ASQ - Team and Workplace Excellence Forum


Online Edition - April 2002

---

Issue Highlight — Business as Usual
- Peter Block has been thinking about all the talk about getting back to business as usual and wonders whether business as unusual might not be better for the nation.


What’s Up?
A Quick Review of Issues Involving People at Work

In the last issue of NFC, John Guaspari talked about the importance for teams, facilitators, and managers of team programs to find ways of working with their marketing and public relations folks to help “sell” teams and team benefits to others in their enterprise.

While surfing the Internet looking for the latest technology news and how it might affect those involved with teams and quality, we found the Human Firewall (www.humanfirewall.org).

The Human Firewall is an organization that—hold your breath and wait for the drum roll—wants everyone to know that people are as important to information security as is technology; perhaps, even more important.

So, we have included part of its manifesto here and the comments of some of its members to give you what we feel are some valuable resources and arguments that may not only make life easier with your IT department, but can also serve as a great introduction for you to show them how you can help make their life easier and improve the firm’s information security profile.

The Human Firewall, People, and Participation: An Excerpt From the Human Firewall Manifesto

“Technology alone can’t solve the challenges of information security. Management of organizations, in particular, has tended to view information security as a technical problem confined to the Information Technology (IT) department. But to be genuinely effective, information security needs to become part of the way everyone conducts his or her daily business, from the CEO at the top on through the entire organization.

“A Human Firewall is not intended as a replacement for a traditional technology firewall since both are necessary to protect information assets. Rather, we must regard information security as simultaneously a people issue, a technology issue, and a management issue. The Human Firewall is simply a shorthand term referring to the people issues of information security that deserve more attention than we have given them in the past.

“According to Human Firewall Council Members, it’s time we all acknowledged a more holistic and progressive view of information security that incorporates the human element that is so important to our success in protecting vital information assets.”

© HumanFirewall.Org 2001

Comments posted by signers of the manifesto at the Human Firewall Web site
(total signatures: 310)

Linda L. Bender
Information Analyst
CITGO Petroleum Corporation
United States
Comments: People will perform when they are involved and are aware of the impact that they
personally make.

Scott Lowe
CEO/CTO
Mercurion Systems
Comments: It’s about time that we all realize that people, education, and knowledge are just as powerful as technology—if not more so—in the pursuit of better security.

Rich S. Sheiman
President
InfoScreen, Inc.
Comments: As a competitive intelligence (CI) firm, we understand the psychology of careless human disclosure. Humans are social animals. We like to talk; we seek the praise of others. Most information loss is inadvertent and indirect in its path to those who exploit it for competitive advantage. This is all very intuitive, and yet most corporations rest the security of their intellectual property squarely on the shoulders of MIS. In today’s complex market environment, corporations need a task force approach to their information security efforts that involves MIS as well as legal, human resources, physical security, document control, and other functions. Most importantly, employees must appreciate that information is an asset and be trained to support their company’s information security objectives. Fancy firewalls are of little value if people don’t participate in the security process.

Gary G. Swindon
President and CEO
G. Swindon Consulting
Comments: It is no accident that the premier security organizations, regardless of country, begin and end the security chain with people.

Dr. E. Douglas Harris
Associate Dean
The University of Texas at Dallas
Comments: Thanks for this opportunity to understand how to make a difference.

Rodney G. Denno
Principal Consultant
Secure Open Systems Inc.
Canada
Comments: Human Firewall neatly captures how organizations should mobilize and utilize their human resources.

Laura Taylor
Founder
Relevant Technologies
United States
Comments: Protection of critical information systems and private data begins with humans.

Mehmood Lodhi
Support Specialist
Expert Systems Pvt. Ltd.
Pakistan
Comments: Information security depends on people’s awareness to the subject and human firewall is doing great about this.

Jeron Jeon
Information Security Specialist
HMtech
Republic of Korea
Comments: Among people, process, and technology, people are the fundamental building blocks of information security.

Peter Wenham
Senior Security Consultant
QinetiQ Ltd.
United Kingdom
Comments: People are all too often the forgotten but oh so vital ingredient of security.

Dr. Keith Blacker
Consultant
Risk Focus Ltd.
United Kingdom
Comments: An excellent idea. Making staff (at all levels) more risk aware is the key, no more so than in the area of IT security where a little knowledge can be a very dangerous thing.

Matthew I. Hackling
Security Consultant
Alphawest 6
Australia
Comments: Human Firewall = A Fantastic Endeavor! After having wide exposure to security in physical, electronic, and computer security, I can thoroughly agree that security is developed by:
1. People (make and enforce policy)
2. Policy
3. Procedure (based on policy)
4. Technology (based on procedures)
We must address the level of information security skill and education in the general community or we will have the same problems again and again (RTM Internet worm, Code Red, Nimbda, I Love You, etc.).

Rey R. Dellosa
Information Technology Manager
NMIPhilippines
Comments: Human firewall is the great step for practicing information security not only inside your company but also to the outside world. If we just embrace the idea, we will be having a clearer perspective to what IT security is all about.

Mike Vangelos
Information Security Officer
Federal Reserve Bank of Cleveland
United States
Comments: The world could use an increase in awareness that information security is not strictly an IT issue. Technical solutions to security problems are important, but are rarely effective without strong security awareness. This looks like a great initiative.

Marcos E. Rodriguez
President and CEO
MANTICORE Inc.
United States
Comments: It is high past time that we place reliance on humans rather than blind faith in technology. Technology evolves by the second. In a short time, information technology will not only be a career, but will have to be common knowledge. Let’s share our resources to create a more secure technological world.

Return to top

April 2002 News for a Change Homepage

 In This Issue...
We Said Teams Are Awesome— in Las Vegas, They Proved It!
Heroes Wear Scrubs Too
Upcoming AQP Courses at a Glance...
Bringing Corporate Philosophy Alive
An Open Invitation to a New Conversation
What Do You Mean by Participation?
Tools for Teams: The TetraMap®
Something Shifted

What’s Up?


 Features...
Peter Block Column



Return to NFC Index

  • Print this page
  • Save this page

Average Rating

Rating

Out of 0 Ratings
Rate this item

View comments
Add comments
Comments FAQ

ASQ News