Information Security
Managerial Issues Related to Information Security
At the turn of this decade, the world was recovering from a severe global economic crisis, with every business seeking to curtail its expenses across departments. The IT departments of organizations were one of the hardest hit and hence, enough emphasis was not laid on the importance of information security for a company. Information security is a crucial part of an organization’s strategic objects, but it has its advantages and challenges .
This duality in the nature of information security management poses several managerial issues. To begin with, information security processes need to be aligned with the top most objectives of the organization. At the same time, the strategic goals of the organization often prevent the very measures that need to be taken to assure the productivity of assets and processes. As the influence and presence of technology in businesses increases, the alignment of information security with organizational objectives becomes all the more difficult to trace. It is a major managerial challenge for information security to be balanced against organizational objectives.
As organizations become increasingly reliant on the use of technology, the scope of information security reaches across departments and processes . It is a managerial challeneg to identify, prioritize and target specific areas within the organization where information security is most needed. This requires effectuve risk analysis to specify processes that are at greatest risk and have the deepest impact on organizational performance. In order to protect a certain department or process, resources from across the organization need to collaborate, which can prove to be a managerial challenge.
The complex nature of operations and their networks adds to the risk to security . Further, the fast paced changes in the technological sector adds to the complexity of information security management. This complex nature is not peculiar to large companies. Any organization that uses even the most basic forms of technology to communicate needs information and security. It is also a challenge to draft a sevurity plan that is as flexible and dynamic as the changes that take place in the business and technology sector.
A technology reliant operational environment can utilize a large portion of a company’s IT budget. A information security requires expenditure to be made, it is rarely viewed as an investment. This perception is further aided by the lack of regular analysis of the ROI of the investments made on security . Hence, such organizations never truly know the benefit investing in information security will bring to them. Further, the effectiveness of security measures are difficult to quantify. It is a managerial challenge to change the perception of information security within the organization for it to be considered a good investment.
Information security is most often viewed as a technological issue and not a managerial or operational one. This is mainly because organizations focus their security around protection tools and fail to notice the operational and management loopholes that contribute to risk. This oversight on the part of the organization poses a managerial challenge to information security as processes cannot be optimized till their gaps are effectively identified.
It should be noted that the security of an orgnization cannot be solely achieved by implementing technological tools but rather by aligning every security effort with the organizational objectives and over all administration of the company. For examples, an organization does not solely store its data as electronic files. Information is stored inpaper form, as files on a PC or as an online database. Information security includes security data in all its forms.
Finally, most organizations do not have regulations in place that ensure timely review, control and updating of the information security set up. This shows a lack of focus towards the risk arising for poor information security standards. However, where such regulations do exists, strictly adhering to them taes away from the flexibility required to cope with a fast changing environment. For examples, HIPAA regulations protect core assets not other aspects such as processes. Maintaining a balance between following regulations and maintaining flexibility poses a information security management issue.
Bibliography
Berinato, S. (2003, December 15). After the Storm, Reform. Retrieved May 15, 2012, from www.cio.com: http://www.cio.com/archive/121503/securityfuture.html
Hong, N., Al-Khatib, W., Magagna, B., McLoughlin, A., & Coehttp, B. (2012). Systems Theory. Retrieved May 15, 2012, from www.ed.psu.edu: http://www.ed.psu.edu/insys/ESD/systems/theory/SYSTHEO2.htm
Mimoso, M. S. (2002, 15 April). Measuring Security ROI a Tall Order. Retrieved May 15, 2012, from www.searchsecurity.com: http://www.searchsecurity.com
Starr, R., Newfrock, J., & Delurey, M. (2003). Enterprise Resilience: Managing Risk in the Networked Economy. Business Strategies, Summer 2003 .
