Home  |  Newsletter | Feedback | Advertise - Online  | Help
Google
Web dqindia.com
Search by issue  | Sitemap

• Visit pcquest.com to know all about the business benefits of IT infrastructure outsourcing • Ad : Play and Plug ERP by IBM

 
 RSS |  Follow Us on twitter
Home > Top Stories

The H-Word in E-Security
HR, and not firewalls or encryption, is often the weakest link in the enterprise security chain: the people within your organization. Train them well, and use effective HR security guidelines and policies, and they can become security’s strong foundation
Saturday, October 14, 2000

Remember the tale of Ramayana? Remember Vibhishana? This brother of the king of Lanka, Ravana, provided the vital clue that ultimately led to the death of the trilok vijayta. Not that Rama would not have managed to kill Ravana without Vibhishana’s help, but his job became easier once he knew where exactly to strike.

Compare this with today’s increasingly wired, fiercely competitive business environment. Despite security measures, companies are not only losing critical information but their systems are being paralyzed for hours and their Web sites—the face of the company in e-economy—are being defaced. While most of the organizations tend to blame hackers on the outside, today’s e-economy requires that an organization be equally wary of the internal human factor as well.

Says Y V Verma, vice-president, HR and MS, LG Electronics, "Companies usually commit the mistake of laying more stress on security from external attacks. Studies, however, have proved for years now, that organizations are more vulnerable to breaches by deliberate or negligent acts of employees or other trusted business partners and associates."

According to enterprise security experts, attack from outside does not pose the only threat to an organization’s information systems. Even if the company does not have an active link between its Internet server and the back-end system, its systems are still vulnerable. Surveys have revealed that over 80% of the threat to organization’s systems come from its own employees— current, former and those on contract. "So, while you may have minimal threat from terrorists, competitors and organized crime, the fact is you still have considerable exposure within your own people," he adds.

The anonymity threat

Akhilesh Tuteja, manager, information risk management services at KPMG feels that the sudden spurt of white collar crimes or security breaches is because of one unique feature of this networked world—anonymity. Not that employee of the yesteryears was more honest and reliable. They are equally reliable today. However the working environment of the old economy did not provide him with tools to peep in where he should not or the ability to spread mischief. "While no employee would dare to even glance what the boss carries in the brief case, given an opportunity one does like to," quips Tuteja. "The networked environment provides employees with the opportunity to do just that without actually having to fear about being reprimanded. The Internet has created a shield of anonymity today and this gives the errant employee a pseudo sense of security, making them bold enough to break norms," he adds.

Agrees Verma, "More and more workers, even in manufacturing units, are operating through personal workstation networked through the LAN and WAN. Even those on the move are increasingly being provided with facilities that could connect them directly to the organization’s network. Hence the attack can come from anywhere. The intruder can be sitting just next to you in the same cabin, and still one may not be aware of them."

Verma divides an organization’s valuable human resource into four types—happy and working; happy but leaving; disgruntled but working; disgruntled and leaving. While those in the happy category would be least dangerous, from the point of deliberate mischief, the disgruntled but working kinds would be the most dangerous. Hanif Sohrab, product manager-network security at HCL Comnet, on the other hand maps the threat on different matrix. According to him, all enterprise security threats can be classified in two categories, internal and external. And these threats may be either unstructured or structured. While unstructured threats are generally caused by those purely seeking kicks from their success or the plain peeping and ignorant employees, the structured threat as the name suggest is an attempt to deliberately harm organizations interest. And unlike the novice hackers in the unstructured category, intruders from the structured stable are usually more technology savvy or may also be experts in the art of digital espionage and infocrime.

Next Page :

HRD: Prime driver

Page(s)   1  2  

Print Comment Email DiggDigg DeliciousDel.icio.us RedittReddit TwitterTwitter



ZTE:Leading CDMA Technology

Extraordinary Networks:Freedom of Choice





Collective Intelligence @ Work

Analysts: Guiding Stars or Shepherds?

How's the 'pitch' looking?

What's your Everest?

 

 

 

 

 

 

Magazine Subscription | Sitemap | Contact Us | About Us | Advertising Print | Mediakit Print | jobs@cybermedia
Other CyberMedia web sites
  [Voice&Data]  [CIOL]  [PCQuest]  [Living Digital]  [IDC India]
  [CIOL Shop]  [DQ Channels]  [DQweek]  [CyberMedia Events]
  [Cybermedia Digital]  [CyberMedia India]   [Cyber Astro
  [Global Services Media ]  [BioSpectrum]  [BioSpectrum Asia]

Copyright © CyberMedia. All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.
Usage of this web site is subject to terms and conditions.