The Other Top Issues Facing Computer Security

Thursday, October 27, 2011

Dan Dieterle

B64e021126c832bb29ec9fa988155eaf

 

We have all been preached to incessantly about the top security issues. Make sure your systems are up to date with patches, your AV is updated, use long passwords, and on and on…

But what are some other top issues facing the IT security world that may not be as obvious?

A few are:

  • The Economy
  • Company Cutbacks
  • Staffing Issues

These three directly affect computer security. Let me explain why:

For several years now, companies – large and small, have been cutting back on staff. The changes are necessary, to keep competitive and to keep profit levels acceptable to those running the company. With the current recession though, these cutbacks have escalated to a deeper level.

Computer personal with numerous years of service with companies are no longer seen as an asset, but expensive overhead. Companies are downsizing and consolidating IT departments, so fewer people are required to support larger client bases.

Inexperienced people, sometimes just out of college are being used to replace veteran workers. And in some cases, temp agencies are being used to fill positions with workers of unverified backgrounds or even questionable foreign sources.

I was recently told by an IT director of a top US university that the current acceptable rate of IT support is 1 person per 300 users. He was very concerned about this.

What happens when several critical system go down in separate departments at the same time? What is that going to do to the stress levels of the support person? Will he be able to keep up on maintenance and security checks along with supporting the client base? Or will he be relegated to fighting fires and juggling priority downed systems?

Veteran computer personal are being removed from companies – “due to cutbacks”, only to be replaced shortly thereafter by inexperienced or even temporary workers. Modern networks are a confusing compilation of mixed operating systems, a multitude of connectivity devices and in some cases, a multi-lingual/multi-national support base.

How quickly and efficiently can inexperienced support personal gain the level needed to properly support this technical environment? How dedicated will a temporary employee be when he knows that he will just be out the door in a few months anyways?

Was the temporary worker fully checked out by the hiring agency (especially for a secure environment and one could have foreign interests), or were they pushed through because they had a position that needed to be filled by the hiring company?

Unfortunately, there seems to be a disconnect between upper management and IT. Sometimes upper management doesn’t fully understand what the IT department is doing. When I was an executive at an engineering company a portion of my time was spent as a translator between the CEO and the Director of IT.

Cross-posted from Cyber Arms

Possibly Related Articles:
13351
Enterprise Security
Information Security
Enterprise Security Management Budgets Employment Information Technology Employees
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.