Although security is often fundamental to success, it often remains an afterthought. Companies looking to increase their business opportunities via the Web typically look first at applications and then consider infrastructure issues. "We see many cases where ERP or sales-force automation implementations fail when infrastructure and security come into the picture after the fact," Kelly says.
Security products that used to be viewed as risk-management tools are now being considered an "enabling mechanism" that is necessary for new business ventures.
The Boston Globe, for example, takes security more seriously now that its advertisers can place advertisements online and pay for them with a credit card. "It has expanded our view of security," says Dave Pearson, director of IT infrastructure. "I view it more as enabling than risk management, though it has to do both."
Another key element of an enlightened approach to security is a companywide campaign to promote user awareness. But that campaign "can't just be an annual brochure," says Jim Patterson, VP of security and telecommunications at OppenheimerFunds Inc., a mutual fund company in New York. For example, Oppenheimer occasionally has a life-sized cardboard figure named "Mr. Security" around its Denver campus. The character is dressed as a baseball umpire and holds a stack of index cards with information security tips for Oppenheimer's 1,800 employees.
-------- www.e-shops-list.com ----- Convenience you can never imagine ---- online store list -----
Another change is the people directly involved in making security-related decisions. While security remains an IT function, some of that responsibility is gravitating toward the business side as the Internet burrows into various parts of the company, such as the purchasing and marketing departments.
"We are doing more transfer of ownership of applications and security from IT to business owners," McKesson's Villani says. For example, Villani handles security policy; but the the company's VP of customer operations is responsible for applying it to the extranet.
On average, survey respondents rate information security a 7.4 on a 1-to-10 scale, with 10 being the highest priority. Respondents say the most important security techniques are blocking unauthorized access, establishing network security, securing top management commitment, and gaining end-user awareness. On average, most companies rate themselves a 6.9 on a 1-to-10 scale, with 10 being extremely successful, an evaluation that suggests most respondents see room for improvement.
The survey strongly suggests, however, that even if companies do well establishing these best practices, they must seek ways to do even more with their existing resources. Managing risk is now a top priority.
-------- www.e-shops-list.com ----- Access kinds of online store star here -----e shops list ----
没有评论:
发表评论