Targets of Opportunity: Information Security: The Human Factor.

• Author: Pemberton, J. Michael
• Position: Video Review

TITLE: Targets of Opportunity: Information Security: The Human Factor

PRODUCER: Commonwealth Films, Inc.

LENGTH: 26 minutes

PRICE: $695 from Commonwealth Films; $637 for ARMA members buying from ARMA

MEDIA: Available in CD-ROM, VHS, PAL, Secam

SOURCES: Commonwealth Films Inc. (617-262-5634; www.commonwealthfilms.com)

In today's competitive business climate, every competent information manager knows that security of all the organization's information assets has become a critical responsibility. Targets of Opportunity is a vivid exposition of how easily a company's information resources -- digital and hardcopy -- can be compromised. After learning that copies of a sensitive fax transmission have been sent to incorrect locations, and with some remaining unaccounted for, the executive vice president of a large company orders a thorough investigation of all the company's information and computer security. Hired by the VP for Information Systems, John Scanlon, an information security consultant, roams -- virtually unchallenged -- through the facilities of Intertrack Corporation as he tests the company's information security environment.

Scanlon teaches viewers a great deal about problem areas in information security. Several important issues come under the heading of general security precautions. These include

* being aware of others around and their actions; not hesitating to question unescorted visitors; recognizing that those in business attire or a technical services uniform of some kind can seem to fit in, especially if they behave with confidence

* not leaving data on portable media (e.g., floppies, zip discs) that can easily and quickly be picked up and pocketed

* never leaving passwords or access numbers in plain sight or under telephones or desk blotters.

Other information security areas addressed include

* Internet use

* access control

* e-mail security

* paper records (e.g., remote printers, faxes, files)

Participation in the Internet's growing online list services has lulled many into a false sense of intimacy with their virtual communities. If proprietary information is posted to one of these groups, it is as good as published to anyone who wants to look for it. Along with everyone else, competitors, investigative reporters, regulators, and attorneys for adversaries can read what is posted, so remembering not to post sensitive or proprietary information is more critical than ever.

Maintaining access control requires a variety of...