Monday, 7 January 2008

Two good articles on security: user behaviour and balancing risk

Happy New Year! This seems a good opportunity to mention two good articles I read last year, but didn’t blog on at the time.

Firstly, Network World ran an article by Michael Osterman in June based on a survey of user behaviour. It’s short and to the point, but contains useful gems like the fact that 71% of users check work-related email from home on their own computer. Certainly confirms for me that we’re on the right lines to put our ILP protection on the email server, not on the desktop – if you’ve got server-based protection, you’re covered regardless of which PC is used.

Then this article in APC magazine contains some interesting views from Microsoft on why the security threat is often “overblown”, and how you need to balance the cost of a security measure against the perceived risk and the cost of any security problems that may arise. It’s common sense really, but worth remembering, and I’d add the point that you need to think about how long a solution may take before it’s up and running effectively; sometimes the simple and fast solutions are the best.

No comments: