laptop security blog

This profile is of a lovely lady. And being a professional blogger – making her living out of blogging – she stands out as well. Arieanna Schweber takes care of the Laptop Security blog on behalf of Absolute Software.

I first noticed her when I read some of the stories at her blog. They where to-the-point, relevant and obviously not targeting a very technical audience. This blog did stand out amongst the Security Bloggers.

Arieanna is a marketing consultant and professional blogger (blogaholics.ca). Background includes a bachelor of Business Administration from Simon Fraser University, and then she landed a marketing specialist job. There, she helped start a blog, and from then on – she was caught.

She says:

“After some months, I decided to pursue this area as my career. This was almost three years ago. Right now, I write a number of personal blogs, and also work with a new media network called b5media (b5media.com) where I am an Editor. I decide on strategy in my specific area (Entertainment), hire and train new writers, and work on building community. Currently I manage approximately 60 sites in this way. “

60 blogs. Wow. Fulltime work, no question!

She has become a known resource in the blogging field, giving speeches at conferences and also consulting.

A: “I help companies understand how to leverage blogs for community building, and what specifically to do. In some cases, I will take on a contract to write the blog. “

Arieanna came to blogging about security from a contract perspective. Through this work, she as developed an interest in the topic. This sounds like at least a few security pros I know!

A: “For me, it's about simplification. If I can't understand it, it is not accessible information. I think that this is one of the barriers to effective security policies. “

Oh yes, I see that point. Unfortunately, too many security pros use the complete opposite strategy – obscure, make things hard to understand, confuse. How do you go about?

A: “So, my aim is always to simplify. To remove language that is unnecessarily technical. To sum things up into bullet points, whenever possible. I want to make the information accessible to anyone, regardless of their backgrounds. It is not just IT Security professionals who need to know about security - people in all ranks of business, government or the education field need resources as well. To understand and make decisions, or to be responsible employees. “

But without a strong IT background, how will you succeed?

A: “I am not an expert in IT. I could never set up security for a company. My experience and my knowledge are not about the technical aspects of password security or encryption technology or anything of the sort. And I think, to most people, this information is not really needed. It is not actionable information. It does not provide an example of what to do, or what not to do, to be secure.

I also try to provide resources that are complimentary to security; for example, talking about education technology in general. Providing information on changing technologies and policies that affect educators.

Since Arieanna offers a different view and background, she may offer insights and points of view that we normally do not see in the Security world.

A: “I believe that information security is primarily a simple concept, made more difficult and convoluted than it needs to be. I believe that companies need to understand the threats, identify solutions, set up a simple policy, and enforce training. My key belief is that the security policy is one of the most valuable assets a company can develop. “

We can all fully agree with that. But are policies enough?

A: “Based on the reports of the past several months, it's clear that most data breaches are not caused by hackers or malicious attacks. They are caused by mistakes that could have been avoided. In many cases, data is not protected. Employees are not trained on the importance of protecting data, or how to do so. Data devices are not properly secured. Companies simply are not aware of what data they have, where it is, and who has access to it. This is dangerous, and can all be avoided. “

How can we go about to reduce or remove this ignorance?

A: “Unfortunately, what seems to come about is not just complacency, but confusion. Although there are some amazing IT & Security professionals, there are also many grey areas. Governments make mistakes - despite strong security departments & consulting firms. Areas are being overlooked. I think a lack of education is a part of this - but I believe that information is not as accessible as it should be to help companies shore up. “

So knowledge is important. How can we help educating the crowd?

A: “Businesses must be aware of many facets of IS, at all levels. C-levels need to understand its importance, to allocate resources. IT security must keep on top of its data as well as technology. Employees need to understand their role. And shareholders & stakeholders need to feel confident these things are taken care of. “

Can we have a bullet point list? J

A: Sure - companies must be aware of:

· being compliant with data breach / privacy laws

· identifying weaknesses, on an ongoing basis

· finding technical solutions

· universally implementing said solutions

· limiting collection of, and access to, confidential information

· tracking data & equipment

· training employees

I think the areas where companies seem to falter are: staying on top of new threats, universally applying security technology, and training. “

One of the challenges many security and CIOs have is how to get the attention from the management – to get the required attention and budgets. How can they get the required attention?

A: “Poor IS is dangerous. It can lead to data breaches, and significant fiscal loss in damages and in consumer confidence. I think the media is making it more and more clear that IS is not cutting it for many companies, and that the outcome is quite a costly one. IS will, and is, be given a higher priority, but I think that companies will continue to falter in certain areas. I think it will take many more data breaches to compel companies to tighten up the gaps in their policies.

In particular, when it comes to these issues and the Absolute blog, I try to write about the "people" component of security policies, to highlight the importance of not just technology, but also training. I see this as an overlooked area in IS. “

What makes training so important?

A: “In many cases, the technologies are simple. Encryption. Laptop recovery software. Things people can understand and do. But if not universally applied, and if not reinforced with employee training, much of this effort can go to waste. The products and services to make your data secure exist - Absolute Software being a provider of some of the solutions. These companies make things easy on the technology side. I guess it's my interest to back that up with other resources. “

Arieanna, all the Security profiles are asked this question: In your opinion, what are the three main challenges businesses meet regarding IS in 2007?

A: “

1. Securing off-site data devices. Knowing what information leaves the office, and on what device.
2. Training. Shoring up the "people" problem.
3. Limiting information. Companies need to cut back on the personal information they collect, where they store it, and who has access to it. But it is an issue that only scales with the size of the company, and will prove difficult for many. “

Thank you kindly, Arieanna! It has been a true pleasure.

You can contact Arieanna at these resources:

Arieanna Schweber
Arieanna@blogaholics.ca

The Laptop Security blog: http://blog.absolute.com