Information security is both a technical problem and a business problem. They both have different roles in information security. IT is responsible for the maintenance of systems and applications, but the business is needed for the management, the data inputs and outputs. The business needs to ensure they are communicating to IT. For example, if there is a business team terminated employee that had some elevated access to transact and access needed to be removed, communication to IT is needed, whether that be manual or automated, the business is the initiator. The process is a joint effort, with both IT and business being responsible.
Information security is both a technical and business problem. It is first a business problem; businesses must understand their information assets and the threats to them. From those asset/threat combinations, they must build risk profiles to identify how information could be compromised and create controls – policies, procedures, and technology – to address those risks. Information security in a modern business must also be addressed with technical controls and solutions. Administrative controls such as polices and procedures cannot keep pace with the amount of data that flows in and out of a modern business. By the time a purely administrative control is discovered to be ineffective, damage is already done. Technical controls alas help to prevent threats from non-malicious insiders – those that accidentally break the rules – as well as malicious outsiders that do not care about administrative controls.
Information Security is both. In short, it’s everyone’s problem. The reading from chapter 1 of “Information Security in the Modern Enterprise” annotates that we’ve gone from 17% intangible assets to 84% over the span of 40 years. Manufacturing companies utilize CRM’s like Salesforce to track leads, maintain customer relations, and store customer orders and data. Healthcare facilities leverage cloud-based storage for readily available medical e-records as required by Health Insurance Portability and Accountability Act (HIPAA). Merchants are held accountable for cardholders’ data via Payment Card Industry Data Security Standard (PCIDSS). Customer data is at the forefront of most every business. It is also one of the most highly regulated pieces of data. Failing to protect customers’ data result in all sorts of ramifications including but not limited to fines, revocation of business licenses, federal and private lawsuit and in specific situations imprisonment. Chapter one puts it extremely well by stating “The information security function is more central to preserving corporate value than ever. In the past, we handled data about the business; increasingly, data is the business.”. Infosec by definition is a technical problem but the scope of responsibility falls to the entirety of the business. If an infosec problem arises, it’s the businesses reputation in jeopardy.
Information Security is both a technical and business problem. It is technical because a company’s security department needs to assess vulnerabilities throughout all aspects of technology including software, network, access, hardware, and more. The security department must also be prepared for potential exploitations of vulnerabilities. It is also a business problem since the security of a company relies on not only the business itself reinforcing strong security policies but also every individual within the company. Businesses need to enforce procedures and policies and ensure that every individual understands and applies these procedures and policies as anyone can unintentionally or intentionally damage a business.
Information security is both a technical and business problem. It’s well understood that cyber criminals utilize technology and their technical skills to hack into vulnerable computer systems, therefore requiring the latest software and hardware improvements to combat any intrusion. However, a large part of information security is the training of end users to comply with security protocols and maintaining that mindset within the organization. That mindset can include keeping unique and complicated passwords, locking computer screens when walking away, and not inserting unknown USB drives into organization computers – all of which help limit the chances of a cyber-attack. Complete security requires technology and the entire business to work hand-in-hand in preventing security breaches, since one without the other is simply not effective enough.
Information security is both a technical problem and a business problem. In as much as information security protects companies’ assets, it is no longer only a technical problem, but a business problem as well. Once an organization experiences a data breach, it will affect the whole enterprise. So, a comprehensive approach from administration controls to operational controls must be implemented while providing proper training like cybersecurity awareness or phishing simulations. Also, employees must adhere to the policies and procedures that are in place, stay alert, and report all potential risks they may encounter.
Information security is technical and business problem because the way I see it is that they are both co-dependent on each other. When business shares and put out information it is vulnerable enough to become a security problem as well. Managing risk has become a big task because we have so much data that could be used against us for someone else’s benefit. In bigger firms it could a issue that it may affect may channels in which businesses can take a big hit.
Information security is both a technical problem and a business problem. Information security personel are typically charged with ensuring systems, applications, software, etc. are appropriately secured througb use of many types of mitigants and building a defesne in depth which includes but is not limited to, multi-factor authentication, physical and logical access controls, firewalls, routers, switches, VPN, use of encryption, anti-virus software, IDS, instituting policies and procedures and training and awareness programs. The business, in conjunction with information security personel is responsible to read, acknowledge and enforce the policies and procedures and to complete training. Examples of policies could include an acceptable use policy, password management and parameters, reporting of security incidents, and training.
In addition, if there is a breach or attack, the business could bear the brunt of the impact which could sales, traffic, customer service, and ultimately could cripple a business due to DOS, malware, etc.
Information Security is both a business and a technical issue, especially as businesses become more digital and have technical controls embedded into software. Gone are the days when companies could pass the headaches of cyber security to the IT department, as it has become more of a business issue too. This is especially important as businesses are more digitized, meaning they are exposed to an increasing number of threats if they do not manage the risk of security properly. While more businesses understand the value of shifting their mindset in cyber security from questioning if their business will experience an attack, to when will they be threatened and how will they respond, they still need to address cyber security as the business risk it is.
I believe that information security is a technical and business-related issue because there are two sides to information security being at risk, the physical side and the software side. Any business worker who may not have had any briefing on how to ensure that their sensitive information does not get leaked or hacked could easily be vulnerable to an internal or external hacker whether it be physical or digital. Someone could easily hold the door open for a stranger they think works at the building and that actor could take sensitive information, or if a worker didn’t have a secure enough password or fell for a phishing email they could easily let a hacker gain access to the system. It works both ways and that is what cyber auditing companies do when they try and infiltrate a system – they work on both the physical and digital plane.
When it comes to corporations or businesses, it is rare that something exists in a vacuum. This is the case when talking about information security, information is a huge part of every University, business, government agency, etc, and keeping it secure and organized is paramount to success. Smaller businesses may be able to get away with improper information security but scaling a business requires a firm system for keeping information secure. No business of any size is impervious to crippling attacks, recently Doordash was a victim of a data breach in which highly confidential customer information was leaked causing this stock value to plummet further.
Information security is both a technical problem and a business problem. Because there is a symbiotic relationship that exist between the business and the Information security function if one is vulnerable, it makes the other susceptible. We cannot separate either of them as the information security needs has to be carved to match business continuity and objectives with a robust incident and disaster recovery programs to match business needs and continuity. In the past these functions were usually separated with current events happening in organizations for Example Anthem’s exposure of PII and PHI that has made it settle millions of Dollars in class action settlements. This event has culminated in a lot of changes in both big and small organization to sensitize personnel from the chain of command to the least on the organizational chart to be aware and be able to identify issues ranging from periodical password changes, MFA, password protecting file before sending and opening e.t.c
Jill Brummer says
Information security is both a technical problem and a business problem. They both have different roles in information security. IT is responsible for the maintenance of systems and applications, but the business is needed for the management, the data inputs and outputs. The business needs to ensure they are communicating to IT. For example, if there is a business team terminated employee that had some elevated access to transact and access needed to be removed, communication to IT is needed, whether that be manual or automated, the business is the initiator. The process is a joint effort, with both IT and business being responsible.
David Vanaman says
Information security is both a technical and business problem. It is first a business problem; businesses must understand their information assets and the threats to them. From those asset/threat combinations, they must build risk profiles to identify how information could be compromised and create controls – policies, procedures, and technology – to address those risks. Information security in a modern business must also be addressed with technical controls and solutions. Administrative controls such as polices and procedures cannot keep pace with the amount of data that flows in and out of a modern business. By the time a purely administrative control is discovered to be ineffective, damage is already done. Technical controls alas help to prevent threats from non-malicious insiders – those that accidentally break the rules – as well as malicious outsiders that do not care about administrative controls.
Nicholas Foster says
Information Security is both. In short, it’s everyone’s problem. The reading from chapter 1 of “Information Security in the Modern Enterprise” annotates that we’ve gone from 17% intangible assets to 84% over the span of 40 years. Manufacturing companies utilize CRM’s like Salesforce to track leads, maintain customer relations, and store customer orders and data. Healthcare facilities leverage cloud-based storage for readily available medical e-records as required by Health Insurance Portability and Accountability Act (HIPAA). Merchants are held accountable for cardholders’ data via Payment Card Industry Data Security Standard (PCIDSS). Customer data is at the forefront of most every business. It is also one of the most highly regulated pieces of data. Failing to protect customers’ data result in all sorts of ramifications including but not limited to fines, revocation of business licenses, federal and private lawsuit and in specific situations imprisonment. Chapter one puts it extremely well by stating “The information security function is more central to preserving corporate value than ever. In the past, we handled data about the business; increasingly, data is the business.”. Infosec by definition is a technical problem but the scope of responsibility falls to the entirety of the business. If an infosec problem arises, it’s the businesses reputation in jeopardy.
Kenneth Saltisky says
Information Security is both a technical and business problem. It is technical because a company’s security department needs to assess vulnerabilities throughout all aspects of technology including software, network, access, hardware, and more. The security department must also be prepared for potential exploitations of vulnerabilities. It is also a business problem since the security of a company relies on not only the business itself reinforcing strong security policies but also every individual within the company. Businesses need to enforce procedures and policies and ensure that every individual understands and applies these procedures and policies as anyone can unintentionally or intentionally damage a business.
Nik Fuchs says
Information security is both a technical and business problem. It’s well understood that cyber criminals utilize technology and their technical skills to hack into vulnerable computer systems, therefore requiring the latest software and hardware improvements to combat any intrusion. However, a large part of information security is the training of end users to comply with security protocols and maintaining that mindset within the organization. That mindset can include keeping unique and complicated passwords, locking computer screens when walking away, and not inserting unknown USB drives into organization computers – all of which help limit the chances of a cyber-attack. Complete security requires technology and the entire business to work hand-in-hand in preventing security breaches, since one without the other is simply not effective enough.
Shepherd Shenjere says
Information security is both a technical problem and a business problem. In as much as information security protects companies’ assets, it is no longer only a technical problem, but a business problem as well. Once an organization experiences a data breach, it will affect the whole enterprise. So, a comprehensive approach from administration controls to operational controls must be implemented while providing proper training like cybersecurity awareness or phishing simulations. Also, employees must adhere to the policies and procedures that are in place, stay alert, and report all potential risks they may encounter.
Parmita Patel says
Information security is technical and business problem because the way I see it is that they are both co-dependent on each other. When business shares and put out information it is vulnerable enough to become a security problem as well. Managing risk has become a big task because we have so much data that could be used against us for someone else’s benefit. In bigger firms it could a issue that it may affect may channels in which businesses can take a big hit.
Christa Giordano says
Information security is both a technical problem and a business problem. Information security personel are typically charged with ensuring systems, applications, software, etc. are appropriately secured througb use of many types of mitigants and building a defesne in depth which includes but is not limited to, multi-factor authentication, physical and logical access controls, firewalls, routers, switches, VPN, use of encryption, anti-virus software, IDS, instituting policies and procedures and training and awareness programs. The business, in conjunction with information security personel is responsible to read, acknowledge and enforce the policies and procedures and to complete training. Examples of policies could include an acceptable use policy, password management and parameters, reporting of security incidents, and training.
In addition, if there is a breach or attack, the business could bear the brunt of the impact which could sales, traffic, customer service, and ultimately could cripple a business due to DOS, malware, etc.
Samuel Omotosho says
Information Security is both a business and a technical issue, especially as businesses become more digital and have technical controls embedded into software. Gone are the days when companies could pass the headaches of cyber security to the IT department, as it has become more of a business issue too. This is especially important as businesses are more digitized, meaning they are exposed to an increasing number of threats if they do not manage the risk of security properly. While more businesses understand the value of shifting their mindset in cyber security from questioning if their business will experience an attack, to when will they be threatened and how will they respond, they still need to address cyber security as the business risk it is.
Matthew Stasiak says
I believe that information security is a technical and business-related issue because there are two sides to information security being at risk, the physical side and the software side. Any business worker who may not have had any briefing on how to ensure that their sensitive information does not get leaked or hacked could easily be vulnerable to an internal or external hacker whether it be physical or digital. Someone could easily hold the door open for a stranger they think works at the building and that actor could take sensitive information, or if a worker didn’t have a secure enough password or fell for a phishing email they could easily let a hacker gain access to the system. It works both ways and that is what cyber auditing companies do when they try and infiltrate a system – they work on both the physical and digital plane.
Maxwell ODonnell says
When it comes to corporations or businesses, it is rare that something exists in a vacuum. This is the case when talking about information security, information is a huge part of every University, business, government agency, etc, and keeping it secure and organized is paramount to success. Smaller businesses may be able to get away with improper information security but scaling a business requires a firm system for keeping information secure. No business of any size is impervious to crippling attacks, recently Doordash was a victim of a data breach in which highly confidential customer information was leaked causing this stock value to plummet further.
Abayomi Aiyedebinu says
Information security is both a technical problem and a business problem. Because there is a symbiotic relationship that exist between the business and the Information security function if one is vulnerable, it makes the other susceptible. We cannot separate either of them as the information security needs has to be carved to match business continuity and objectives with a robust incident and disaster recovery programs to match business needs and continuity. In the past these functions were usually separated with current events happening in organizations for Example Anthem’s exposure of PII and PHI that has made it settle millions of Dollars in class action settlements. This event has culminated in a lot of changes in both big and small organization to sensitize personnel from the chain of command to the least on the organizational chart to be aware and be able to identify issues ranging from periodical password changes, MFA, password protecting file before sending and opening e.t.c