News
Making Security Work When Staffing is Tight
When you can't afford new hires, there are plenty of ways to give the people you have better security scruples. (Part One in a series: How to Manage Security in a Recession)
By Bill Brenner, Senior Editor
When a company must make do with a smaller security staff, increasing awareness among the larger workforce can be enough to make the difference, says Ernie Hayden, a principal at 443 Consulting and former CISO of the Port of Seattle.
"One of the best things an organization can do is take advantage of the entire workforce and make them all part of the security team," he says. Through training, education and continuous "rifle shot gorilla marketing techniques," a company can condition employees to be paranoid of e-mail attachments and URLs sent by strangers, or to be more cognizant of any trouble fellow employees may be up to.
Build a better team, be a better bossTo get the most out of existing personnel, it's important for the decision makers to keep would-be malcontents happy and show as much fairness as possible, says Joseph Guarino, CEO and senior consultant for Boston-based Evolutionary IT, which specializes in security tools and management.
The fields of psychology and management science have revealed the obvious, he says: less hierarchy and more employee empowerment makes for a happier workforce that in turn will be more willing to do what it takes to maintain security.
"Treating your employees like the most important asset you have makes it more likely that they will respond with outstanding results," he says. "The sting of the stick yields much less than the allure of the carrot."
Cut with care
A natural target for the budget cutters during a recession is the discretionary spending, whether it's for those free pastries in the office kitchen or the employee seminars, education and team building programs. When the money supply runs dry, it's understandable if the free snacks have to go away. But slice too deeply and employee morale will tank, says Richard Parry, head of global security for Novartis Institutes for BioMedical Research in Cambridge, Mass.
Low morale leads to higher employee turnover, and in a recession those who leave are often not replaced.
"While these items can be seen as the low-hanging fruit, focusing too heavily on these types of cuts can lead to loss of morale, which can have longer and more severe effects on the company," he says. "Not only do you have higher staff turnover in that environment, but you make the company less attractive to prospective employees."
To help keep morale high and turnover low, Parry tries to ensure that there are still opportunities for the professional development seminars, certification classes, and the like.
Recession
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
- IDC White Paper: CCM for IT Compliance and Risk Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
