The interconnected nature of the knowledge economy demands the development of pragmatic processes to address pressing security issues in today’s competitive and sometimes exposed environment. The Center for Advancing Business Through Information Technology (CABIT) at the W. P. Carey School of Business recently assembled information technology leaders to exchange knowledge of these security issues and to share experiences with the tools required to better protect organizations. At CABIT's Third Annual Security Symposium, presenters showcased the pioneering ideas and insights that are sustaining the development of the knowledge economy. Topics included policy frameworks, best practices, risk management and technology solutions.

Most crooks aren't all that smart and spies are no exception, according to former National Security Agency analyst Ira Winkler. Getting confidential financial and technical information right from the source is simpler than you'd think. Most hackers and spies don't have special aptitude for intelligence theft. What they do have is (a) some sort of training and (b) the willingness to perform as trained over and over again -- what Winkler calls "the repeatable process required for expertise." Understanding this basic formula is key to protecting computer security systems, the expert told his audience during a recent security symposium at Arizona State University.

The average hacker used to be a cyberspace vandal whose prime motivation was mischief and developing a reputation as an IT wizard. Over the past year, however, hackers have increasingly used their skills to break into inadequately guarded systems to steal money and valuable data. And companies are now exposed on more fronts than ever. Firms that take IT governance seriously are 20 percent more profitable, according to Rob Clyde, chief technology officer of computer security vendor Symantec Corp. The CTO should be in on every top-level decision, he advised, and IT security should be the responsibility of every unit in the organization.

Passwords are "the dirty little secret" of the computer-security industry, says Arvind Krishna, a software security expert. The use –- and misuse – of passwords illuminates a cyber-security conundrum: is it about the user, or the data? Industry experts like Krishna study the plethora of security screw-ups for clues. Krishna favors centralizing identity management –- he mentions passports as a real-world example -– but much work and deep thinking must be done before such a concept can become workable in the cyber-security world.

InfraGard is an association of businesses, schools, state and local law enforcement and private individuals dedicated to sharing information and intelligence "to prevent hostile acts against the United States." The FBI partner organization consists of a national network of 84 local chapters whose members are unpaid volunteers. Founders initially courted IT managers at large companies, figuring they could assist the government in fighting cyber-crime while protecting their own corporate interests. However, since the 9/11 attacks four years ago, they're increasingly recruiting professionals with non-IT backgrounds to join.