So I just finished doing some mandatory e-learning for a new project I am working on for a large enterprise. (Seriously just finished… I’m writing this in notepad) The topic was Information Security and it was honestly really interesting… as I did it I could not stop thinking about how Enterprise 2.0 will tackle the issues of securing an organizations’ information.
These concerns will have to be addressed for wide adoption of social software on the Enterprise; I’m not going to even get into Software as a Service (SaaS) because honestly that is a whole other conversation.
Large corporations need to keep their information secure to earn and maintain the trust of customers, regulators and business partners.
The issue is though that information needs to be available and easy to access when it is needed. As a third stage Guild Navigator says, “the spice must flow†:-P
A companies employees, customers, and business associates frequently use information on the enterprise to conduct their business. If access to relevant information and systems were interrupted, they would be unable to conduct their business properly.
I once talked to a team that was working on an extranet for an institutions board of directors. So while this was a simple information sharing extranet they had INSANE security requirements. Each board member had to remember 3 unique login credentials: one for access to the network, one for the extranet, and one for the document level security on the encrypted files.
So the problem was that this information was extremely sensitive and needed to be protected but board members had difficulty using the system because they had to remember three sets of login information and it was not like they were accessing the extranet every day. The board members said that the system was too hard to use so the team had to address this while ensuring that the corporations information remained secret. We went through many scenarios and technologies to try to solve this difficult problem and I left before the project really went anywhere.
Making sensitive information available while at the same time protecting it from unauthorized access and inappropriate disclosure is, of course, a delicate balancing act. The basic idea is to give authorized individuals access to the premises, systems and information they need, while keeping the unauthorized people out. These are difficult issues and one that the enterprise 2.0 community will deal with soon, but it will be a rough ride. — I’m looking at you Vista ;-) which isn’t really enterprise 2.0 but a upcoming thorn in my side.
—
Oh I found this in my training and I found it kinda funny in a Lord Nikon, Angelina Jolie kinda way. From Social Software to Social Engineering
Social engineering – what is it?
Social engineering is the process of getting sensitive information, such as passwords, access rights and other sensitive information, by tricking employees.
Social engineers will use many different ways to get sensitive information from you. The best way to defend against social engineering is to ensure that you can recognize potential threats when they are happening and know how to deal with them.
