Nationally the dialog centers on the question: “Are Americans safer today from terrorist threats because of our actions in Iraq and Afghanistan?” Especially after all the blood that’s been spilled and all the money that continues to be spent.
Polls such as from the Washington Post-ABC folks or CBS tend to show this summer that a majority of Americans believe the war in Iraq has not contributed to the long-term security of the United States. A larger majority expects a terrorist attack on the U.S. in “the next few months.”
POLLS MEASURE PERCEPTIONNo doubt, these polls really measure perception and not reality. Measured is the feelings of Americans and their believes; most Americans do not have the facts and figures available to government, intelligence and national law enforcement officials. And, hold on to your partisan hat, when you throw in politics, even the facts and figures can take a dizzying spin.
So what does all this have to do with enterprise security; you know, the prox card, dome camera in the parking lot, ID badging, security guard says hello world you live in?
Perception. Reality. And politics. That’s what.If people (employees, CEOs, contractors, visitors) have the perception they are unsafe then, no matter the budget, crime stats, policies, procedures, technologies or communications, there is a security problem. Reality tends to be an argument and not a state of mind. There’s also organizational politics. No left or right, but office politics often revolves around territory, power, budgets and the attention of the boss.
During interviews with some of the Security 500 executives, this month’s cover article, there are tipping points in addition to perception, reality and politics. Two important ones: privacy and convenience. Organizations are discovering there may be a very high cost after incidents of privacy invasion. At the same time, chief security officers at some operations are discovering that there is a danger when security becomes too inconvenient.
For example, the recent data loss incidents at the Department of Veterans Affairs (VA) have led Congress to take aim at forcing security organizational changes and process improvements at the VA and other federal departments and agencies, according to a report released by INPUT. Last month’s Security Magazine News & Analysis covered this issue. “The root cause of these incidents, and the root cause of most of the security problems facing the federal government on a fairly consistent basis for the last decade or longer, is culture,” Bruce Brody at INPUT told the Zalud Report.
LEGISLATION ADDRESES THREATSCurrent efforts to improve information security that are expected to play out in the coming months include legislation expected to affect changes in the VA’s organization and FISMA (Federal Information Security Management Act). Legislation has been introduced to elevate the position of the VA Chief Information Officer (CIO) to an under secretary and to modify FISMA to clarify the enforcement authority of the CIO. From the time FISMA legislation is passed, the CIO at decentralized departments and agencies will no longer be able to simply issue policies, but will also be tasked with enforcing those policies by holding people accountable for violating them.
Concerning the issue of convenience of security measures, the recent transatlantic airline terror plot proves the point. A CBS poll of Americans shows that 75 percent believe a ban on liquids and gels is “necessary.” But hardly any want a ban on those gosh-awful wheeled carts; and don’t touch our cell phones, laptops and iPods.