• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Protection of Information Assets

Temple University

Protection of Information Assets

MIS 5206.001 ■ Fall 2023 ■ David Lanter
  • HomePage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit #1: Understanding an Organization’s Risk Environment
      • Unit #2: Case Study 1 – Snowfall and stolen laptop
      • Unit #2: Data Classification Process and Models
      • Unit #3: Risk Evaluation
      • Unit #4 Case #2: Autopsy of a Data Breach: The Target Case
      • Unit #5: Creating a Security Aware Organization
      • Unit #6: Physical and Environmental Security
    • Second Half of the Semester
      • Unit #8 Case Study 3 – A Hospital Catches the “Millennium Bug”
      • Unit #9: Business Continuity and Disaster Recovery Planning
      • Unit #10: Network Security
      • Unit #11: Cryptography, Public Key Encryption and Digital Signatures
      • Unit #12: Identity Management and Access Control
      • Unit #13: Computer Application Security
  • Deliverables
    • Weekly Deliverables
      • “In the News” Articles
      • Answers to Reading Discussion Questions
      • Comments on Reading Discussion Question and Other Students’ Answers
    • Case Studies
    • Team Project

Question 2

August 11, 2023 by David Lanter 10 Comments

Is information security a technical problem or a business problem?  Explain your answer.

Filed Under: Unit 01: Understanding an Organization's Risk Environment Tagged With:

Reader Interactions

Comments

  1. Celinemary Turner says

    August 28, 2023 at 9:24 pm

    Information security is both a technical and business problem. Technical problems involve a multitude of technical challenges, including protecting computer systems, networks, applications, and data from unauthorized access, breaches, data leaks, and other malicious activities. Technical aspects of information security include implementing encryption, firewalls, intrusion detection systems, access controls, and security patches, among others. A business problem because the consequences of security breaches can have serious financial, legal, reputational, and operational impacts on organizations. Businesses need to manage risks related to data breaches, compliance with regulations, and customer trust. Security incidents can result in loss of customer confidence, legal actions, fines, and damage to an organization’s reputation. In essence, information security is a multidisciplinary concern that requires collaboration between technical experts and business leaders. Successful information security management involves aligning security measures with business goals, understanding potential threats, and making informed decisions to protect an organization’s assets and reputation.

    Log in to Reply
  2. Jon Stillwagon says

    August 29, 2023 at 12:55 pm

    Information security is a business problem because a company could have their technology working perfect without any problems and people would still get access to information. It is up to the employees to try their best to keep their information secure. It is possible that there will be someone that goes to site that they aren’t supposed to or clicks on something that they thought was work related but turns out to be something completely different. The business is the one that’s going to have to fix their problem in the first place. It is more of a business problem because of the results that could come of those problems like the money loss or information leakage.

    Log in to Reply
  3. Nicholas Nirenberg says

    August 29, 2023 at 5:30 pm

    Information security is both a business and technical problem, but can skew more towards business, The technical security of securing information is more obvious, such as having secure workstations and servers, IT usage policies, frequent firewall maintenance, working intrusion detection, etc. Business problems, however, can arise when a technical security solution fails or was not effective at preventing a threat. Business solutions must also be considered prior to any technical solutions are implemented as first the threat needs to be evaluated and its risk considered before a decision can be made on how to handle a potential threat, if it all. Basically, information security must be evaluated through the lens of business before it can be decided if, how, and to what a extent a technical solution can be implemented..

    Log in to Reply
  4. Yannick Rugamba says

    August 29, 2023 at 11:15 pm

    Information security is both a technical and a business issue. While the IT team deals with the technical aspects like setting up firewalls or updating software, the wider business feels the effects if something goes wrong. For example, if a company’s customer data gets leaked, not only does the IT team need to patch the leak, but the company might also face lost sales, lawsuits, and a damaged reputation. This demonstrates why the entire organization, from executives to front-line staff, must prioritize and understand cybersecurity. It’s essential that different departments work together in setting and maintaining security measures that align with the company’s goals. In conclusion, information security isn’t just about the technology—it’s an integral business responsibility that requires a collective approach.

    Log in to Reply
  5. Eyup Aslanbay says

    August 30, 2023 at 12:20 am

    Information security is both a technical and business problem. The entire institution is responsible for the protection of information. Problems with information security indicate a technical problem. However, since these problems can cause financial damage, we should also consider these problems as business problems.

    Log in to Reply
  6. Edge Kroll says

    August 30, 2023 at 2:12 am

    Information security is both as it is usually a technical problem which then creates a business problem if left unchecked. It is. a technical problem in the way that you are testing existing securities, locating any potential weaknesses, and creating a plan to combat them, but it is a business problem if any of these things are not performed and that leads to any data being leaked or stolen. As things like this can be disastrous for any business it is important to make sure any information security issue is solved quickly before it can become a business problem.

    Log in to Reply
  7. Bo Wang says

    September 3, 2023 at 9:47 pm

    I see information security as both a technical and a business problem. The reason for the technical problem is that checking the vulnerabilities of information systems and repairing the vulnerabilities requires knowledge and skills related to computers, electronic information systems, etc. At the same time, as people engaged in ITAX, information security is their business issue, because they have to deal with the business related to it

    Log in to Reply
  8. Michael Obiukwu says

    September 5, 2023 at 3:54 pm

    The question of whether information security is fundamentally a technical problem or a business problem presents itself as a dilemma in today’s technologically pervasive environment. It is a multifaceted issue that does not reside uniquely on one side or another. On the one hand, information security involves safeguarding data from hacking, malware, unauthorized access, and data breaches, which are essentially technical problems. However, on the other hand, it can also bring substantial business consequences, which catapults it into the realm of business problems.

    Perhaps the greatest challenge in answering this question arises from the complex and intertwined nature of information security. Much like two sides of the same coin, the technical and business facets of information security cannot be entirely disjoined.

    Undeniably, there is a significant technical aspect to information security. The ever-growing sophistication of threats requires a deeper understanding of technological nuances involved in securing data. Cyber threats evolve along with technology, and consequently, an inclusive technical defense strategy requires continuous development.

    Techniques such as encryption for data confidentiality, firewalls for network security, two-factor authentication for access control, and intrusion detection systems for tracking malicious activities are all part and parcel of the daunting task at hand. Additionally, software development should incorporate principles of secure coding, and systems need to be continuously monitored and vulnerabilities patched promptly. In this sense, information security indeed appears to be a primarily technical problem, requiring technical expertise and solutions.

    However, drawing boundaries between business and technical issues in this context is a challenging task. If the business operates in a digital environment and utilizes sensitive data, an information security breach would not only disrupt normal business operations but also tarnish the organization’s reputation, leading to lost business and potential legal repercussions. For instance, data breaches may expose sensitive customer data that could be abused, violating their trust, and negatively impacting the company’s image and customer relationships. This endangers the business continuity and illustrates the business-side implications of information security failures.

    Further, the regulatory landscape surrounding data protection has become increasingly stringent, with regulations like the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Protection Act (CCPA) in the United States. Non-compliance with these regulations may lead to steep penalties, further exacerbating the business impact of information security.

    Moreover, it is up to the business to determine its risk appetite and allocate resources for information security accordingly. The decision to invest in a specific technology or respond to a specific threat has operational and strategic implications, thereby turning it into a business issue. Businesses must also ensure that their employees are well-trained in safe practices and are aware of potential threats, highlighting the human and behavioral facet of information security.

    Thus, to consider information security merely as a technical problem is overly reductionistic. Although the technical aspect forms the backbone of information security, the business implications of not maintaining information security could potentially fuel the downfall of an organization.

    Therefore, instead of compartmentalizing information security as singularly a technical problem or a business problem, it is more pragmatic to perceive it as a complex problem that spans across both domains. Information security professionals should ideally possess a combined understanding of both technical security architectures and business operations and strategy. By bridging the technical-business gap, organizations can ensure a robust and comprehensive approach to maintaining information security.

    In conclusion, the dichotomy of information security being a technical problem or a business problem is unproductive. It is a business problem because the consequences of information security breaches heavily impact business operations and bear financial, reputational, and legal implications. Simultaneously, it is a technical problem since the methods to subvert these breaches are largely based on technology. Therefore, the most effective approach is developing tailored information security strategies that incorporate both the technical and business aspects to safeguard data, maintain trust, and ensure business continuity.

    Log in to Reply
  9. Ooreofeoluwa Koyejo says

    September 6, 2023 at 7:48 pm

    Information security as a concept has concerns as both a technical problem and a business problem. The body of knowledge as information is broad and deep with applications and context in both business and technical terms. The objective of information security is the protection and safety of information assets of significant value to the data owners. It also forms a part of risk management which is core to the business, Risk is a management function which requires the identification, and use of controls (technical and non-technical controls) to achieve its objective. The goal of a business is to make profit and provide value, managing organisational risks in a cost-effective manner supports this business goal and information security through controls and policies serve as input towards achieving the goal and objective.

    Log in to Reply
  10. Hashem Alsharif says

    December 3, 2023 at 7:29 pm

    I would say that Information Security is a problem for both business and technical side. This is because to a business, their crucial data could be what determines the profit of their company. For example, if a company were to have a breach, that may not look good for shareholders, and cause them to sell their shares. This in turn, affects the company from a business perspective. As for the technical side, A breach could provide insight into the vulnerabilities of the company and often times, had those vulnerabilities been addressed, this issue wouldn’t have happened. Sometimes, a breach can involve servers shutting down, or data being wiped away from a business. All of these are things that harm the technology of the business. Regardless of which side is being affected, this is all clear evidence of just how important information security is. When the security of your data is prioritized, there may be benefits to the company that pay off in the long run.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Unit 01: Understanding an Organization's Risk Environment (5)
  • Unit 02: Case Study 1 – Snowfall and a stolen laptop (2)
  • Unit 02: Data Classification Process and Models (6)
  • Unit 03: Risk Evaluation (6)
  • Unit 04: Case Study 2 – Autopsy of a Data Breach – The Target Case (4)
  • Unit 05: Creating a Security Aware Organization (6)
  • Unit 06: Physical and Environmental Security (6)
  • Unit 08: Case Study 3 – A Hospital Catches the "Millennium Bug" (3)
  • Unit 09: Business Continuity and Disaster Recovery (6)
  • Unit 10: Network Security (6)
  • Unit 11: Cryptography, Public Key Encryption and Digital Signature (6)
  • Unit 12: Identity Management and Access Control (6)
  • Unit 13: Computer Application Security (6)
  • Welcome (1)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in