One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 2148825 |
| Date de publication | 2020-10-08 05:41:06 (vue: 2021-01-06 20:37:56) |
| Titre | NBlog Oct 8 - is Facebook an asset? |
| Texte |  Yet another good question came up on the ISO27k Forum today*. Someone asked whether to add the company's Facebook page to their information asset register (implying that it would need to be risk-assessed and secured using the Information Security Management System processes), or whether the asset should be the Facebook account (ID and password, I guess)**.From the marketing/corporate perspective, good customer relations are perhaps the most valuable information assets of all, along with other external relations (e.g. your suppliers, partners, prospective and former customers, regulators/authorities and owners) and internal relations (the workforce, including staff, management, contractors, consultants and temps, plus former and prospective workers). It's tempting to think of these as just categories or faceless corporations, but in reality the interactions are between individual human beings, so social relationsin general are extremely important in business. There are numerous mechanisms that generate, support and maintain good customer relations, Facebook for example. Likewise for other relations (e.g. ISO27k Forum!). You might think of them as simply apps or information services, often cloud based, often commercial services provided by third parties hence limiting what is on offer and your options or influence over the infosec, privacy and other requirements. There are also related processes and activities, some of which have infosec, privacy and other implications e.g. I have a bank pestering me right now for identification info which they need from me as part of the anti money laundering regs: it's a pain for me and for them, but they have to comply with the laws and regs. Workforce relationship management and 'industrial relations' is a huge part of 'management', with governance, compliance and other implications and risks. Overall, relationship management is, clearly, an important part of business success, or indeed failure when things go horribly wrong (e.g. look up the Ratners jewelers fiasco in the UK, and just look around at the difficulties arising from COVID-19: our people and myriad relationships are under extreme stress this year, not just our organisations). Summing up, I encourage everyone to think big in terms of the scope of information assets, with a strong emphasis on the information that matters most to the business, the organization, and its strategic objectives. The IT systems and services are merely business tools: what matters most is the business information generated/processed by them.* As I've said before, it's funny how often a simple, seemingly basic or naive question on ISO27k Forum leads to something more revealing when the answers and debate sta |
| Envoyé | Oui |
| Condensat | ** someone 19: account activities add all along also another answer answers anti apps are arising around asked assessed asset assets bank based basic before beings besides between big both business but came categories clearly cloud commercial company compliance comply consultants contractors corporations covid customer customers debate dichotomy difficulties emphasis encourage everyone example external extreme extremely facebook faceless failure false fiasco flowing: former forum from funny general generate generated/processed good governance guess have hence horribly how huge human identification implications implying important including indeed individual industrial influence info information infosec interactions internal iso27k its jewelers just laundering laws leads likewise limiting look maintain management marketing/corporate matters mechanisms media merely might money more most myriad naive nblog need not now numerous objectives oct offer often options organisations organization original other over overall owners page pain part parties partners password people perhaps perspective pestering plus power privacy processes prospective provided question ratners reality register regs regs: regulators/authorities related relations relationship relationships relationsin requirements revealing right risk risks said scope secured security seemingly services should simple simply social some something staff start strategic stress strong success such summing suppliers support system systems temps tempting terms them these things think third today* tools: under using valuable what when whether which workers workforce would wrong year yet your |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.