Illegal Activity and Network Protection

Human behavior is inherently risky. In this entry, I want to explore two types of behavioral risk to the organization â€" operational risk and reputational risk â€" and to argue that illegal behavior is a reputational risk that is inconsistently regulated.

In a Government Executive piece a couple months ago, Jill Aitoro reported on a survey of federal IT workers that revealed employees using government computers and networks sometimes fail to follow policy and thereby endanger information security. Certainly, this is no surprise. In fact, I question the study's results because only 56 percent of 474 survey respondents reported having observed security violations. If anything, this suggests that 44 percent of the respondents were simply unaware of the security policy.