Talk to Me: Know Your Security Plan

Wednesday, February 16, 2011 @ 04:02 PM gHale

By Gregory Hale
Living and working in a vacuum can be a wonderful thing.

Just think, you don’t have to worry about anything or anybody else, because in your mind, everything is simple and easy. Nothing bad happens and life just keeps moving forward.

The problem is, this type of vacuum just doesn’t exist. Take the OPC Workshop entitled, “Business Value of Device to the Cloud Information Integration,” held at the tail end of the ARC Advisory Group Forum last week in Orlando, FL.

During a workshop presentation on security, the audience was asked if they knew if their company had any type of security plan. Of the 40 or so people in the crowd four or five sheepishly raised their hands. Then, when asked if those folks knew what was in their company’s security plan, only two raised their hands.

Two out of 40 people knew what their company’s security plan consisted of. At that point, one member of the audience said the people in attendance didn’t need to know what the company’s security plan needed to be.

Welcome to the vacuum. While the number of people that were unaware of what their company’s security program consisted of was shocking, the attitude that not everyone had to be aware of how to keep their company secure was devastating.

“That attitude is something we have to work on (in the industry),” Thomas Burke, president and executive director of the OPC Foundation and host of the workshop said a few days after the event. “People have to adjust the way they think to ensure a secure environment.”

That attitude falls in line with a survey conducted by Oracle. That company found IT people, including those close to security, appear to have little awareness of key security issues that have an impact on their organizations.

The survey, which polled 430 members of the Oracle Application Users Group (OAUG), included directors and managers of information technology, developers and programmers, database and systems administrators, systems architects and analysts and professionals from the HR and financial functions.

About 22% of respondents claimed to be extensively involved in security functions, 60% claimed a limited or supporting role, and the rest said they were not involved with security at all. About 100 respondents belonged to companies with more than 10,000 employees.

What the survey showed was a surprising lack of awareness of security issues among the respondents.

Let’s face it: Cyber attacks are not infrequent events. Researchers at the Ponemon Institute found in their research published on the benchmark sample of 45 organizations experienced 50 discernible and successful cyber attacks per week, combined. That translates to an average of more than one successful attack per company per week.

With the industry losing over $20 billion in cyber and safety incidents per year, it just seems manufacturers should, first come up with a security plan and consistently update it. Management should assure all employees are aware of what the plan says and are able to help protect the enterprise.

Yes, ownership of a security plan has to come from the top on down, but everyone in the organization needs to buy in. It is imperative. Security needs to be a part of a manufacturer’s culture as much as safety already is. There is room for both.

Life and work are wonderful things, but everybody’s eyes need to be wide open.

Talk to me:

One Response to “Talk to Me: Know Your Security Plan”

  1. […] This post was mentioned on Twitter by Rick Kaun, Joel Langill. Joel Langill said: Great post from Greg at ISSSource: Talk to Me: Know Your Security Plan – […]

Leave a Reply

You must be logged in to post a comment.