Staff training is vital for security

Staff disabling virus protection and not bothering to change their passwords are security threats too great to let slide, according to one leading international chief information officer. Security researchers have warned that chief information officers are likely to see more and more blended security threats within the next couple of years. Recent research released by the Computer Security Institute (CSI) in the US has also found that losses could include theft of proprietary information and financial fraud. The threat from employees taking a lax attitude to IT security exposes businesses to too much risk to be ignored, argues PeopleSoft chief information officer David Thompson, in Sydney at the vendor's leadership summit this week. Thompson has set up what he refers to as 'Operation Barbed Wire', designed to move the company into an internal environment which has a mentality of security. He said it's as simple as educating users to lock their PC when they walk away from it. "It's training people about security so they can be part of the process," Thompson said. He believes that IT departments have to be good at internal marketing, and has been putting up posters around the company's buildings to educate staff about issues such as having strong voicemail passwords. "Chief information officers should be thinking about that and educating staff members," he said. Although Thompson admits that chief information officers can't always think of everything, it's part of their role to look out for the best interests of the company they work for. He said that the demands on a chief information officer can be very intense, particularly as the pace of business increases. Thompson sees recent events, such as 11 September, as having led to chief information officers now having a more prominent role and power within organisations. Thompson has worked at PeopleSoft since 1995, and was involved in the company's consulting services before moving to his current role of chief information officer and senior vice president. He admits that when he was a consultant working in the field he was a pretty vocal critic of the company's internal IT department. Since becoming chief information officer Thompson said he's tried to insert his experience and tracks time, cost and resources for internal projects in the same way as he would as a consultant. "I run IT as a business," he said. However, Thompson said that working for a tech organisation also means that everyone has ideas of what should be done. "I have a lot of people who want to put their fingers in the pie," he said. Yet Thompson said that the feedback can also be a benefit. He has also set up a new dual track programme, with the help of the company's HR department, to provide career development for staff within its IT department. Thompson said part of this had been to identify what he called company-makers -- people who if they left it would impact the company -- because of the value they brought to projects, ideas, and going beyond the call of their role. "People over time can get stagnant and bored," he said. "These types of programs help us address that."

---