Internal Security: Rules and Risks
By Paul Sholtz
On February 4, 2001, antiglobalization activists
mailed a CD-ROM to
a Swiss newspaper that listed the names of 27,000
attendees of the 2001 World Economic Forum in Davos,
Switzerland. It also held 1400 credit card numbers, as
well as spreadsheets detailing travel schedules, hotel
accommodations, session payments, and Web passwords
for 3200 participants. Among those mentioned were Bill
Gates, former Yahoo CEO Tim Koogle, Madeleine
Albright, and Israeli foreign minister Shimon Peres.
In all, over 161MB of personally identifying
information was burned onto the CD-ROM--all of it
stolen from the Forum's Web site
and intranet.
While your company may not need to protect the
personal information of the most powerful people on
the planet, you should be no less concerned about
keeping sensitive information private. Your intranet
holds employee records, customer and partner data,
financial information, and proprietary engineering
documents; and it's your responsibility to protect it
all. Even having a basic security policy combined with
the right set of tools and technologies can
substantially reduce the risk of a serious security
incident occurring on your watch.
Risk Management for the Intranet
Intranet security involves an ongoing process of
assessing and managing the risks that face your
information systems. To be effective, your security
strategy should incorporate the needs of employees and
partners, and define the policy and technology you'll
use. While your intranet can never be completely
secure against all threats, there are several steps
you can take to substantially reduce the risks.
