According to McPherson, many -complex" Australian IT-dependant organisations have implemented up-to-date security software and devised best practice company security practices, but separate department systems still need to be synchronised to prevent security holes from emerging at jurisdictional boundaries.
The best way to locate and seal gaps in IT security systems was to conduct multi-tiered security audits, involving global policies as well as sub-policies customised to specific departments, McPherson said.
This -coverall" approach will be the subject of a keynote address delivered by McPherson at industry trade show N+I (NetWorld+Interop) in Sydney this week.
One key factor McPherson said would be addressed in the keynote was employee education.
-Education is a key element in any policy execution," he said. -Everyone from the janitor right up to the CEO" should be made aware of ongoing security procedures, he said.
Furthermore, employee eduction practices related to IT security needed to be continual, as new staff provided serious liabilities if they did not understand policies specific to the company or department.
McPherson warned against the perceived quick-fix associated with conducting security audits internally. He said employees who were -too close to the product" when they conducted an audit often struggled to -see the wood for the trees" in a security system, despite their good intentions.
AusCERT recommends companies pay exra and received the full benefits of an outsider's objectivity, he said.
AusCERT (Australian Computer Emergency Response Team) is an operational arm of University of Queensland.
Basically agree with the story, But.....
Unfortunately all us computer users have been conned by the Yanks, again.The TRUE STORY is that, these systems will NEVER EVER be secured.
Everything you always do regarding the security of PC based IT operating systems will always be reactionary, once you've been informed by either current events or companies such as Microsoft releasing patches, hopefully you can apply them before you get collateral damage.
You see, to put it in a simple term, Mathematically , the systems cannot be secured.
Microsoft and others knew this before the even sold a system, and so did CIA & others in US Government.They spent 30 years developing the INTERNET, before throwing it out as a lost cause, because they KNEW it can't be properly secured, EVER !!
So they gave it over to the University boffins, who could see how to make enormous amounts of fast bucks, for themselves.
US Government saw the advantages of having access to the files & personal information of every comapny & individual silly enough to use it, like me !