Author Box
Articles Categories
All Categories
Articles Resources

Information Security Is Not Just An IT Issue

June 23, 2012 | Comments: 0 | Views: 184

Time and again, when I talk to business owners and managers about information security, I get the line "that's an IT issue" or "our IT guys look after that".

Whilst I'm well aware that IT and IT security plays a significant role in information and data security, it is not the Holy Grail many people seem to think it is.

IT is not some kind of magic wand, to wave over your information assets to suddenly make them secure. Of course, the careful and appropriate use of IT solutions is an enabler of information security. It is a method of securing your information and data whilst being used or accessed electronically.

But information is available throughout your organisation in a whole host of formats. Hardcopy printouts, hand-written documents and notes, images, drawings, film and microfiche and doubtless shelves of folders and binders, all make up a substantial element of your business information.

This information needs to be kept secure also.

But, by making information security and IT issue, many senior managers feel they have done their duty, and allocated it some someone who can deal with it. The problem here is that without senior management buy-in, and a top-down culture of security and security awareness among non-IT staff, the 'IT Crowd' can only achieve so much.

Often, IT security controls and processes, implemented without the understanding and buy-in of non-IT staff, will be circumvented. If staff feel that IT is getting in their way, they will do everything they can to work around it or subvert the controls. This is how we end up with users sharing logins or passwords, or documents being emailed to large groups of people because "Joe can't access them".

To successfully implement an information security programme, managers and business owners need to take ownership themselves. They need to be involved in writing the policies and procedures. They need to educate their staff and system users as to WHY they need to adhere to the policies, HOW to do it and WHAT the consequences will be if they are not followed. They can then use the available IT solutions to assist with the businesses information security policies, approach and objectives.

Information security is NOT an IT issue, but done properly IT can help you achieve your information security aims. You just need to make sure you've defined your business objectives beforehand, and educated your staff along the way.

Lee Hezzlewood is the founder of Secure Thinking, a UK company providing specialist services in Data Protection and Cyber-Security. For help managing your information security see our Managed Security Services

Source: EzineArticles
Was this Helpful ?

 
0
 
0
 
Rate this Article
 vote(s)
Feedback
Print
Re-Publish

Article Tags:

Information Security

,

Businesses Information Security

,

Information Security Policies

,

It Security

In India, employment opportunities are set to grow by a good margin in the coming year, a phase which was started in the turn of the second decade of the 21st century. organisation, candidates with

By: Sarkariexam l Business > Careers Employment l April 01, 2013 lViews: 11718

Sometimes it is amazing to see that certain jobs can precipitate huge turnouts in the recruitment drives. It is as if thousands of people were waiting for the vacancy advertisements and the moment

By: Sarkariexam l Business > Careers Employment l December 30, 2012 lViews: 692

In recent times, jobs in healthcare segments have grown tremendously. It is anticipated that this growth curve will continue for the times to come. Various factors are responsible for this

By: Sarkariexam l Business > Career Advice l December 27, 2012 lViews: 449

Are you in a dilemma whether to choose web based CRM or not? If yes, don’t worry. You aren’t the sole person having this doubt.There are numerous firms trying to make out whether investing in a

By: Reneta Vasileva l Business > Customer Service l December 23, 2012 lViews: 410

If you think about it you will realize the fact that each business has its own set of risks that are involved in it.The trade secrets that you have and the information related to the business is what

By: brumbrum1 l Business > Risk Management l December 23, 2012 lViews: 264

As the time is changing, concierge management services are now growing despite the slowing economies of the world. The main reason of it is the need that is highly specific to the people who like to

By: willsmith10 l Business > Management l December 23, 2012 lViews: 334

Almost all modern businesses hold, share and access potentially sensitive information on a regular basis. But how many have truly effective information security controls?

By: Lee Hezzlewoodl Business > Securityl June 26, 2012 lViews: 185

Businesses are recognising the importance of the information they manage, and more companies than ever deal with sensitive information on a regular basis. So whether you are a one-man-band or a

By: Lee Hezzlewoodl Business > Securityl June 26, 2012 lViews: 215

Social Engineering poses a real threat to businesses and their data. This short story highlights a very real social engineering scenario.

By: Lee Hezzlewoodl Business > Securityl June 23, 2012 lViews: 183

Information security and data protection is important to small and medium businesses, but many don't understand the threats and risks. Here we outline some of the primary issues and attempt to show

By: Lee Hezzlewoodl Business > Securityl June 23, 2012 lViews: 174

Fire resistant doors are very popular for being fully safe and are able to control fire to a great extent. Not just any manufacturer can make these doors and one has to pass the competency test in

By: Alicia Tanl Business > Securityl June 22, 2012 lViews: 206

One type of professional is important for lock installation, lock changes, key making and, frankly, lock opening. Most people don't even think of a locksmith until they lock themselves out of

By: Antoinette Ayanal Business > Securityl June 22, 2012 lViews: 205

Almost all modern businesses hold, share and access potentially sensitive information on a regular basis. But how many have truly effective information security controls?

By: Lee Hezzlewoodl Business > Securityl June 26, 2012 lViews: 185

Businesses are recognising the importance of the information they manage, and more companies than ever deal with sensitive information on a regular basis. So whether you are a one-man-band or a

By: Lee Hezzlewoodl Business > Securityl June 26, 2012 lViews: 215

Social Engineering poses a real threat to businesses and their data. This short story highlights a very real social engineering scenario.

By: Lee Hezzlewoodl Business > Securityl June 23, 2012 lViews: 183

Information security and data protection is important to small and medium businesses, but many don't understand the threats and risks. Here we outline some of the primary issues and attempt to show

By: Lee Hezzlewoodl Business > Securityl June 23, 2012 lViews: 174

Location-based services are increasing in popularity all the time. But are we opening ourselves up to a world of pain and potential abuse through the use of such services?

By: Lee Hezzlewoodl Internet Businesses > Securityl June 23, 2012 lViews: 168

Organisations with an online presence need to consider the security of their websites as well as it's look and feel, functionality and usefulness as a marketing tool. Otherwise there could be serious

By: Lee Hezzlewoodl Internet Businesses > Securityl June 23, 2012 lViews: 179

Discuss this Article

comments powered by Disqus