Information security is a technical problem as external hackers may attempt to breach a company’s database and steal their information or their employee’s information. However, in today’s world information security is more of a business problem. The majority of cyber attacks occur due to employees being careless or engaging in risky behavior, and most commonly, email phishing. If a company is not up to date and prepared for cyberattacks it is more than likely that someone is going to attack their company and their data, employee’s data, or most importantly their customers data.
Information Security is just another Business Process which comes with its own set of problems that often impact business operations and assets. Consequences that affect the entire organizaton are realized when a “technical problem” such as a data breach or a zero-day exploit are successful.
Problems with Information Security aren’t just siloed to IT teams and their leadership, they end up posing risk and impact to all other parts of an organization. If a Denial of Service (DOS) attack partially affects a bank’s load balancer cluster that services a credit/loan application, it may result in service degradation or lower availability. Problems like this would result in failed online credit applications and push consumers to competitors which is a loss of business that affects a bank’s overall profit.
This is why information security should be owned and acknowledged by leadership regardless of their business units. Information Security is often treated as an IT business expense rather than a valuable asset that serves an organization as a whole. When an organization is fully invested in managing Information Assets (the backbone of most modern business) correctly, they allocate higher budgets and training for implementing and maintaining security mechanisms that protect against data loss and cyber attacks.
Information security is both a technical problem and a business problem that the entire organization must address. The technical aspect involves protection of systems and data through firewalls, encryption, access control, etc. There also needs to be technical compliance with standards and regulation such as ISO/IEC 27001, and managing configurations, updating software, and installing patches as necessary to mitigate risk.
From a business management standpoint, a breach in security can lead to financial loss, legal repercussions, and damage the company’s reputation. A company can also face penalties for not complying with security regulations. Humans/employees are also a common factor in data breaches due to negligence of security in favor of productivity so leaders must make security apart of the company’s culture while IT professionals establish and implement concrete steps to secure the organization.
It also takes an understanding between IT professionals and business leaders that there is a cost associated with risk and security. Businesses must decide if the cost of the risk can be ignored or if it would save the company in the long run to implement security protocols to mitigate it. There is also the factor of how to handle an incident when it occurs, there is a technical aspect of detecting, responding, and recovering from risk, while businesses decide how to communicate the risk that has occurred.
Information security is not merely a matter but a significant business issue that demands comprehensive attention across the organization. It entails implementing mechanisms such as firewalls, encryption technologies and continuous monitoring to defend against potential breaches. However, viewing information security through a lens overlooks its broader implications on business operations.
It encompasses managing business risks by ensuring compliance with regulations, safeguarding the organization’s reputation and ensuring operational functionality. As a result, leaders throughout the organization need to view information security as a business concern incorporating it into planning, resource distribution and nurturing a culture of security awareness. This comprehensive approach ensures alignment with business goals and efficient risk management.
I agree with your perspective on the importance of viewing information security as a comprehensive business issue rather than just a technical matter. By focusing on the broader implications, such as regulatory compliance, reputational protection, and operational continuity, organizations can better integrate security into their overall business strategy. This holistic approach not only strengthens defenses against potential breaches but also aligns security efforts with business objectives.
Moreover, cultivating a culture of security awareness is crucial. When leaders prioritize information security across all levels of the organization, it ensures that everyone, from top management to individual employees, understands the role they play in safeguarding the company’s assets. By embedding security into planning and resource allocation, organizations can manage risks more effectively and ensure long-term success.
This week’s reading noted that in the 1970s, data security consisted of guarding the photocopier and monitoring who entered and exited the front door. However, today, intangibles account for more than 80% of the value of listed companies. Therefore, information security is both a technical and a business problem. On the technical side, issues such as unauthorized access and viruses are prevalent. On the business side, incorporating information security into risk management is crucial. A single technical problem, like a data breach, can escalate into a significant business problem, leading to exorbitant legal fees, financial loss, and loss of business due to reputational damage.
I would classify information security as both a technical and business problem. In the modern world, businesses are powered by technology.
In the technical lens, information security involves implementing firewalls, encryption, and access controls to protect data from breaches or cyber threats. Being able to understand how to navigate and build these systems requires IT knowledge or background.
It’s also a business problem because of how poor security of information can directly impact the company’s operations and reputation. The impact data breaches have can be detrimental to its finances or relationship with their customers. This underlies why businesses need to prioritize information security strategically as it ties in with risk management strategies.
Vincenzo Macolino says
Information security is a technical problem as external hackers may attempt to breach a company’s database and steal their information or their employee’s information. However, in today’s world information security is more of a business problem. The majority of cyber attacks occur due to employees being careless or engaging in risky behavior, and most commonly, email phishing. If a company is not up to date and prepared for cyberattacks it is more than likely that someone is going to attack their company and their data, employee’s data, or most importantly their customers data.
Gbolahan Afolabi says
Information Security is just another Business Process which comes with its own set of problems that often impact business operations and assets. Consequences that affect the entire organizaton are realized when a “technical problem” such as a data breach or a zero-day exploit are successful.
Problems with Information Security aren’t just siloed to IT teams and their leadership, they end up posing risk and impact to all other parts of an organization. If a Denial of Service (DOS) attack partially affects a bank’s load balancer cluster that services a credit/loan application, it may result in service degradation or lower availability. Problems like this would result in failed online credit applications and push consumers to competitors which is a loss of business that affects a bank’s overall profit.
This is why information security should be owned and acknowledged by leadership regardless of their business units. Information Security is often treated as an IT business expense rather than a valuable asset that serves an organization as a whole. When an organization is fully invested in managing Information Assets (the backbone of most modern business) correctly, they allocate higher budgets and training for implementing and maintaining security mechanisms that protect against data loss and cyber attacks.
Cyrena Haynes says
Information security is both a technical problem and a business problem that the entire organization must address. The technical aspect involves protection of systems and data through firewalls, encryption, access control, etc. There also needs to be technical compliance with standards and regulation such as ISO/IEC 27001, and managing configurations, updating software, and installing patches as necessary to mitigate risk.
From a business management standpoint, a breach in security can lead to financial loss, legal repercussions, and damage the company’s reputation. A company can also face penalties for not complying with security regulations. Humans/employees are also a common factor in data breaches due to negligence of security in favor of productivity so leaders must make security apart of the company’s culture while IT professionals establish and implement concrete steps to secure the organization.
It also takes an understanding between IT professionals and business leaders that there is a cost associated with risk and security. Businesses must decide if the cost of the risk can be ignored or if it would save the company in the long run to implement security protocols to mitigate it. There is also the factor of how to handle an incident when it occurs, there is a technical aspect of detecting, responding, and recovering from risk, while businesses decide how to communicate the risk that has occurred.
James Nyamokoh says
Information security is not merely a matter but a significant business issue that demands comprehensive attention across the organization. It entails implementing mechanisms such as firewalls, encryption technologies and continuous monitoring to defend against potential breaches. However, viewing information security through a lens overlooks its broader implications on business operations.
It encompasses managing business risks by ensuring compliance with regulations, safeguarding the organization’s reputation and ensuring operational functionality. As a result, leaders throughout the organization need to view information security as a business concern incorporating it into planning, resource distribution and nurturing a culture of security awareness. This comprehensive approach ensures alignment with business goals and efficient risk management.
Cyrena Haynes says
I agree with your perspective on the importance of viewing information security as a comprehensive business issue rather than just a technical matter. By focusing on the broader implications, such as regulatory compliance, reputational protection, and operational continuity, organizations can better integrate security into their overall business strategy. This holistic approach not only strengthens defenses against potential breaches but also aligns security efforts with business objectives.
Moreover, cultivating a culture of security awareness is crucial. When leaders prioritize information security across all levels of the organization, it ensures that everyone, from top management to individual employees, understands the role they play in safeguarding the company’s assets. By embedding security into planning and resource allocation, organizations can manage risks more effectively and ensure long-term success.
Brittany Pomish says
This week’s reading noted that in the 1970s, data security consisted of guarding the photocopier and monitoring who entered and exited the front door. However, today, intangibles account for more than 80% of the value of listed companies. Therefore, information security is both a technical and a business problem. On the technical side, issues such as unauthorized access and viruses are prevalent. On the business side, incorporating information security into risk management is crucial. A single technical problem, like a data breach, can escalate into a significant business problem, leading to exorbitant legal fees, financial loss, and loss of business due to reputational damage.
Neel Patel says
I would classify information security as both a technical and business problem. In the modern world, businesses are powered by technology.
In the technical lens, information security involves implementing firewalls, encryption, and access controls to protect data from breaches or cyber threats. Being able to understand how to navigate and build these systems requires IT knowledge or background.
It’s also a business problem because of how poor security of information can directly impact the company’s operations and reputation. The impact data breaches have can be detrimental to its finances or relationship with their customers. This underlies why businesses need to prioritize information security strategically as it ties in with risk management strategies.