Home

 

Presentations

Security for the Information Worker

Information security is not the goal, but is a necessary prerequisite to the mechanisms and confidence needed to increase productivity. Since the computing era, the need for a security aware culture actually increases – why? The reason is threefold:

  1. The nature of information and particularly virtual information force us to approach protecting that information with at least of modicum of understanding as to where that information may be located, and who requires access to that information.
  2. The evolution of systems. Thirty years ago when systems could be confined to locations and physically managed, it was possible to view security from a system perspective. Today the nature of the systems – from laptops to Personal Digital Assistant’s (PDA’s) and even mobile phones mandates a different approach.
  3. Users are the originators of the information. Even in very formal, hierarchical establishments the nature of the information age means the generation, storage and security of that knowledge is left to the workers themselves. Even if management of the information could be delegated it may not be desirable as the value of the information is best left to the judgment of the knowledge workers — the information owners.

These issues reinforce the fact that information security is and should be a participatory activity. The question is then how much (or actually how little) involvement does an organization need for an effective program? The four fundamental questions that should be asked are:

  1. What are we trying to protect?
  2. Who is the steward of that asset?
  3. Does the steward know his responsibilities regarding information security?
  4. How can technology assist?

The risk assessment process itself is a superior starting point – not only can the information owners provide valuable input in terms of unforeseen threats, they can also assist in prioritizing the information assets to protect. In addition, the participation makes information security more relevant to the knowledge workers, and promotes a greater level of adoption for any policies and technologies that mitigate the risks.

Download the presentation:
Impruve - Information Security Solutions. (PDF format, 510 KB)		   Get Adobe Reader

 
 

© 2008 Impruve all rights reserved.