Text
Managing risk and information security : protect to enable
Given that security breaches and intrusions continue to be reported daily across
organizations of every size, is information security really effective? Given the rapid
evolution of new technologies and uses, does the information security group even need
to exist?
Obviously, this is a somewhat rhetorical question. I cannot imagine that any sizeable
organization would operate well without an information security function. The real issue
is whether the information security group should continue to exist as it does today, with
its traditional mission and vision.
As information security professionals, we should be asking ourselves pointed
questions if we wish to remain valuable and relevant to our organizations. Why do we
exist? What should our role be? How are new consumer technologies shaping what we
do—and can we shape the world of the consumer? How is the evolving threat landscape
shaping us—and can we shape the threat landscape? Given the bewildering pace at
which technology changes and new threats appear, how do we focus and prioritize our
workload? What skills do we need?
Traditionally, information security groups within businesses and other organizations
have taken a relatively narrow view of security risks, which resulted in a correspondingly
narrow charter. We focused on specific types of threats, such as malware. To combat these
threats, we applied technical security controls. To prevent attacks from reaching business
applications and employees’ PCs, we fortified the network perimeter using firewalls and
intrusion detection software. To prevent unauthorized entry to data centers, we installed
physical access control systems. Overall, our thinking revolved around how to lock down
information assets to minimize security risks.
Today, however, I believe that this narrow scope not only fails to reflect the full
range of technology-related risk to the business, it may be detrimental to the business
overall. Because this limited view misses many of the risks that affect the organization, it
leaves areas of risk unmitigated and therefore leaves the organization vulnerable in those
areas. It also makes us vulnerable to missing the interplay between risks and controls: By
implementing controls to mitigate one risk, we may actually create a different risk.
Availability
No copy data
Detail Information
- Series Title
-
-
- Call Number
-
005.8 MAL m
- Publisher
- : Springer Nature., 2013
- Collation
-
xvii, 152 p
- Language
-
English
- ISBN/ISSN
-
9781430251149
- Classification
-
NONE
- Content Type
-
-
- Media Type
-
-
- Carrier Type
-
-
- Edition
-
-
- Subject(s)
- Specific Detail Info
-
-
- Statement of Responsibility
-
By Malcolm W, Harkins
Other version/related
No other version available
File Attachment
Comments
You must be logged in to post a comment
Computer Science, Information & General Works 
Philosophy & Psychology 
Religion 
Social Sciences 
Language 
Pure Science 
Applied Sciences 
Art & Recreation 
Literature 
History & Geography