Subscribe to RSS Add to Technorati Faves Digg This Page Send to Stumble Upon Bookmark on Delicious

Intel's Layered Approach to Information Security & Risk Management

posted by Laurie Buczek on September 27, 2007

Malcom Harkins, General Manager, Intel Risk Security, recently gave an inside look into Intel IT’s risk management philosophy during Intel IDF 2007 and spoke with Jason Lopez from Podtech.



For Intel, risk management is a balancing act of open access to data versus lock down. Security & controls increase cost and constrain the use of data and systems, however, information assets should be reasonably protected. The philosophy that leads Intel is: A reasonably protected digital environment is necessary for a strong digital future.

Intel takes a layered approach to security. The layers include: • Policy: It has to be understandable, enforceable and appropriate. You know you need to do something, you have said you need to do something, you have to march the company towards meeting those goals or it is negligent. Intel IT recognizes that you cannot make blanket policy statements without understanding your technology situation and capabilities.
• Training & Education: The security perimeter shifted to people - people who interact with the devices and now breed most of the major privacy breeches, phishing and malicious code attacks. People also help to provide an early warning system.
• Technology & Testing: IT has to look at the defense in depth. IT must drive key elements of validating the security controls and recognize you need to do this across your environment
• Monitoring & Enforcement: This is what wraps everything together. Continuous enforcement of the right behavior and the controls. Make compliance important and not optional.

Malcom advocated for an IT paradigm shift for security: IT must look not only in technology areas but business processes. We could potentially enable controls in business processes that were better and less expensive than technology. Also embrace emerging technologies. While new initiatives bring the greatest risk exposures, they can also drive the largest business benefit. Back in the early days of mobility, wireless was a challenge for IT security. We had different ubiquitous wireless access which created rogue access points. Instead of spending resources to chase down the rogue access points, Intel IT decided to invest in solving the real business issue which is providing ubiquitous wireless that is secure and enable the wide adoption of wireless inside Intel. The key to successful risk management at Intel is a strategic partnership with our business groups.

Comments (0)
del.icio.us StumbleUpon Digg It
tagged: , , , , , ,

Post Your Comment




Comment Policy: We welcome your comments, however all comments are moderated. Offensive, off-topic or fraudulent comments will be deleted and not displayed. By submitting a comment to an Intel Blog, you agree to our legal information and privacy policy terms, including having your name displayed with your comment and that you are 13 years old or older. Your name and personal information will not be used for any other purpose, and your e-mail address will not be published.

Disclaimer: Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, and do not necessarily reflect the views of Intel. All Intel names and trademarks are the property of Intel Corporation or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others.