"Employees' disregard of corporate IT policies
will increase as long as the policy is too rigid or impractical to
allow them to get their jobs done." Full article online here.
In my opinion, this is one of the most important things of all. Information security is a function to enable the organisation to go about its business with an awareness of the risks it faces in doing so. In the business of making a profit, organisations will take risks and do things that we would consider to be insecure. It is not the role of infosec to put the kibosh on plans or prevent people from working. If people can't get their jobs done without having to find a way to circumvent policy then the policy is wrong. Change it.
Comments (2)
Everyone agrees that data loss is a serious problem, for the private sector as well as government. All this, despite huge investments in so-called information security.
Companies and government have information handling policies coming out of their ears but don't seem to have any means of measuring their effectiveness in the sphere of Information Governance.
I have put together a brief outline of some practical measures that could be adopted, easily, by any organisation.
My quick guide (Measures for preserving stakeholder confidence) is available as a free download from my website - see this page:
http://tinyurl.com/5dmzap
Posted by Colin Beveridge | November 4, 2008 10:58 AM
Posted on November 4, 2008 10:58
Thanks Colin - it's a useful guide.
Posted by Stuart King
|
November 4, 2008 1:03 PM
Posted on November 4, 2008 13:03