Know Your Enemy

 

Contrary to what most project managers may think, Internet security isn't the sole responsibility of the IT staff. Security isn't a just a technology problem: You can't simply throw inexpensive firewalls and anti-virus software at the problem and hope that everything will turn out for the better. Effective security requires a comprehensive, holistic policy that touches every single part of your organization and correctly addresses the challenges, opportunities and threats of the Internet economy.

Ineffective or non-existent security policies cost Fortune 1000 companies $45 billion (U.S.) in losses due to theft of proprietary information in 1999, according to the American Society for Industrial Security (ASIS) and PricewaterhoouseCoopers. A March 2001 survey by the Computer Security Institute (CSI) and the FBI found that 85 percent of U.S. corporations, government agencies and financial institutions experienced computer security attacks in the previous 12 months. In the same survey, 35 percent reported combined losses of more than $377 million as a result of these attacks. In the 2000 edition of the CSI/FBI survey, the losses from 249 respondents totaled $265.5 million and the average total loss between 1997 and 1999 was $120 million.

"Okay, I understand that security is important, but I'm only a project manager. Where do I fit into all this?" you say. As a project manager, …

Please log in or sign up below to read the rest of the article.