Information security has two sides to it. On the technological front, it’s a sophisticated realm of defending infrastructures, mitigating vulnerabilities, and neutralizing advanced persistent threats. Conversely, it’s also a business issue, considering the company’s reputation, money, and rules they must follow. So, it’s not just about technology but also about how businesses make decisions around it. At my current company, they have risk, compliance, and controls under the same hierarchy as security. In my opinion, they go hand and hand and are complementary to each other. One could argue (but I’ll refrain in order to stay on topic) that legal should be listed as well.
I agree that information security is both a technical and business problem. From my experience in freelance, it seems businesses are relying more on data as a means of fueling the business. Their ROI is directly affected by their ability to hold onto client data securely simply from their competitors. If a competitor gets their hands on my database, then now my competitor has my client info and, more importantly, the data that was collected as a private agreement between me and my client has now been compromised. And, in my opinion, this is just at a basic level knowing that morale is constantly at question when it comes to the internet. THEN we have to consider the actual malicious actors that are constantly at work in the IoT. The technical requires information security which lends itself to business efforts.
Information Security is a technical problem and a business problem. The IS department needs to properly asses vulnerabilities within the network, software, hardware, access control, have a plan in place. The business needs to reinforce policy procedures and put them into practice, as much organizations receive external cyber attacks, breaches can also come from within an organization deliberately or accidentally.
There is also physical security where the business is involved based on actions and procedures they have in place, such as someone trailing you into a building or a guard not there to see who comes and goes when the building is open.
I couldn’t agree more! There is so much that goes into information security that it can’t just be classified as a business or technical problem. I would go even further than what you said and think about who or what to blame when information security issues occur. People don’t just blame the technology for not being good enough; they also blame (maybe even mostly blame) the CEO and managers for poor business procedures. That’s because the CEO should be knowledgable on cyber attacks and putting the necessary resources into protecting against them. They should be well aware and up-to-date on whatever it takes to protect their information. There’s so much more that goes into protecting information than the technology a business has!
Information security is a technical problem as much as it is a business problem. With advanced technological tools comes a need for trained security personnel and proactive management team. If a company lacks the requisite skilled labor to implement the tools, maximum security of a company’s asset will not be achieved. If a company has all it needs to secure its assets but has no support from the management, it will also be evident in the policies which ultimately will affect the company’s information security.
2. Is information security a technical problem or a business problem? Explain your answer.
What I gleaned from this week’s reading is that it is a two or all sided issue. Management matters just as much as technology. Seeing that everyone is a vulnerability, every employee, student, device etc. affects the business, university etc. No matter how big or small the environment, sector, business etc. is, threats can and will happen. It is a matter of business to invest in security all around. The main issue in information security is how to effectively communicate said security issues to shareholders, which this subject usually starts with IT personnel. You can also look at it as an insurance claim, everyone must pay into it, and it never really matters until an accident happens, then you are wishing you had more coverage to pay a less deductible etc. In summary, I believe Information security is more of a business problem trying to effectively communicate to chain of command to buy in on educating everyone and everything Information Security.
Information Security is a technical problem as well as a business problem. Everyone in an organization, no matter what role, is responsible for securing the data within the organization. People in the IT department need to make sure the network, hardware, and software are secure while other employees also must protect their information. Businesses can only succeed when the consumers know that their data is secured. Within an organization, management must set policies concerning information security that all employees should adhere to. The policies should address the organization’s security posture, target state for security, and the organization’s needs.
It can be both a technical problem and a business problem. One cannot exist without the other one. Having the risk of losing information in a corporation can create a business problem more critical than technical ones. Because information is the most valuable asset of a company.
As explained in the book, in a corporate environment information security could be seen as annoying because we need to do two-factor authentication, use VPNs, and many other filters that can protect the information. These filters are necessary to prevent technical problems and business problems.
I definitely agree with you that information security is both a technical and a business problem. On the security side, it involves implementing security measures and technologies to defend against cyber threats. As for the business side, it involves strategic business decisions to ensure that the organization is able to afford the technological implementations. I believe that teamwork amongst the business and the technical side is essential for keeping the organization safe and secure.
I completely agree with you. To piggyback on what you said, a large business decision that is also a technological decision on information is where to store the information. This is a very key intersection of the technology aspect and business aspect. Do we want to store information on site and manage it ourselves, or do we want to use AWS and keep our information in the cloud (or on their site)? These are the strategic business decisions that companies must make that also intersect with key technological decisions.
Information security is very much both a technical problem as well as a business problem it constantly intersects all facets of a organization, it requires collaboration from both technical experts as well as business experts to truly realize a more secure network by properly assessing risk and value to all assets. While it is more technical in nature these days with cyber threats and the technological infrastructure in the end the biggest flaw will continue to be it’s users which encompasses all staff, users and third parties and their occasionally free flowing access to vital information. It’s important that all staff are continuously trained in keeping a secure system because it’s one of the most important aspects of a company not only for reputation and trust but for business continuity.
Information Security should be considered BOTH a technical and a business problem, the difference is from whose perspective you are evaluating the topic. To an IT auditor or systems security specialist, the primary concern when combatting infosec is first the technical aspect, that is, how should they go about securing information, what risks exist, etc. This however will also extend into a business concern, as many business and financial factors impact these processes, the most obvious being funding but also adapting ones security and infosec evaluations to match the needs of the company. This business-oriented approach will likely also be found in the perspectives of CEOS, CFOs and other higher ups at companies, who, while not concerned directly with the technical specifications of their infosec departments, are primarily viewing these systems as insurance and defense against resource attacks or potentially reputation damaging breaches
I think information security is a bit of both. It poses as a technical problem because a lot of the hard work taken to actually secure a system and have best practice comes from IT and their implementation of services offered to the company. It is a business problem because businesses try to prioritize functionality and security is often ignored or is an afterthought.
Management needs to understand the importance of having a secure system and IT needs to ensure with regular system reports that data is not being accessed in an unintentional manner.
Information Security is both a technological problem and a business problem.
It is a technological problem because Information Security must be able to know how to utilize the tools that they are given. Information security also needs to ensure that the solutions that they are using do not pose a risk to the environment. Furthermore, working with the software’s vendors can pose a challenge as it requires collaboration to ensure that the product is working as designed and if there were any issues, rapid response is essential to safeguard the organization from potential cyber threats.
As for the business side, aside from funding the information security technology, they need to make sure that the proper documentation is acknowledged and signed by the vendor that the organization is working with. A master service agreement (MSA) and a data sharing agreement (DSA) should be agreed upon by both parties to ensure that the potential data that a vendor may have access to will remain secure. In addition, if something were to go wrong with the vendor that the organization is collaborating with, a termination and exit strategy should be present so that the organizations data is not sensitive to risks.
Overall, Information security is a multifaceted challenge that needs to involve technological and business considerations.
It is a both and, meaning they go hand is hand. If there is a problem with the security, then there is going to be a problem with the business. More than ever, it is imperative that IT and the business units share a symbiotic relationship because they both have equal standing in my opinion. In order to run a tight ship, you need to have everything, well, tight. That includes all forms of security, digital and physical. Any type of information security issue most certainly will affect the business. Whether it be financial, reputation, or otherwise.
Information security is both a technical problem and a business problem. We see all the time where if a company is hacked, their CEO is fired, their stock prices plummet, and their reputation is diminished. A company being hacked is a very damaging inconvenience to the company that affects many people throughout the business. Furthermore, the actual information that is released from a hack could be extremely damaging to the company. From trade secrets to inappropriate emails, the information that hackers steal could provide a competitive advantage to other companies, further damage the hacked company’s reputation, and alienate customers and stakeholders. And obviously, to protect against this, a company must have the technical infrastructure and education to avoid it.
The subject matter of information security can be perceived as both a technical and business concern. Technically, it encompasses the protection of data from unauthorized access, involving specific tools and methodologies. However, it is also a crucial business issue, as a breach can lead to detrimental financial losses, reputational damage, and regulatory non-compliance penalties. Therefore, information security should be approached as a multidimensional challenge, demanding the integration of robust technical strategies within a broader business risk management framework.
Information Security is both a business and technical problem as they are interconnected.
Information security experts must work with business leaders to align technical projects with business strategies and risk tolerance appetite. It is essential for the two entities to work together to identify risks. By working together, information security and business leaders can develop, implement and plan effective security measures to mitigate identified risks. In the event of a security incident, having a clear plan in place ensures a swift and coordinated response to contain the incident and restore system functionality promptly.
When Information Security collaboratively works with business leaders, organizations can proactively address security challenges, minimize risks, and respond effectively to security incidents, ultimately strengthening their overall security posture.
Information security has two sides to it. On the technological front, it’s a sophisticated realm of defending infrastructures, mitigating vulnerabilities, and neutralizing advanced persistent threats. Conversely, it’s also a business issue, considering the company’s reputation, money, and rules they must follow. So, it’s not just about technology but also about how businesses make decisions around it. At my current company, they have risk, compliance, and controls under the same hierarchy as security. In my opinion, they go hand and hand and are complementary to each other. One could argue (but I’ll refrain in order to stay on topic) that legal should be listed as well.
I agree that information security is both a technical and business problem. From my experience in freelance, it seems businesses are relying more on data as a means of fueling the business. Their ROI is directly affected by their ability to hold onto client data securely simply from their competitors. If a competitor gets their hands on my database, then now my competitor has my client info and, more importantly, the data that was collected as a private agreement between me and my client has now been compromised. And, in my opinion, this is just at a basic level knowing that morale is constantly at question when it comes to the internet. THEN we have to consider the actual malicious actors that are constantly at work in the IoT. The technical requires information security which lends itself to business efforts.
Information Security is a technical problem and a business problem. The IS department needs to properly asses vulnerabilities within the network, software, hardware, access control, have a plan in place. The business needs to reinforce policy procedures and put them into practice, as much organizations receive external cyber attacks, breaches can also come from within an organization deliberately or accidentally.
There is also physical security where the business is involved based on actions and procedures they have in place, such as someone trailing you into a building or a guard not there to see who comes and goes when the building is open.
I couldn’t agree more! There is so much that goes into information security that it can’t just be classified as a business or technical problem. I would go even further than what you said and think about who or what to blame when information security issues occur. People don’t just blame the technology for not being good enough; they also blame (maybe even mostly blame) the CEO and managers for poor business procedures. That’s because the CEO should be knowledgable on cyber attacks and putting the necessary resources into protecting against them. They should be well aware and up-to-date on whatever it takes to protect their information. There’s so much more that goes into protecting information than the technology a business has!
Information security is a technical problem as much as it is a business problem. With advanced technological tools comes a need for trained security personnel and proactive management team. If a company lacks the requisite skilled labor to implement the tools, maximum security of a company’s asset will not be achieved. If a company has all it needs to secure its assets but has no support from the management, it will also be evident in the policies which ultimately will affect the company’s information security.
2. Is information security a technical problem or a business problem? Explain your answer.
What I gleaned from this week’s reading is that it is a two or all sided issue. Management matters just as much as technology. Seeing that everyone is a vulnerability, every employee, student, device etc. affects the business, university etc. No matter how big or small the environment, sector, business etc. is, threats can and will happen. It is a matter of business to invest in security all around. The main issue in information security is how to effectively communicate said security issues to shareholders, which this subject usually starts with IT personnel. You can also look at it as an insurance claim, everyone must pay into it, and it never really matters until an accident happens, then you are wishing you had more coverage to pay a less deductible etc. In summary, I believe Information security is more of a business problem trying to effectively communicate to chain of command to buy in on educating everyone and everything Information Security.
Information Security is a technical problem as well as a business problem. Everyone in an organization, no matter what role, is responsible for securing the data within the organization. People in the IT department need to make sure the network, hardware, and software are secure while other employees also must protect their information. Businesses can only succeed when the consumers know that their data is secured. Within an organization, management must set policies concerning information security that all employees should adhere to. The policies should address the organization’s security posture, target state for security, and the organization’s needs.
It can be both a technical problem and a business problem. One cannot exist without the other one. Having the risk of losing information in a corporation can create a business problem more critical than technical ones. Because information is the most valuable asset of a company.
As explained in the book, in a corporate environment information security could be seen as annoying because we need to do two-factor authentication, use VPNs, and many other filters that can protect the information. These filters are necessary to prevent technical problems and business problems.
Hey Jennifer,
I definitely agree with you that information security is both a technical and a business problem. On the security side, it involves implementing security measures and technologies to defend against cyber threats. As for the business side, it involves strategic business decisions to ensure that the organization is able to afford the technological implementations. I believe that teamwork amongst the business and the technical side is essential for keeping the organization safe and secure.
I completely agree with you. To piggyback on what you said, a large business decision that is also a technological decision on information is where to store the information. This is a very key intersection of the technology aspect and business aspect. Do we want to store information on site and manage it ourselves, or do we want to use AWS and keep our information in the cloud (or on their site)? These are the strategic business decisions that companies must make that also intersect with key technological decisions.
Information security is very much both a technical problem as well as a business problem it constantly intersects all facets of a organization, it requires collaboration from both technical experts as well as business experts to truly realize a more secure network by properly assessing risk and value to all assets. While it is more technical in nature these days with cyber threats and the technological infrastructure in the end the biggest flaw will continue to be it’s users which encompasses all staff, users and third parties and their occasionally free flowing access to vital information. It’s important that all staff are continuously trained in keeping a secure system because it’s one of the most important aspects of a company not only for reputation and trust but for business continuity.
Information Security should be considered BOTH a technical and a business problem, the difference is from whose perspective you are evaluating the topic. To an IT auditor or systems security specialist, the primary concern when combatting infosec is first the technical aspect, that is, how should they go about securing information, what risks exist, etc. This however will also extend into a business concern, as many business and financial factors impact these processes, the most obvious being funding but also adapting ones security and infosec evaluations to match the needs of the company. This business-oriented approach will likely also be found in the perspectives of CEOS, CFOs and other higher ups at companies, who, while not concerned directly with the technical specifications of their infosec departments, are primarily viewing these systems as insurance and defense against resource attacks or potentially reputation damaging breaches
I think information security is a bit of both. It poses as a technical problem because a lot of the hard work taken to actually secure a system and have best practice comes from IT and their implementation of services offered to the company. It is a business problem because businesses try to prioritize functionality and security is often ignored or is an afterthought.
Management needs to understand the importance of having a secure system and IT needs to ensure with regular system reports that data is not being accessed in an unintentional manner.
Information Security is both a technological problem and a business problem.
It is a technological problem because Information Security must be able to know how to utilize the tools that they are given. Information security also needs to ensure that the solutions that they are using do not pose a risk to the environment. Furthermore, working with the software’s vendors can pose a challenge as it requires collaboration to ensure that the product is working as designed and if there were any issues, rapid response is essential to safeguard the organization from potential cyber threats.
As for the business side, aside from funding the information security technology, they need to make sure that the proper documentation is acknowledged and signed by the vendor that the organization is working with. A master service agreement (MSA) and a data sharing agreement (DSA) should be agreed upon by both parties to ensure that the potential data that a vendor may have access to will remain secure. In addition, if something were to go wrong with the vendor that the organization is collaborating with, a termination and exit strategy should be present so that the organizations data is not sensitive to risks.
Overall, Information security is a multifaceted challenge that needs to involve technological and business considerations.
It is a both and, meaning they go hand is hand. If there is a problem with the security, then there is going to be a problem with the business. More than ever, it is imperative that IT and the business units share a symbiotic relationship because they both have equal standing in my opinion. In order to run a tight ship, you need to have everything, well, tight. That includes all forms of security, digital and physical. Any type of information security issue most certainly will affect the business. Whether it be financial, reputation, or otherwise.
Information security is both a technical problem and a business problem. We see all the time where if a company is hacked, their CEO is fired, their stock prices plummet, and their reputation is diminished. A company being hacked is a very damaging inconvenience to the company that affects many people throughout the business. Furthermore, the actual information that is released from a hack could be extremely damaging to the company. From trade secrets to inappropriate emails, the information that hackers steal could provide a competitive advantage to other companies, further damage the hacked company’s reputation, and alienate customers and stakeholders. And obviously, to protect against this, a company must have the technical infrastructure and education to avoid it.
The subject matter of information security can be perceived as both a technical and business concern. Technically, it encompasses the protection of data from unauthorized access, involving specific tools and methodologies. However, it is also a crucial business issue, as a breach can lead to detrimental financial losses, reputational damage, and regulatory non-compliance penalties. Therefore, information security should be approached as a multidimensional challenge, demanding the integration of robust technical strategies within a broader business risk management framework.
Information Security is both a business and technical problem as they are interconnected.
Information security experts must work with business leaders to align technical projects with business strategies and risk tolerance appetite. It is essential for the two entities to work together to identify risks. By working together, information security and business leaders can develop, implement and plan effective security measures to mitigate identified risks. In the event of a security incident, having a clear plan in place ensures a swift and coordinated response to contain the incident and restore system functionality promptly.
When Information Security collaboratively works with business leaders, organizations can proactively address security challenges, minimize risks, and respond effectively to security incidents, ultimately strengthening their overall security posture.