fellow, Cutter Consortium

The interconnectedness of our increasingly electronic economy poses business and security risks that together mandate new consciousness for responsible computing, asserts the Cutter Consortium Business Technology Council.

In the latest Cutter Consortium Business Technology Trends and Impacts Opinion, Cutter Consortium Fellows Lynne Ellyn, Ken Orr, Tim Lister, Peter O’Farrell, and Senior Consultant William Zucker discuss strategies for more responsible computing.

According to the Council, today’s hyperconnected world, cyberterror threats, fears of fostering a hostile work environment, and the growing presence of children in the cyberworld are defining “responsible computing.” Companies must understand that the corporate perimeter dissolved with the very first Internet connection. Lynne Ellyn>TextAccording to Lynne Ellyn, the lead author of the Opinion, “Companies must understand that the corporate perimeter dissolved with the very first Internet connection. Every business-to-business supply chain connection, every Internet storefront, every reverse auction that a company puts into operation opens the corporation’s virtual doors. Once connected to the World Wide Web or the Internet, a company actively occupies a virtual space that is peopled with competitors, terrorists, children, environmentalists, lawyers — every segment of society — or, actually, every segment of nearly every society on earth.

“Responsible computing strategies account for intended and unintended interactions with such communities. Responsible computing anticipates the potential for corporate computing assets to inflict harm on other companies or individuals. Responsible computing strategies create the framework for security policies and the definition of security architecture and set forth the corporate intention of a responsible computing culture.”

The Cutter Consortium Trends Council suggests some actions to consider as part of a responsible computing strategy:

Establish strong identity management for access to the network. The best identity management includes three things: (1) something you know(passwords); (2) something you have (smart cards); and (3) something you are (biometrics). At a minimum, you should require at least two of these things.

Password management and administration must be strictly controlled. Outsource this to a foreign country or an outside entity, at your peril.

Manage security patching aggressively.

Strive for a process that allows all desktops to be patched in two days or less.

Divide your network into subnets with firewalls in between.

Carefully control traffic through the firewalls.

Don’t rely on firewalls as the primary protection. They are necessary but insufficient as a means of protecting your company.

Manage all outbound traffic as aggressively as you manage all inbound traffic.

Conduct regular network vulnerability assessments with appropriate security companies.

Eliminate modems.

Secure all wireless networks.

Deploy intrusion protection devices and methods.

Deploy thin-client devices wherever possible; they aren’t vulnerable to infections.

Carefully manage all interfaces between your company and others. Protect yourself and your partners. Every contract should specify mutual security practices. Allow no connections to companies with sloppy security practices.

Inspect the software development practices of software vendors to determine their methods to control the insertion of back doors in their products.

Require the disclosure of all known back doors.

Develop a comprehensive, responsible computing policy and communicate this policy to every employee. Develop methods to enforce the policy.

Regularly review security scenarios and establish an emergency response plan.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now