Is information security a technical problem, a business problem that the entire organization must frame and solve, or both? Explain the nature of the problem in the context(s) you chose.
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Qian Wang says
Information security is not only a technical issue, but also a business issue for organizations.
In modern society, more than 80 percent of the assets of enterprises are intangible assets, and data is very important for modern enterprises. To protect these assets from infringement is not only a technical issue, but also a business management issue. Because only relying on good technical tools cannot perfectly protect information security, human beings control most of these tools, and human beings are the main carrier of loss control. So, people and processes are equally important to achieving optimal security.
Yusen Luo says
Information security is both a technical problem and a business problem that the entire organization must frame and solve.Technical flaws in software can be exploited by attackers to gain unauthorized access, steal data, or disrupt services. Regular patching and vulnerability management are essential. Protecting the network infrastructure through firewalls, intrusion detection systems, and secure configurations is crucial to prevent unauthorized access and data breaches.As for business strategies ,information security must be integrated into the organization’s overall risk management strategy.We also need to ensure that leadership prioritizes information security and establishes clear policies and governance structures to support security initiatives.It is essential to maintain strong security practices for protecting the organization’s reputation and maintaining trust with customers, partners, and stakeholders.
Ruoyu Zhi says
From my perspective, I think information security is not only a technical problem, but also a business problem that the entire organization must frame and solve.
How to do a good job in information security and use certain technologies to investigate or test information security is a technical issue. However, at the same time, it is also crucial for information security systems to avoid the occurrence of information security issues and develop relevant policies to address information security vulnerabilities. Attackers can use illegal means to enter information security systems, steal and modify information, leading to attacks on information security systems and threats to security levels. So, technology and related policy measures are equally important for information security.
Yihan Wang says
Information security is a technical problem and a business problem that the entire organization must frame and solve. And I choose the Vacca Chapter 1 to explain the nature of the problem.
Firstly,Vacca Chapter 1 says “…People and processes are equally important to achieving optimum security in the modern enterprise.’’ And it also said “Security is not an issue that can be ‘handled’ by the CIO or the Director of IT. We have already seen the modern company is build on a foundation of information assets,and the intelligent management of those assets must be treated as top priority. ”
So in my opinion,only by combine the both of management and technology can we solve the information security problem well.
Secondly,we could see from the Figure 1.1 in the Vacca Chapter 1: Change in Public company assets from tangible to in tangible. We can see that the percentage of intangible assets goes up from 17% to 84%,from 1975 to 2015. The modern company is build on a foundation of information assets.
So I refer that the problem we talking about is caused by the protection of companies intangible assets which takes 84% of the company’s property.
Menghe LI says
Information security is both a technical and a business problem that the entire organization must frame and solve.
Implementation of Security Measures: Involves deploying firewalls, encryption, intrusion detection systems, and other technical controls.
Continuous Monitoring: Requires technical expertise to detect and respond to threats in real-time.
System Updates and Patching: Technical teams must ensure that systems are up-to-date and vulnerabilities are patched.
Dongchang Liu says
Information security is both a technical and a business problem that the whole organization must solve. Technically, it means using firewalls, encryption, and other tools to protect data from malware, phishing, and unauthorized access. These tools need experts to manage and update them regularly because threats are always changing. From a business perspective, information security is crucial for managing risks. Data breaches can cause financial losses, damage reputations, and lead to legal issues.
Yifei Que says
Information security is a business problem that the entire organization must formulate and solve, with an important technical foundation.
From a technical perspective, information security involves the implementation of security controls such as firewalls, encryption, and access management to protect data, systems, and networks from unauthorized access, use, disclosure, interruption, modification, or destruction. Technical measures are crucial for ensuring the confidentiality, integrity, and availability of information assets.
From a business perspective, information security is a strategic issue that requires the participation of the entire organization. This is not just the responsibility of the It department; This is everyone’s responsibility. Information security is also a risk management issue. It involves identifying, assessing, and mitigating risks that may threaten organizational data, systems, and operations. This requires a comprehensive approach that considers both technical and non-technical risks.
In short, information security is not only a technical issue, but also a business issue. It requires a combination of technical measures and business practices to be truly effective. The entire organization must jointly develop and address information security issues, with a focus on technical security and good business practices.
Jianan Wu says
Information security is not only a technical issue, but also a business problem that the entire organization must build and solve. In fact, it is usually a combination of both.
Firstly, information security has obvious technical properties. This involves the design of network architecture, implementation of security protocols, configuration of firewalls and intrusion detection systems, application of encryption technology, and security development and maintenance of software. Technicians need to master the latest security technologies and tools to prevent, detect, and respond to various security threats.
However, information security is not just a technical issue. It is also a business issue that requires the participation and collaboration of the entire organization. Here are some key points that illustrate information security as a business issue:
Strategy and planning: Information security needs to be integrated into the organization’s strategic planning. This includes determining the organization’s security objectives, developing security policies, allocating security budgets, and so on. These are all business level decisions that require the participation and support of senior management.
Compliance: Many organizations need to comply with specific security regulations and industry standards, such as GDPR (General Data Protection Regulations) PCI DSS (Payment Card Industry Data Security Standard), etc. This requires organizations to consider how to meet these compliance requirements from a business perspective, rather than just technical issues.
Risk assessment: Organizations need to regularly assess the security risks they face and develop corresponding response measures. This involves comprehensive consideration of business operations, customer data, assets, etc., rather than just technical risk assessment.
Personnel training: Except for technical personnel, all employees of the organization need to receive a certain degree of safety training. This includes how to identify potential security threats, how to protect sensitive information, and so on. This is also a business level issue, as it requires the participation of the entire organization.
Emergency response: When a safety incident occurs, the organization needs to respond quickly and take appropriate measures to mitigate losses. This includes cooperation with law enforcement agencies, notifying affected clients, and so on. These all need to be planned and coordinated from a business perspective.
In summary, information security is not only a technical issue, but also a business issue. It requires the professional skills and tools of technical personnel to prevent, detect, and respond to various security threats, as well as the participation and collaboration of the entire organization to develop and implement effective security strategies and measures. In practical operation, the work at the technical and business levels is often intertwined and complementary to each other.
Mengfan Guo says
Information security is both a technical problem and a business problem that the entire organization must build and solve, in fact, both. On the technical side, related issues include system protection, data encryption, access control, vulnerability management, intrusion detection and prevention, etc. On the business side, related issues include policies and processes, personnel training, risk management, business continuity, etc. To summarize, information security is not only a defensive measure at the technical level. It also involves many aspects such as organizational culture, business processes, human behavior, and strategic planning. A comprehensive information security strategy requires both technical and business efforts to ensure the overall security of the organization.
Zhichao Lin says
Information security is both a technical problem and a business problem. Information security involves protecting complex IT systems from vulnerabilities that can be exploited by attackers. This requires advanced technical solutions such as firewalls, intrusion detection systems, encryption, and secure coding practices. And it is also a business problem. Because Information security affects the strategic direction of a business. Security breaches can lead to significant financial losses, legal penalties, and damage to reputation.
Fang Dong says
Information security is both a technical issue and a business issue that needs to be built and solved by the entire organization. The two are interrelated and interdependent. Information security involves many technical aspects. For example, network security technology: This technology protects the network from attacks. The most typical example is what we know as firewalls. Data encryption technology: to ensure the security of data during storage and transmission. Access control techniques: Ensure that only authorized users have access to sensitive information. Data backup and recovery technology: To ensure rapid recovery in the event of data loss or corruption.
Information security is also a concern at the organizational level in terms of business issues, and in terms of policies and procedures: an information security policy is to be developed and implemented to ensure that all employees are aware of and follow it. Also carry out staff training: Conduct information security awareness training for employees to improve their ability to identify and prevent risks. At the same time, we should always pay attention to risk management: identifying, assessing and controlling information security risks. At the same time, it also ensures information security compliance and ensures that the organization complies with relevant laws and regulations and industry standards.
The successful implementation of information security requires a close combination of technology and business. Technical measures provide the foundation for information security, while business-level policies and processes ensure that these technical measures are effectively implemented and maintained. Even with the most advanced technical safeguards, if employees lack safety awareness, the effectiveness of these technical measures will be greatly reduced. Similarly, without strong technical support, even the best policies and procedures cannot effectively protect an organization’s information assets.
Xinyue Zhang says
Information security is both a technical issue and a business issue that the entire organization must build and solve. This is because information security is not only about the technical level of protection measures, but also about the internal strategy, process and culture of the organization. Even if the security measures at the technical level are implemented, there will still be security vulnerabilities and risks if the organization lacks the attention and correct management of information security. On the contrary, even if strict security policies and processes are in place, if the security measures at the technical level are not in place, the organization’s information assets cannot be effectively protected. Therefore, information security requires a comprehensive response from both technical and business aspects to better protect an organization’s information assets from threats.
Weifan Qiao says
Information security is both a technical problem and a business problem. To effectively address information security challenges, organizations need to integrate technical expertise with strategic business planning. This involves collaboration between IT professionals, cybersecurity experts, risk managers, legal advisors, executives, and other stakeholders to develop comprehensive security strategies that align with the organization’s risk tolerance and objectives. By adopting a risk-based approach to security management, organizations can prioritize investments in technical controls and business processes that offer the most significant risk reduction while maximizing the value of security investments.
Ao Li says
Information security is both a technical problem and a business problem that the entire organization must address and solve.
From a technical standpoint, information security involves implementing and maintaining secure systems, networks, and applications to protect data from unauthorized access, breaches, and cyber threats. On the other hand, information security is also a business problem that requires a strategic and holistic approach from the entire organization. Business leaders, executives, managers, and employees all have a role to play in shaping and maintaining a strong security posture.
Zijian Tian says
Information security is both a technical problem and a business problem that the entire organization must frame and solve.
To discuss information security, it’s essential to focus on “providing technical and managerial security protection for data processing systems” as mentioned in its definition. This statement underscores the core issue: information security requires technical and managerial support.
Firstly, the IT department serves the entire enterprise with various functions, including information security, infrastructure development, and equipment procurement. This role positions the IT department as a critical module within the enterprise’s management framework, highlighting that technology and management cannot be separated.
Secondly, management needs to adopt the recommendations of IT professionals, such as implementing new ERP systems and firewalls, to protect the company’s security and ensure smooth operations.
Furthermore, the IT department needs a mandate from the management when it comes to authorization and authentication. Management must consult with internal and external IT experts to acquire secure technologies. This is a bidirectional process and cannot be disjointed.
Yucheng Hou says
Information security is not only a technical issue, but also a business challenge that the entire organization must confront and address.
From a technical perspective, information security involves using technological means to protect information and systems from threats. However, information security cannot be solved solely by relying on technological measures.
From a business perspective, information security impacts an organization’s operations, reputation, and financial well-being. An organization that fails to effectively protect its information assets may face significant financial losses, legal risks, and reputational damage.
Therefore, information security requires the concerted effort of the entire organization, from both technical and business perspectives, to develop and implement appropriate strategies and measures to ensure the security of information assets.
Jingyu Jiang says
Information security is not only a technical issue, but also a business problem that the entire organization must develop and address.
The foundation of information security lies in technical protection measures, such as encryption technology, firewall, intrusion detection system, etc. These technologies are effective against external attacks and internal leaks. But information security is not only the responsibility of the technical department, but also a matter that requires the participation of the whole company. Business strategy, organizational structure, and employee behavior all have an important impact on information security. Information security policies and procedures need to be coordinated with the company’s business processes and objectives to ensure that security measures do not interfere with normal business activities.
Tongjia Zhang says
Integrated Approach: Information security requires an integrated approach that combines technical and business perspectives. Technical solutions alone are not enough; they need to be implemented and managed in a way that aligns with the business’s needs and goals.
Collaboration: IT security teams need to collaborate closely with business leaders and stakeholders to understand the business requirements and priorities. Similarly, business leaders need to involve IT security teams in strategic planning and decision-making processes to ensure that security considerations are taken into account.
Balance: Achieving the right balance between security and usability, cost, and business operations is crucial. Overly strict security measures can hinder business operations, while insufficient security can expose the organization to risks.
In summary, information security is a complex problem that requires a combined approach involving both technical and business perspectives. A successful information security program must consider both aspects to protect the organization’s assets and operations effectively.
Luxiao Xue says
Information security is both a technical issue and a business issue that the entire organization must address.
On the technical side, it involves aspects such as secure network architecture, vulnerability management, and preventing hacker attacks. Technical solutions and expertise are essential for implementing and maintaining effective security measures.
However, it is also a business issue. The impact of a security breach can have significant financial, reputational, and operational consequences for an organization. Business leaders need to make strategic decisions about relevant aspects. In essence, information security needs to be coordinated from a technical and business perspective within an organization to be managed and handled effectively.
Chaoyue Li says
I believe that information security is a comprehensive problem involving both technical and business issues, and should be constructed and solved by the whole organization together
Technical aspects: Information security involves a variety of technical measures and tools, such as firewalls, intrusion detection systems, encryption technology, anti-virus software. These technical measures are designed to protect information systems from unauthorized access, tampering and damage.
Business aspects: Information security is not just the responsibility of the IT department, but of the entire organization, as information security incidents can have a significant impact on business operations, financial position, reputation.
Comprehensive aspect: Information security is a comprehensive issue that requires both the support of technical measures and business strategies. Only by combining technology and business can a comprehensive and effective information security system be established.
Yi Zheng says
Information security is both a technical problem and a business problem that the entire organization must build and solve. In modern enterprises, information assets account for 84% of the company's assets, so the protection of these assets against infringement is not only a technical issue, but also a business management issue. Technology and related policies and measures are equally important for information security. Only by combining management with technology can we solve the problem of information security.
Kang Shao says
I think it’s a bit of both. Information security is both a technical issue and a business issue that the entire organization must build and solve.
First of all, technology is the fundamental guarantee of information security. Any policy or measure for the purpose of information security must rely on strong technical means. The phenomenon that the upgrading of information security technology lags behind the means of hacking has been troubling the whole industry, and the information security accidents caused by technical loopholes are endless. Therefore, information security as a technical issue is beyond doubt.
Secondly, with the high development of information technology, all kinds of connections in society and the business of most companies are shrouded in a huge and highly connected information network. At the same time, in today’s society, 80% of the assets of enterprises exist in the form of intangible assets in the information network. Therefore, the information problem is essentially a problem between people, organizations, society must have an efficient information security policy, only in this way, information security technology can play its real role.
Yuqing Yin says
Information security is a dual challenge, encompassing both technical and business aspects that the entire organization must address. On the technical front, it includes system protection, data encryption, access control, vulnerability management, and intrusion detection and prevention. From a business perspective, it involves establishing policies and processes, conducting personnel training, managing risks, and ensuring business continuity. Information security goes beyond technical defenses, incorporating elements of organizational culture, business processes, human behavior, and strategic planning. To ensure comprehensive security, both technical and business efforts are necessary, working together to protect the organization as a whole.
Yimo Wu says
Information security is both a technical problem and a business problem that the entire organization must frame and solve. It requires technical measures to protect data and a strategic business approach to manage risks and ensure compliance.
1. Technical Problem: Information security involves technical measures such as firewalls, encryption, intrusion detection systems, and secure coding practices. These technical solutions are essential to protect data from unauthorized access, breaches, and other cyber threats.
2. Business Problem: Information security impacts the entire organization, including its reputation, legal compliance, and financial health. A security breach can lead to significant financial losses, legal penalties, and damage to the organization’s reputation. Therefore, it requires a strategic approach involving policies, risk management, and employee training.
Ao Zhou says
Information security is a technical issue that needs to be addressed by the entire organization. To explain the nature of the problem, I chose the first chapter of bucky.
In the first chapter, people and processes are equally important to ensure better security for modern enterprises. Moreover, security is not something cio or the head of an it group can handle. We have already seen that modern enterprises are based on information assets. Most important is the sound management of these assets.
I think that the problem of information security can be solved only through a combination of management and technology.
Second, you can see changes in open corporate assets from one type to another in figure 1.1 of chapter 1 of the vacca. From 1975 to 2015, the share of intangible assets increased from 17% to 84%. Modern enterprises are based on information assets.
I would say that the problem is that it is related to the protection of intangible assets, which account for 84% of the company’s assets.
Wenhan Zhao says
Information security is not only a technical problem but also a business problem.
When it is a technical problem, information security involves protecting systems and networks from a variety of threats. Addressing these threats requires technical measures such as firewalls, encryption, etc.
When it is a business problem, information security involves identifying, assessing, and prioritizing risks while considering factors such as the potential impact of security incidents on business continuity. Organizations need to ensure that they can operate effectively in the face of cyber threats.
Yifan Yang says
Information security is both a technical issue and a business issue that the entire organization must address and build. In modern enterprises, the intelligent management of information assets is considered a top priority, so information security issues are caused by the protection of 84 percent of a company’s property. Information security not only has obvious technical attributes, but also requires the participation and collaboration of the entire organization. Technical aspects include network architecture design, security protocol implementation, firewall and intrusion detection system configuration, encryption technology application and software security development and maintenance. Operational aspects include strategic planning, compliance, risk assessment, personnel training and emergency response. Therefore, information security requires the participation and collaboration of technical professionals and the entire organization to develop and implement effective security policies and measures.
Baowei Guo says
Information security is not only a technical problem, but also a business problem that the whole organization must build and solve.
Technical issues :Network threats are constantly developing, and new malicious software, hacker technology and vulnerabilities often appear. To deal with these threats, continuous technological innovation and updated security measures are needed. Information security involves the protection of complex IT systems, which requires technical solutions such as firewalls, intrusion detection systems, encryption and security coding practices.
Business issues : Ensuring that organizations can continue to operate during and after security events is a business issue. This includes disaster recovery planning, maintenance of redundant systems, and ensuring data integrity and availability. Information security is a key component of an organization’s overall risk management strategy. It involves identifying, evaluating and prioritizing risks of organizational information assets and implementing appropriate controls to mitigate these risks.
Yahan Dai says
Information security is both a technical problem and a business problem that the entire organization must frame and solve.
As mentioned in the Chapter 1 of the textbook,”Management Matters as Much as Technology,………,the key message of this chapter is that management matters, not just technology. People and processes are equally important to achieving optimum security in the modern enterprise. And good management requires collaboration among multidisciplinary teams.”
Information security is a technical problem because it involves protecting against specific threats, such as malware or hacking attacks. This requires the use of technical solutions such as firewalls, antivirus software, and intrusion detection systems to detect and prevent unauthorized access to computer systems and networks.
However, information security is also a business problem that the entire organization must frame and solve. This is because information security risks can have serious consequences for an organization’s reputation, finances, and legal compliance. For example, a data breach could result in the loss of sensitive customer information, leading to financial losses and damage to the organization’s reputation. Similarly, failure to comply with legal and regulatory requirements could result in fines and penalties.
To address these broader issues, organizations must consider risk management, governance, and compliance with legal and regulatory requirements. This requires a more holistic approach that involves all parts of the organization working together to identify risks, develop strategies for mitigating them, and implement effective controls to protect against them.
Ziyi Wan says
Information security is both a technical and a business issue that requires a holistic approach across the organization. 1. Technical complexity **: Information security involves a wide range of technical challenges, including protecting networks, systems, applications and data. As technology evolves, so do the methods and tools used by attackers.
2. Software, hardware, and network infrastructure may have vulnerabilities that need to be identified, monitored, and regularly patched to prevent exploitation.
3. The organization must have the technical capability to effectively respond to security incidents, including forensic analysis, containment, eradication, and recovery.
4. The essence of information security is risk management. Organizations must assess potential threats and vulnerabilities to determine their impact on business operations and assets.
5. Security breaches can result in significant financial losses, reputational damage and loss of customer trust. The cost of these violations is a key business consideration. 6. Security incidents can disrupt business operations, resulting in downtime, loss of productivity and potential legal consequences.
In short, information security is not a problem that can be solved by technical solutions alone, nor is it just a business problem. This is a complex challenge that requires an integrated approach that combines technical expertise with strategic business management.