Bart Perkins was a guest speaker for our CECS 566 class and he talked about Privacy and Security in the Corporation. He started the discussion by first telling some background history about hacking. He told us that the first hack was done in 1982 and was done through the phone lines. A very good article that has some history about hacking is here:
http://www.symantec.com/enterprise/security_response/weblog/2007/07/the_80s_scene.html
This article discusses some of the earlier hacking groups such as the 414, worms, and viruses.
But, after giving a brief history about hacking he began to talk about costs. Everything cost money in the world, but he specifically talked about how much IT costs in the business world. Direct cost and indirect costs affect businesses in different ways. Much of how secure information needs to be depends on the nature of the information. One interesting issue Bart Perkins discussed was how to make your boss understand why they need to spend money on technology. After a few minutes of the class giving various techniques to make their bosses understand, he boiled it down to the need to make a business plan.
He also gave interesting statistics about the percentage of the IT budget that actually gets spent on security. Sadly, that number was a mean of 7.8%. That being said, he then said that the number one cost of IT was antivirus and spyware software. The one aspect of this that I didn’t quite understand was that isn’t antivirus and spyware software a security cost? Is it not the goal of anti-virus software to prevent hackers destroying and manipulating your data? In a way I am not really sure where he got the 7.8%, but I would have liked to ask where he got that number from and exactly what does security cost mean?
Next, Bart talk about what the biggest IT threat to the company was. Sadly, and truly enough, he said that the answer was the employees. This, I can believe. Employees are the biggest threat and mostly due to their lack of knowledge. From an employee’s perspective, sure, they am going to open that email that has the really catchy subject from a random sender. And yes, they are going to take home laptops, on which contains the personal data of all the employees. The human problem with IT is a very expensive problem.
Lastly, he talked about ways to reduce costs and various metrics to watch a company. He suggested reducing cost by outsourcing. Although terrible for the employees, it does save money for the company.
Overall, I thought that Bart had very interesting comments to say about IT and security in the corporate world. One thing that I didn’t enjoy very much was that he seemed to be all about the company. He was somewhat of a company man if you get my gist. Good for the company, not always so good for the employee.