Security and data breaches are overwhelmingly due to human factors: mistakes, rants, retaliation for perceived slights… and so on. In the case of the latest WikiLeaks situation, a leak of more than 250,000 State Department cables, it’s interesting to note that this isn’t a hacking situation – it’s a leak by someone from the “inside.”
I once worked at a secured information center, while a member of the U.S. Army, and my position necessitated my possession of a Top Secret security clearance. While this is not a political column, aside from occasional discussion of organizational politics, I find it almost unimaginable that someone possessing training and trust would do something like this.
But, what lessons does the latest WikiLeaks dump hold for the local organization?- that is, yours?
First and foremost, recognize that content is a resource – further, it’s a protected resource. Just as you secure computers, laptops, printers, paper, furniture, and anything else, you must secure content. It’s a bit more nebulous than the strict securing of physical objects, but nonetheless you must do it. Further, you must do it in an evolving world of threat and breach.
In I.T. WARS, I discuss Content Management in very straightforward terms: For content – information, data – you must be able to: Get it; use it; re-use it; and get rid of it – within a secured system of access and control, and with a properly trained and performing staff.
In other words:
Getting It: Having appropriate access to data, and the ability to find what you need;
Using it: Conducting business with best information; also includes creation of data;
Re-using it: Repurposing information; creating new reports from data; satisfying new requirements, departments, people…;
Getting rid of it: Archiving or destructing information upon end of its active and/or useful life. Avoiding a “glut” of information and subsequent processing burden (both systems and people).
Protecting it: And to reinforce: Ensure that your entire organization’s staff, from titular head to temp, understands your Content Management, Acceptable Use, and all security/info-related policies. It should go without saying that appropriate passwords, protected system areas, physical content containers, etc., should be enacted and maintained…
Be careful out there.
November 29th: On this day in 1877 Thomas Edison demonstrates the hand-cranked phonograph.