One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 4628847 |
| Date de publication | 2022-05-15 17:18:34 (vue: 2022-05-15 06:05:35) |
| Titre | What actually drives information security? |
| Texte |  The 'obvious' driver for information security is information risk: valuable yet vulnerable information must be secured/protected against anything that might compromise its confidentiality, integrity or availability, right? Given an infinite array of possible risks and finite resources to address them, information risk analysis and management techniques help us scan the risk landscape for things that stand out - the peaks - and so we play whack-a-mole, attempting to level the field through mitigating controls, remainingly constantly on the lookout for erupting peaks and those hidden behind the ones we can see or were otherwise transparent.That's 'obvious' from my perspective as an experienced information risk and security professional, anyway. Your perspective probably differs. You may look at things from a slightly or dramatically different angle - and that's fine. I see these as interesting and stimulating complementary approaches, not alternatives.Compliance, for instance, is a strong driver in some cultures and organisations. Quality, efficiency and effectiveness drive others. Some seek to apply good practices, joining the pack. Customer-centric businesses naturally focus on customer satisfaction, brand values, loyalty etc. Startups are concerned to grow rapidly, hence anything that is or might become a barrier is a target. Government organisations, charities, professional services organisations, utilities, schools, assorted industries etc. all have their own focal points and concerns. Profits are clearly important for commercial organisations, but there are other financial measures too - and indeed many other things to measure. Information risk and security is incidental or supportive for most of them, enabling for some and essential for a select few whose business is information security, or the enlightened (as I like to call them).So, in your own situation, consider the business perspective. What does management want/expect out of information security? Along with what they do not want or expect to avoid, these are worthwhile aspects to explore. |
| Envoyé | Oui |
| Condensat | the then about accounting achieve action actively activities actually additional address adverse against agendas all almost alone along also alternatives amazing analysis angle another answers anything anyway apply approaches are area areas array ask aspects assets assorted attempting attitudes audit availability avoid awareness awesomely back barrier basis become been behind being better biased billion board bonus: book brains brand budgets build business businesses but call can cannot capabilities care career carefully centric changed charities check chemical clear clearly client clues coherent colleagues colours commercial companies company compare complementary compliance compromise concern concerned concerns confidentiality consider constantly contemplate controls corporate could creative critical cultures customer data date dates demand departmental depend depends develop different differing differs directors discuss disregarding does doing dramatically drive driver drives effectiveness efficiency enables enabling endemic engineering enlightened erupting essential etc even everything exec execs exercise expect experienced expertise explore far field figure financial fine finite focal focus forth free from functions funding garner generally gestures given good government grow guess has have health healthcare help hence here hidden high hints historical horizons hot how humdrum ignored implicit important improvement inaccurate incidental incomplete indeed industries infinite information infrastructure innovative instance integrity intellectual interest interesting internet involve involvement isn its joining keep key kinds know knowledge landscape lately legal/compliance let level levels life lights like likely limiting list long look lookout loyalty major management managers many marketing massive matters may maybe measure measures measuring media meeting messenging metric metrics might mimics mission mitigating mole moment months more most must national naturally nature news not objectives obvious offering once ones oooh operational opportunity organisation organisations other others otherwise out outlooks over own pack paint part past peaks people perspective pick play pointers points possible powerful practices pre pressure priorities probably processes professional profits project promotional property quality questions raising range rapidly rather realistic really realm register related relations remainingly required research resources right risk risk: risks routine safety same satisfaction scan schools secured/protected security see seek select services shoddy showing situation slightly smells solo some something sounds stand startups statement step stimulating stories strategic strong struggle study stuff suite support supporting supportive supports takes target team techniques tells that them then these things think thinking those threat three through time too top topical towards transparent trends trumps trust two under understand understanding upon used utilities utterly validate valuable value values vulnerable want want/expect warning waste way well whack what what: whatever which who whose why worries worthwhile year years yet you your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.