The US Congress has designated October as a month to recognize the importance of computer and IT security, on Friday, Oct 7 (hopefully Congress will extend the month by an extra 7 days to give it a full month<g>). A non-profit group called the Cyber Security Industry Alliance has pushed this idea for the second year, and it seems like a good idea.
Security is one of those chores everyone acknowledges is critical - but it is difficult to spend a lot of time on because it doesn't make money, and doesn't get anybody ahead on their main tasks and schedules. Until something goes wrong, of course.
Among the challenges of building active alertness is a need for multiple messages. System shops and IT departments should maintain checklists of concerns and updates and procedures that assure the enterprise's capabilities are protected. But there's also a personal level of awareness required. Both levels impact the other.
While a lot of concern has been focused on hacking and computer break-ins, much of the threat - even to individual personal identity theft - comes from lax physical security to back-up tapes and other media, and to internal machines with less rigorous security. Watch out for pick-pockets as much as sophisticated online scam artists.
There doesn't seem to be anything specific happening - even in terms of announcement or simple awareness - here in Ohio. From a development perspective it might be smart to use the occasion as an excuse to draw attention Ohio's extensive investment and commitment to IT. May be something the Ohio's IT Alliance and its partners around the state could undertake - All good security plans have a strong local component.
Meanwhile, make sure your professionals are pursuing a rigorous program that protects corporate investment. At the personal level, check out sites - like Eight Cyber Security Tips and Microsoft's observance site - and the National Cyber Security Allince's Stay Safe Online.
Many colleges and universities, as well as corporations - also maintain "safe computing" sites for providing basic info, tools and answers to questions.
(-- originally posted by Rich Bowers, Coordinator, Ohio IT Clearinghouse)
