Keep Your Job in the Changing Face of IT Security The risky business of regulations, security breaches and politics by Meryl K. Evans, Editor, The Remediator Security Digest With the growing trends of more complex and restrictive government regulations and laws, businesses are turning more toward legal counsel to provide information security guidance in addition to the technology experts. The modern CIO/CSO has to have his or her feet planted firmly in the law as much as or more so than in the technology that is used to provide control over and security of critical information assets.

Editorial Corner

Keep your job and your CEO/CIO out of jail The complexity of the rules and regulations organizations must comply with require IT security executives to think like lawyers. More companies aren't in compliance than you think. What would happen if your organization gets caught? This issue's feature article provides the inside story on how compliance, audits and contracts can affect everyone's job. On the security front, you may receive an email that says, "I'm typing this from John Doe's computer. He didn't lock it down when he walked away." Embarrassing for John Doe, isn't it? To make sure this rarely happens in your organization on your watch, read the advice from readers. "Do as I say, not as I do" isn't something you want to hear from an IT security employee or manager. A reader asks how to deal with IT staff members who don't follow security policies. Do you leave them alone or solve the problem another way? Thanks for your feedback, questions and suggestions. Some readers have asked about topics we covered in earlier issues. You are welcome to check out the newsletter archives. And as a thank you for filling out the feedback form, we'll enter your name into a drawing for a TomTom GO 910 Portable Navigation System. Best, Meryl K. Evans Editor, The Remediator Security Digest To unsubscribe instantly or change your preferences, see links at the bottom

Shavlik NetChk Protect Shavlik NetChk Protect provides integrated patch management and application control. The solution offers a simpler more automated approach to enterprise vulnerability management, while at the same time addressing the needs of the larger enterprise with features such as support for highly distributed environments, flexible deployment options, rich reporting capability, and up to the minute assessment data.  for more information.

Last Issue's Security Dilemma: How do I deal with "Just a quick trip away from the desk" users? Sometimes, our users create undue risk. For example, leaving their login session open while going to the printer to grab a printout, they get distracted and end up away from their desk talking with a coworker for half an hour. In a situation like this, it's too easy for another person to sneak onto their computers and do something inappropriate. While many people within the organization regularly lock their stations, some forget. I'm concerned about the risk this poses to the network. Should I make changes to the network so it automatically logs off users after five minutes of inactivity, or just issue another reminder about the importance of security? — Barbara, Manager Read the best advice from readers of The Remediator Digest   This Issue's Security Dilemma: What if the top dog ignores written security polices? The top-level administrator in our organization is the worst offender of ignoring written policies and best practices. He is defensive when I ask him to comply. I imagine this is an issue for many IT departments. Should I talk to the CSO, who controls the security policy, keep reminding him of our policies or take other steps to ensure he complies? — Policy Keeper Can You Help? Share your experience. You could win a 256 MB MP3 Player.

Know how to get what you need:

Take charge of your career:

For a well-deserved breather: