whose person or remains are not recovered or otherwise accounted for following hostile action. Commonly used when referring to personnel who are killed in action and whose bodies are not recovered. , the executive vice president of a large company orders a thorough investigation of all the company's information and computer security. Hired by the VP for Information Systems, John Scanlon, an information security consultant, roams -- virtually unchallenged -- through the facilities of Intertrack Corporation as he tests the company's information security environment. Scanlon teaches viewers a great deal about problem areas in information security. Several important issues come under the heading of general security precautions. These include * being aware of others around and their actions; not hesitating to question unescorted visitors; recognizing that those in business attire or a technical services uniform of some kind can seem to fit in, especially if they behave with confidence * not leaving data on portable media (e.g., floppies, zip discs Zip disc - Zip drive ) that can easily and quickly be picked up and pocketed * never leaving passwords or access numbers in plain sight or under telephones or desk blotters. Other information security areas addressed include * Internet use * access control * e-mail security * paper records (e.g., remote printers, faxes, files) Participation in the Internet's growing online list services has lulled many into a false sense of intimacy with their virtual communities. If proprietary information is posted to one of these groups, it is as good as published to anyone who wants to look for it. Along with everyone else, competitors, investigative reporters, regulators, and attorneys for adversaries can read what is posted, so remembering not to post sensitive or proprietary information is more critical than ever. Maintaining access control requires a variety of strategies. Not writing down passwords, for instance, and changing them often is good advice. Log off before leaving a workstation unattended. Review organizational policies on practices, such as storing passwords in electronic scripts and in sign-on processes. While this practice saves time, it also creates additional vulnerability. The ubiquity Ubiquity See also Omnipresence. Burma-Shave their signs seen as “verses of the wayside throughout America.” [Am. Commerce and Folklore: Misc. of e-mail and its steady use at work and home lull users into a dangerous complacency. Who has not "replied" to a list service when the message was intended for a single individual? Do frequently used distribution lists still contain the e-mail addresses See Internet address. e-mail address - electronic mail address of former employees or consultants? Is everyone following the company policy and procedures on encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. ? Like it or not, paper is alive and well in every office. To those engaged in industrial espionage industrial espionage Acquisition of trade secrets from business competitors. Industrial spying is a reaction to the efforts of many businesses to keep secret their designs, formulas, manufacturing processes, research, and future plans. , a purloined paper printout (PRINTer OUTput) Same as hard copy. -- even of an earlier draft of a document -- may be just as useful as the current file stored on a hard drive. Unattended fax machines and open wastebaskets filled with imperfect photocopies are excellent "targets" and as easy to retrieve as shooting fish in the proverbial pro·ver·bi·al adj. 1. Of the nature of a proverb. 2. Expressed in a proverb. 3. Widely referred to, as if the subject of a proverb; famous. barrel. Close control of all sensitive documents, then, is essential to effective information security. Particularly chilling is the ability of intruders to take various fragments of information and weave them together. As Scanlon suggests, "What seem like small, insignificant bits of information can now easily be pieced together and -- to a knowledgeable person -- can be extremely valuable." This is a fast-paced and relatively short presentation that will hold the attention of both senior and mid-level managers. It will make the case clearly that new information security strategies are warranted. No matter what else happens, they will go away with a newfound new·found adj. Recently discovered: a newfound pastime. Adj. 1. newfound - newly discovered; "his newfound aggressiveness"; "Hudson pointed his ship down the coast of the newfound sea" respect for -- and concern about -- the organization's information resources. Targets of Opportunity is an effective orientation and training tool. The actors and scripts are convincing; presentation values are good. There is a user/trainer guide to help flesh out the variety of security issues in the video. A "read me" file provides technical advice on running the CD-ROM version of the production; a VHS version is available as well. J. Michael Pemberton, Ph.D., CRM (Customer Relationship Management) An integrated information system that is used to plan, schedule and control the presales and postsales activities in an organization. , FAI is Executive Editor of The Information Management Journal. He may be reached at imainc@mindspring.com. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion