One of our core values at BiZZdesign is sharing knowledge and best practices. We regularly organize and contribute to online and offline seminars, conferences, and round tables. After a recent presentation entitled “Security is not an IT problem”, which illustrated the often lacking connection between policies and measures within organizations, we decided to have a World Cafe. In this blog post, I will present the findings of one of the debates we had, based around the importance of Information Security. Feel free to check out my last post in this series: From Security Architecture to a Secure Architecture.
Continuity is an important goal for many organizations, both in the public and private sectors. Unawareness of risks and inability to prepare and respond to the outcomes of those risks can heavily disrupt this continuity. From the perspective of a business manager, information security is just one aspect to take into account. Usability, speed, performance and price are also important points to consider. All attendees agreed that security architecture is important. This was not surprising, since they make their living from this field of work… however some nuance was given as to how important it is:
Importance (and subsequently the number of FTE’s in this field) depends on the industry you are in. In banking, the potential financial benefit from hacking is high, and trust is at the essence of a bank’s business model! In a shoe repair shop this is not exactly the case.
Risks tend to be underestimated by management. It often takes a large information security incident to really put enterprise risk and security management in the spotlight. But only if you survive this incident. Incidents make the risks come alive!
Physical security (e.g. around airports) is generally accepted and considered to be crucial for safe travelling. With the Internet of Things and the huge potential of big data related to this trend, information security is becoming much more important. If your business depends on this data supply chain, security is a necessity of life! Relate your policy, architecture and concrete measures to this supply chain. Physical information security is applying physical measures to protect information.
Law and regulations push a compliance wave through the financial sector. This boosts information security initiatives, but they really have to deliver. Only filling a checkbox will eventually not justify your position in the organization. The conclusion of the discussion was that information security is a necessity of life in some sectors, but not a guarantee to live a long and prosperous life, given all other risks present around us.
So, Information Security is important… but how do we convince, and involve the rest of the business? Stay tuned for the next blog in this series, which will provide 7 Communication Tips to Involve the Business.