 |
 |
|
| Advertise Here! |
|
Friday, July 30, 2010 | |
 |
|
Contact Us Advertising Site Map | |
|
|
|
 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
|
 |
Mail
this page to a friend |
|
|
 |
Add this page to your favorites |
|
|
 |
Make
this page your home page |
|
|
Sounding Board Archive Search
|
Sounding Board September 2003 Vol 43 # 4 |
Guest Column: Internet security: Is it an oxymoron?
Before attempting to answer that question, a little history may be useful. During the first wave of Internet use, organizations built web sites that were effectively online versions of their corporate brochures. Many organizations are still at this stage. Depending on the industry, many will never feel the need to add significant content to their sites nor to use the web to provide any form of two-way communication with their customers. These "brochure-ware" sites have the advantage of being relatively secure.
More sophisticated businesses decided to use their web sites to enable potential customers to contact them and to buy from them. The most successful sites were those with experience of direct sales to customers via mail order or telephone and, therefore, had robust distribution processes. These companies saw the Internet as simply another sales channel.
The crash of the dot-coms convinced some organizations that they could safely ignore the Internet in their business models. However, that is very short sighted. The Internet offers smart companies significant opportunities to reduce cycle times and cut costs by extending previously internal processes to suppliers and customers. For example, companies such as FedEx save millions by allowing customers to track their shipments online, thereby reducing phone calls to their customer service lines. Smaller companies also use the Internet to improve communication with customers and trading partners, search for new markets and reduce transaction costs.
Many people believe that Internet security is about keeping "them" out, and certainly it is important to keep your internal network secure. But a "fortress" approach is not realistic. Most computer crimes are committed by insiders, resulting in much higher losses than those from outside. More importantly, forward-thinking businesses must plan how to securely open their systems to suppliers, partners and customers via the Internet. This shift in focus requires consideration of the risks involved, like all business decisions.
Consider a parallel with your own personal security. Most people lock car doors and homes — some use alarm systems in both. But few people invest in electrified fencing or barbed wire to protect their property. At some point, we balance the risks of crime against the costs of security and determine our personal level of risk tolerance.
Similarly, your business security issues must be addressed based on an assessment of the risks, not security at any cost. When considering threats and controls, it is important to consider people, business policies, processes and physical environment, not just information technology. Since new threats do emerge and controls may be weakened by changes to procedures, security needs to be considered as a continuing process, not a one-time effort. Finally, security cannot be imposed top-down. To ensure that controls are continually effective, your key individuals must be fully committed. This requires their active participation in developing security policies and procedures.
Internet security is not an oxymoron, but a simplistic or poorly planned approach to security may be very costly without providing much value to your business.
Susan Johnson is a partner at the Applied Privacy and Security Management Group. She can be reached at Susan@APS-Group.com.
Copyright 1999-2009 The Vancouver Board of Trade. All Rights Reserved
Site Credits Privacy Policy
