2.1 Terrorist attacks changed IT management practices

 < Day Day Up > 

In a survey of 100 name-brand organizations in the United States conducted for this book, 46 percent of the organizations reported that the terrorist attacks of September 2001 have not changed their IT management policies or practices at all. Another 17 percent was unsure if the attacks had led to changes in IT management practices. However, 36 percent reported that various types of changes have occurred in the way their organizations managed IT. Table 2.1 shows some of the comments made about how IT management practices were impacted by the terrorist attacks.

Table 2.1: How IT Management Practices Changed Because of Terrorist Attacks

Type of Change in Practices

Tighter intrusion procedures and greater checks on corporate travel.

We have tightened the firewall policies. We also look more closely at the firewall logs and reports.

Security and disaster recovery are taken more seriously. They are starting to get the attention they need.

Senior management has shown an increased interest in (and a willingness to spend money on) IT security.

Strengthened BCP and CSIRT practices.

More concerns over security. All policies were reviewed and rewritten where necessary.

IT security, physical, and personnel security measures have been strengthened and given greater emphasis.

Renewed emphasis on BCP/DR with executive mandate and direction.

Greater impetus toward physical security.

We have an ISO 17799 project actively working with a pre-assessment. We also participate in security roundtables facilitated by two local universities.

DR sites are at least 100 miles away from main facility.

Increased upper-management awareness.

It has given senior management a better view on security practices and it makes it easier to get a security project funded.

More emphasis on disaster recovery and business continuity. IS security training has been budgeted and approved by senior management. User interest is high and training attendance is mandatory. Policies and procedures have been updated or revised and employees trained.

DR became a priority.

Increased security and awareness.

Much more physical security on IS areas, computer rooms, etc.

Tightened security, decreased bureaucracy, better security training for all employees, lockdown of many systems to prevent any unauthorized software installation.

Yes, the disaster recovery plan has been given a higher priority.

More urgency in developing needed training and policies.

Has ramped up security awareness and preemptive measures substantially.

Enforced the use of computers for work-related items only.

More security in place and more monitoring of inappropriate data transfers. Corporate wide virus protection installed.

Heightened security awareness and caused procedures to be tightened.

Focused attention to review, enhance, and otherwise improve system security safeguards, policies, practices and procedures.

Greater regard for security policies (both physical and logical for information systems).

Survey respondents were also asked how the establishment of the DHS will change their IT management policies or practices. While 47 percent reported that the new department would not change any IT management practices, 39 percent did not know if the establishment of DHS would have any impact on IT management practices. Most of the remaining 14 percent commented that the presence of DHS would have a positive impact on their organizations' IT management practices. This lack of change and much of the uncertainty may be because DHS was still organizing to address its mission.

 < Day Day Up > 

Implementing Homeland Security for Enterprise IT
Implementing Homeland Security for Enterprise IT
ISBN: 1555583121
EAN: 2147483647
Year: 2003
Pages: 248

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net