Accepting the best defense

weekly roundup The annual International Monetary Fund-World Bank conference finally kicked off in Singapore this week after months of preparation by the authorities, which had included urging citizens in the island-state to welcome the 16,000 visiting delegates from 184 countries, with a smile.

weekly roundup The annual International Monetary Fund-World Bank conference finally kicked off in Singapore this week after months of preparation by the authorities, which had included urging citizens in the island-state to welcome the 16,000 visiting delegates from 184 countries, with a smile.

To deter and protect against terrorist acts during the World Bank meetings, the Singapore government--along with its police and security forces--mobilized some 10,000 soldiers and police officers, and blocked off main roads and access to the convention center. The security measures are so extensive that a foreign press described the country as a "well-functioning police state".

In a post-Sept. 11 environment, the added precaution--however severe--may indeed be necessary to ensure the global meetings are able to proceed without a hitch. But, like any IT security strategy, the level of user acceptance should not be neglected when security policies and measures are considered and implemented.

For instance, the road closures and limited access to the convention center have discouraged people from visiting the shopping malls located at, and near, the venue--so much so that retailers there have reported a dip of between 40 percent and 70 percent in earnings.

In fact, one access route left open to motorists who work within the central business district (CBD) requires them to exit the CBD, only to re-enter it again by paying another road toll (in operation during peak hours) in order to get to the shopping mall where the conference is held. Shouldn't the authorities have decommissioned this particular road toll during the week of the World Bank meetings, especially since it is one of the few routes left open for motorists?

This oversight once again underscores the importance of user acceptance when businesses think about an IT security strategy. We've heard often enough that the most stringent of security measures may best safeguard the company's network and data, but may be too inconvenient and require too much effort for users to want to follow--thus, rendering the security measures useless.

After all, what's the point of requiring your user to key in multiple passwords to access the corporate network, when he'll have to write them down just to remember them all?

In other news this week, find out why another top-level executive from Hewlett-Packard is on her way out, and what Microsoft has released for the next version of Office. Also, learn what happens if one persists in pushing bootleg software and why your next spam message may compel you to buy things you don't really need.