The term 'security policy' used to mean different things to different people. For the facilities management department, it covers physical access points and teaching staff to lock office doors and file cabinets before leaving for the night. For the IT manager, it means keeping up to date with the latest patches and ensuring that users can only access the applications and data that they are allowed to. However, this situation is changing with IT and physical security being managed together. Although they come from separate disciplines, what these two areas have in common is policy.

Managing the Increasing Vulnerability of a Decentralized Workforce More and more companies today are enabling employees and partners to work remotely, accessing networks, data and applications from just about anywhere to be productive. Being productive is good. Behaving less responsibly is not. I was reading that Cisco Systems commissioned a survey to examine the security behavior of remote workers, and I found some of the findings startling -- here's a few that stood out for me:

Users from temporary staff all the way up to the corner office complain about ‘drowning in security.' Why does it take four more passwords to open an email at work in some cases than to check a bank balance via the home PC? The things that make a car safe - airbags, safety glass, crumple zones, etc. - are not obvious to the driver. What lessons can we adopt from hidden security measures to make security less of a drag on employee performance?

The merger between RxHub and SureScripts has garnered extensive coverage - here,here and here, among others. This is a huge step forward for standardizing on, and speeding the adoption of, electronic prescriptions. It is significant progress, and the latest of many advancements the healthcare sector is driving forward. There is one area of the electronic prescriptions story though that is missing from all of the stories around the RxHub/SureScripts merger, though it's an important piece of the equation - authenticating that the prescription drug order is legitimate, and truly from an approved physician. Electronic transactions are easier and quicker, sure, but so is the potential for misuse and fraud.

I've had a few conversations lately tied around the topic of the insider threat in the financial services arena, so I figured I'd scan around the Web to see what's out there and came across an interesting InfoWorld article. Though it is from last Fall, it hits on a number of concerns that are timely now, especially given the major breaches like Societe Generale. The article reports on a Deloitte study that highlights two major data points that I want to call out:

There's a lot of news and opinions on the web as the blogosphere continues to grow. As a result, the web can be overwhelming on one hand and full of wonder on the other as you sort and click through the rabbit hole of conversations on the other side. In light of this, I thought I would provide a short list of great blogs and resources that I follow from the identity management circles that are worth checking out and engaging with: