Information security is a technical problem as external hackers may attempt to breach a company’s database and steal their information or their employee’s information. However, in today’s world information security is more of a business problem. The majority of cyber attacks occur due to employees being careless or engaging in risky behavior, and most commonly, email phishing. If a company is not up to date and prepared for cyberattacks it is more than likely that someone is going to attack their company and their data, employee’s data, or most importantly their customers data.
Information Security is just another Business Process which comes with its own set of problems that often impact business operations and assets. Consequences that affect the entire organizaton are realized when a “technical problem” such as a data breach or a zero-day exploit are successful.
Problems with Information Security aren’t just siloed to IT teams and their leadership, they end up posing risk and impact to all other parts of an organization. If a Denial of Service (DOS) attack partially affects a bank’s load balancer cluster that services a credit/loan application, it may result in service degradation or lower availability. Problems like this would result in failed online credit applications and push consumers to competitors which is a loss of business that affects a bank’s overall profit.
This is why information security should be owned and acknowledged by leadership regardless of their business units. Information Security is often treated as an IT business expense rather than a valuable asset that serves an organization as a whole. When an organization is fully invested in managing Information Assets (the backbone of most modern business) correctly, they allocate higher budgets and training for implementing and maintaining security mechanisms that protect against data loss and cyber attacks.
Information security is both a technical problem and a business problem that the entire organization must address. The technical aspect involves protection of systems and data through firewalls, encryption, access control, etc. There also needs to be technical compliance with standards and regulation such as ISO/IEC 27001, and managing configurations, updating software, and installing patches as necessary to mitigate risk.
From a business management standpoint, a breach in security can lead to financial loss, legal repercussions, and damage the company’s reputation. A company can also face penalties for not complying with security regulations. Humans/employees are also a common factor in data breaches due to negligence of security in favor of productivity so leaders must make security apart of the company’s culture while IT professionals establish and implement concrete steps to secure the organization.
It also takes an understanding between IT professionals and business leaders that there is a cost associated with risk and security. Businesses must decide if the cost of the risk can be ignored or if it would save the company in the long run to implement security protocols to mitigate it. There is also the factor of how to handle an incident when it occurs, there is a technical aspect of detecting, responding, and recovering from risk, while businesses decide how to communicate the risk that has occurred.
Information security is not merely a matter but a significant business issue that demands comprehensive attention across the organization. It entails implementing mechanisms such as firewalls, encryption technologies and continuous monitoring to defend against potential breaches. However, viewing information security through a lens overlooks its broader implications on business operations.
It encompasses managing business risks by ensuring compliance with regulations, safeguarding the organization’s reputation and ensuring operational functionality. As a result, leaders throughout the organization need to view information security as a business concern incorporating it into planning, resource distribution and nurturing a culture of security awareness. This comprehensive approach ensures alignment with business goals and efficient risk management.
This week’s reading noted that in the 1970s, data security consisted of guarding the photocopier and monitoring who entered and exited the front door. However, today, intangibles account for more than 80% of the value of listed companies. Therefore, information security is both a technical and a business problem. On the technical side, issues such as unauthorized access and viruses are prevalent. On the business side, incorporating information security into risk management is crucial. A single technical problem, like a data breach, can escalate into a significant business problem, leading to exorbitant legal fees, financial loss, and loss of business due to reputational damage.
I would classify information security as both a technical and business problem. In the modern world, businesses are powered by technology.
In the technical lens, information security involves implementing firewalls, encryption, and access controls to protect data from breaches or cyber threats. Being able to understand how to navigate and build these systems requires IT knowledge or background.
It’s also a business problem because of how poor security of information can directly impact the company’s operations and reputation. The impact data breaches have can be detrimental to its finances or relationship with their customers. This underlies why businesses need to prioritize information security strategically as it ties in with risk management strategies.
Information security is both a technical and business problem that the entire organization must frame and solve.
While information security refers to the physical security, endpoint security and data encryption and network security, it is also important that security risks are being implemented by business leaders and information security in unison. State of the art technology can be bought but business leaders need to ensure that policies are set in place to combat human failure such as consistent training and education about security risks to the business.
Information security is both a technical and business challenge. While tools like firewalls, intrusion detection systems, antivirus programs, and two-factor authentication can help protect a network and its data, no single product or combination of products can secure an organization entirely. Effective security requires a deep understanding of the enterprise, its mission, business strategies, resources, and competitive threats beyond just data integrity. Information security professionals must grasp the broader business context to advocate successfully for management support, as security cannot be isolated but must arise from the collaborative efforts of all managers. This principle applies to all aspects of security, including assessment, planning, policy development, and training. To overcome security challenges, it’s crucial for management to learn IT fundamentals and for IT professionals to understand basic business concepts, ensuring that technical infrastructure is implemented cost-effectively and that IT professionals benefit from career development.
Information security is often viewed as a technical problem, but as we have read, it is a business problem as well. Information security teams mitigate risks as much as possible, but employees are still at the forefront and pose most of the vulnerability risks. As the author states, awareness and ownership has to happen at a broader level than IT and must include senior management. Systems and business processes are often created with process improvement in mind and not so much security. If information security is doing their job to mitigate risks, but the rest of the business is not implementing the required security measures or precautions then the company will still be at risk.
Information security is both a technical and business problem. It is a technical problem for us in that we need to figure out the best way to secure our organization and protect it. Having the ability to anticipate what an adversary might do and then preventing it is a technical issue. However it is also a business problem in that we, as the technicians, have to be able to then communicate the risk to our coworkers and leaders in a way that is clear and understandable. After that the problem still remains a business problem as we will have to negotiate with our business to find a solution that both works to keep the data safe technically and keeps the business running.
A hard drive would be most secure if it was encased in lead and then buried at the bottom of the Mariana trench, but that would not exactly be something that would be usable in every day business operations.
Information security is both a technical and a business problem that the entire organization must address. From a technical standpoint, it involves implementing technical controls such as firewalls, encryption, intrusion detection systems, two-factor authentication, and access controls to protect the network and data from unauthorized access, breaches, and other cyber threats.
From a business perspective, implementing a secure infrastructure can be a strong selling point, reassuring clients that their information is well-protected and safe. Alternatively, a lack of adequate security could result in a data breach, leading to substantial financial losses, loss of clients, costly legal fees and a tarnished reputation. Therefore, information security needs to be seen as an essential component of both technical operations and business strategy.
Information security has become a technical problem and a business problem that the entire organization must frame and solve, data is growing at a high rate, the need for business enterprises to share data to maximize profit is at all time high, protecting information and information systems should be a collaborative efforts among the entire organization, Human management is very important because humans unintended and intended error is the main cause of breach in confidentiality and integrity therefore every department in an enterprise contribute in solving the problem of information security, it could be in the form of security awareness training, implementing security controls, third party vendor management etc..
Vincenzo Macolino says
Information security is a technical problem as external hackers may attempt to breach a company’s database and steal their information or their employee’s information. However, in today’s world information security is more of a business problem. The majority of cyber attacks occur due to employees being careless or engaging in risky behavior, and most commonly, email phishing. If a company is not up to date and prepared for cyberattacks it is more than likely that someone is going to attack their company and their data, employee’s data, or most importantly their customers data.
Gbolahan Afolabi says
Information Security is just another Business Process which comes with its own set of problems that often impact business operations and assets. Consequences that affect the entire organizaton are realized when a “technical problem” such as a data breach or a zero-day exploit are successful.
Problems with Information Security aren’t just siloed to IT teams and their leadership, they end up posing risk and impact to all other parts of an organization. If a Denial of Service (DOS) attack partially affects a bank’s load balancer cluster that services a credit/loan application, it may result in service degradation or lower availability. Problems like this would result in failed online credit applications and push consumers to competitors which is a loss of business that affects a bank’s overall profit.
This is why information security should be owned and acknowledged by leadership regardless of their business units. Information Security is often treated as an IT business expense rather than a valuable asset that serves an organization as a whole. When an organization is fully invested in managing Information Assets (the backbone of most modern business) correctly, they allocate higher budgets and training for implementing and maintaining security mechanisms that protect against data loss and cyber attacks.
Cyrena Haynes says
Information security is both a technical problem and a business problem that the entire organization must address. The technical aspect involves protection of systems and data through firewalls, encryption, access control, etc. There also needs to be technical compliance with standards and regulation such as ISO/IEC 27001, and managing configurations, updating software, and installing patches as necessary to mitigate risk.
From a business management standpoint, a breach in security can lead to financial loss, legal repercussions, and damage the company’s reputation. A company can also face penalties for not complying with security regulations. Humans/employees are also a common factor in data breaches due to negligence of security in favor of productivity so leaders must make security apart of the company’s culture while IT professionals establish and implement concrete steps to secure the organization.
It also takes an understanding between IT professionals and business leaders that there is a cost associated with risk and security. Businesses must decide if the cost of the risk can be ignored or if it would save the company in the long run to implement security protocols to mitigate it. There is also the factor of how to handle an incident when it occurs, there is a technical aspect of detecting, responding, and recovering from risk, while businesses decide how to communicate the risk that has occurred.
James Nyamokoh says
Information security is not merely a matter but a significant business issue that demands comprehensive attention across the organization. It entails implementing mechanisms such as firewalls, encryption technologies and continuous monitoring to defend against potential breaches. However, viewing information security through a lens overlooks its broader implications on business operations.
It encompasses managing business risks by ensuring compliance with regulations, safeguarding the organization’s reputation and ensuring operational functionality. As a result, leaders throughout the organization need to view information security as a business concern incorporating it into planning, resource distribution and nurturing a culture of security awareness. This comprehensive approach ensures alignment with business goals and efficient risk management.
Brittany Pomish says
This week’s reading noted that in the 1970s, data security consisted of guarding the photocopier and monitoring who entered and exited the front door. However, today, intangibles account for more than 80% of the value of listed companies. Therefore, information security is both a technical and a business problem. On the technical side, issues such as unauthorized access and viruses are prevalent. On the business side, incorporating information security into risk management is crucial. A single technical problem, like a data breach, can escalate into a significant business problem, leading to exorbitant legal fees, financial loss, and loss of business due to reputational damage.
Neel Patel says
I would classify information security as both a technical and business problem. In the modern world, businesses are powered by technology.
In the technical lens, information security involves implementing firewalls, encryption, and access controls to protect data from breaches or cyber threats. Being able to understand how to navigate and build these systems requires IT knowledge or background.
It’s also a business problem because of how poor security of information can directly impact the company’s operations and reputation. The impact data breaches have can be detrimental to its finances or relationship with their customers. This underlies why businesses need to prioritize information security strategically as it ties in with risk management strategies.
Ericberto Mariscal says
Information security is both a technical and business problem that the entire organization must frame and solve.
While information security refers to the physical security, endpoint security and data encryption and network security, it is also important that security risks are being implemented by business leaders and information security in unison. State of the art technology can be bought but business leaders need to ensure that policies are set in place to combat human failure such as consistent training and education about security risks to the business.
Andrea Baum says
Information security is both a technical and business challenge. While tools like firewalls, intrusion detection systems, antivirus programs, and two-factor authentication can help protect a network and its data, no single product or combination of products can secure an organization entirely. Effective security requires a deep understanding of the enterprise, its mission, business strategies, resources, and competitive threats beyond just data integrity. Information security professionals must grasp the broader business context to advocate successfully for management support, as security cannot be isolated but must arise from the collaborative efforts of all managers. This principle applies to all aspects of security, including assessment, planning, policy development, and training. To overcome security challenges, it’s crucial for management to learn IT fundamentals and for IT professionals to understand basic business concepts, ensuring that technical infrastructure is implemented cost-effectively and that IT professionals benefit from career development.
Dawn Foreman says
Information security is often viewed as a technical problem, but as we have read, it is a business problem as well. Information security teams mitigate risks as much as possible, but employees are still at the forefront and pose most of the vulnerability risks. As the author states, awareness and ownership has to happen at a broader level than IT and must include senior management. Systems and business processes are often created with process improvement in mind and not so much security. If information security is doing their job to mitigate risks, but the rest of the business is not implementing the required security measures or precautions then the company will still be at risk.
Benjamin Rooks says
Information security is both a technical and business problem. It is a technical problem for us in that we need to figure out the best way to secure our organization and protect it. Having the ability to anticipate what an adversary might do and then preventing it is a technical issue. However it is also a business problem in that we, as the technicians, have to be able to then communicate the risk to our coworkers and leaders in a way that is clear and understandable. After that the problem still remains a business problem as we will have to negotiate with our business to find a solution that both works to keep the data safe technically and keeps the business running.
A hard drive would be most secure if it was encased in lead and then buried at the bottom of the Mariana trench, but that would not exactly be something that would be usable in every day business operations.
Aisha Ings says
Information security is both a technical and a business problem that the entire organization must address. From a technical standpoint, it involves implementing technical controls such as firewalls, encryption, intrusion detection systems, two-factor authentication, and access controls to protect the network and data from unauthorized access, breaches, and other cyber threats.
From a business perspective, implementing a secure infrastructure can be a strong selling point, reassuring clients that their information is well-protected and safe. Alternatively, a lack of adequate security could result in a data breach, leading to substantial financial losses, loss of clients, costly legal fees and a tarnished reputation. Therefore, information security needs to be seen as an essential component of both technical operations and business strategy.
Nelson Ezeatuegwu says
Information security has become a technical problem and a business problem that the entire organization must frame and solve, data is growing at a high rate, the need for business enterprises to share data to maximize profit is at all time high, protecting information and information systems should be a collaborative efforts among the entire organization, Human management is very important because humans unintended and intended error is the main cause of breach in confidentiality and integrity therefore every department in an enterprise contribute in solving the problem of information security, it could be in the form of security awareness training, implementing security controls, third party vendor management etc..