CIO Interact 2004

By Dr. Myron L. Cramer

This presentation was given to the CIO Interact 2004 Risk Management Round Table
Blair County Convention Center, Altoona, Pennsylvania

March 28 - 29, 2004/p>

Discussion Topic

How do you strike the balance between the drive, drive, drive to get things done in IT Departments, with the need to safeguard systems and applications?


The concern expressed in this discussion topic rests upon the false premise that security impedes IT functions.

Examples where people encounter security are in areas such as the following:

  • User: Accounts, passwords, and privileges
  • Workstations: standardized baselines, operating systems, core applications
  • Network: Hook-ups, LAN's, WAN's
  • Servers: Hosts, corporate services
  • Firewalls: filters, proxies, remote access
  • Security adds no value to the IT business proposition
  • Security is separate from IT capabilities
  • Protecting services does not add value

Today's Environment

When we examine today's IT and threat environment, we find the following:

  • Viruses & Worms: Mass mailing, Trojans, Distributed Denial of Service, Data Base Injections
  • Patches: Windows Critical Updates
  • Internet Fraud: Scams, Impersonation
  • Information Theft
  • SPAM
  • >Network CongestionSystem Outages


How much can IT really get done without security to protect against these issues?